YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

胡荣磊,李然,李兆斌,方勇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.12.050

2010-01-01

Abstract:According to the defects of the proof of platform integrity in Ad hoc networks,a new authentication scheme is proposed based on trusted computing technology.Nodes authenticate each other through direct anonymous attestation protocol.The contents of platform configuration register and the stored measurement log are used to confirm the current status and integrity of platform which ensures the trust of the platform,and eliminates the security risk brought by damage of platform integrity.This scheme satisfies the dynamic topology and self-organization of Ad hoc networks.

Rui Chen,Dezhong Peng

DOI: https://doi.org/10.1007/s11277-017-4629-x

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:In wireless communication system, a good protocol should satisfy many requirements: user identity authentication, privacy protection, computational efficiency and resist some known attacks. Thus design a highly secure anonymous authentication protocols for wireless networks is a challenging task. Over recent years, many researchers have proposed their own solutions to address this issue. In 2014, Niu et al. analyzed Yoon et al.’s authentication scheme, then put forward a smart card based authentication scheme with anonymity for wireless networks. They claimed their scheme achieves many security requirements and resists some known threats. Nevertheless, after detailed analysis, we prove that the scheme of Niu et al. is prone to some malicious attacks such as replay attacks and DoS attacks. Moreover, the scheme does not work when large amount of mobile users access a foreign agent simultaneously. To overcome these drawbacks, we present a new secure authentication scheme with user anonymity by improving Niu et al.’s scheme. The proposed protocol not only satisfies many security properties, such as strong anonymity, mutual authentication and periodically update session key, but also resists well-known threats. Furthermore, the security and performance analyses indicates that the new scheme is well suitable for wireless communications when it is compared with previous protocols.

Jun-jun Wu,Ming-wei Fang,Xinfang Zhang,Tongyang Wang

DOI: https://doi.org/10.4304/jnw.7.9.1341-1348

2012-01-01

Journal of Networks

Abstract:Technologies make the mobile terminals such as smart phones, PDAs and handsets much more powerful to access mobile network in recent years. Especially with the widely use of mobile terminals, mobile network now becomes a primary tool for daily and business interactions. However, the proliferation of mobile terminals also draws mobile malware’s attention which will do damage to the mobile terminal and further affect the security of mobile network. But the traditional access control and authentication mechanism cannot resolve such security issues. On the basis of trusted computing technology, we proposed a mobile trusted network architecture by extending the trusted network connection in mobile environment. And an improvement EAP-EHash method is used in the proposed architecture to implement authentication. We defined two service scenarios in the authentication scheme, home network authentication and roaming network authentication. The process of each scenario is described in detail. By introducing the pseudonym mechanism, our scheme can protect user identity. And the connection status not only depends on the identification process, but also the trust status of the platform. The analysis shows that our scheme benefits the properties of user identity anonymity, mutual authentication, fake agent resistance, platform integrity verification, EAP and TNC Compatible. And the ciphersuite negotiation makes our scheme more suitable for resource limited mobile terminals.

Weichao Xie,Jian Wang

DOI: https://doi.org/10.1109/sns-pcs.2013.6553830

2013-01-01

Abstract:Wireless Ad Hoc network is vulnerable to attacks due to its open and decentralized properties. This paper proposes a trusted connection based scheme for Ad Hoc network to prevent attacks. A trusted architecture is introduced into the node platform, which consists of two phases, platform identity verification and platform integrity measurement. For a communication requirement of two nodes, the terminal platform identity is firstly authenticated via Direct Anonymous Attestation, and the platform integrity measurement is performed for the nodes passing authentication. The communication is established if the nodes in both sides pass the authentication and measurement. We conduct simulation experiments to analyze the performance of the proposed scheme and verify its security in the attack scenario. The simulation results show that the proposed scheme can prevent the malicious nodes from accessing the network and resist the attacks from network.

Gaoxiang Chen,Huifang Chen,Lei Xie,Gelian Song

DOI: https://doi.org/10.1109/icct.2010.5688868

2010-01-01

Abstract:Since peers can exchange information with each other directly, the identity authentication plays an important role towards the security issue of a peer-to-peer (P2P) network. Moreover, due to the inherent characteristics of wireless networks, the existing identity authentication schemes proposed for the traditional P2P networks are not suited for wireless P2P. Hence, we propose an identity authentication scheme for the wireless P2P network in this paper. In the proposed scheme, we apply a hybrid P2P topology and tickets issued by super peers to perform the user mutual authentication. And we also present a quick re-authentication method dealing with temporary broken down link to simplify the authentication procedure and improve the efficiency. Security analysis results show that our proposed scheme can resist most malicious attacks effectively.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Jian-Yong Pi,Xin-Song Liu,Ai Wu,Qing-Yun Fu

2006-01-01

Abstract:In this paper, we propose a novel identity authentication and key agreement scheme for ad hoc network security. In this scheme, we present a new digital signature algorithm for identity authentication, the identity authentication is validated by zero-knowledge proof. Because of the fully distributed characteristics of ad hoc network, our security scheme has no central administration. The security analysis for our scheme indicated that the scheme can withstand the man-in-middle attack and message replay attack. The security of the scheme is guaranteed by the intractability of computing discrete logarithm.

Shi-wei HUO,Wen-jing YANG,Jing-zhi LI,Jin-shan SHEN

2018-01-01

Computer Science

Abstract:The available identity-based authentication and key agreement schemes in Ad hoc networks are based on bi-linear pairing with high computation cost,and the schemes also have the problem of key escrow.Considering the prob-lem,a new identity-based authentication and key agreement scheme was proposed.Identity authentication was realized using identity-based signature without bilinear pairing.The session key was established using diffie-hellman key ex-change technology.It is shown that the proposed scheme avoids the problem of key escrow,and has higher efficiency.

Jie Song,Xiangyu Pan,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_8

2024-01-01

Abstract:With the rapid development of network technology, the number of mobile devices is increasing at a phenomenal speed. However, many wireless communications are established on public wireless networks, which makes it a challenge to ensure the message confidentiality and user privacy. Besides, mobile devices usually have limited resources. It is necessary to design a secure and efficient cryptographic scheme for wireless communication. In this paper, we propose an identity-based mutual authentication scheme for resource-constrained mobile devices. With the help of random oracle model, we show that the scheme is provably secure under extended Canetti-Krawczyk (eCK) security model. Finally, through comparative experiments with six related works, we demonstrate that the proposed scheme is the most suitable for resource-constrained mobile devices in wireless communications.

Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Vanga Odelu,Muhammad Khurram Khan

DOI: https://doi.org/10.3837/tiis.2016.09.026

2016-01-01

KSII Transactions on Internet and Information Systems

Abstract:Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

Chen Yulei,Chen Jianhua

DOI: https://doi.org/10.1007/s11042-020-10259-z

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:The rapid development of wireless sensor networks (WSNs) has brought great convenience to people's lives, as well as huge security challenges. Recently, Kaur et al. proposed an improved user authentication protocol for WSNs. However, we find that their protocol cannot provide user untraceability and perfect forward security, and it fails to resist the privileged insider attack because it only uses lightweight cryptographic primitive to ensure the security of the scheme. To overcome the weaknesses in Kaur et al.'s protocol, we propose a secure anonymous authentication with key agreement protocol for WSNs. It uses self-certified public key cryptography to guarantee confidentiality, security and availability in public channels. Additionally, through formal and informal security proofs, we demonstrate that the proposed scheme can achieve the expected security properties. By comparing with other related protocols on execution time and communication cost, we find that our protocol is more secure and efficient.

Shiwei Huo,Yubo Tang,Shaojun Liu,Shiwei Huo,Xuan He

DOI: https://doi.org/10.1145/3434581.3434667

2020-01-01

Abstract:The existing authentication and key agreement schemes based on public key cryptosystem in wireless sensor networks are based on bilinear pairings, which have high computational cost and can not meet the requirements of anonymity. To solve this problem, a new authentication and key agreement scheme for wireless sensor networks is proposed. The authentication information between nodes is constructed using elliptic curve signature algorithm to achieve identity authentication, and the session key is established by diffie-hellman key agreement technology. Meanwhile, the scheme randomizes the private key and public key of nodes in every authentication process to realize the anonymity and untraceability of the sessions. The scheme avoids the complex bilinear pairing operation, and has a small computational cost on the premise of meeting the security requirements.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li

DOI: https://doi.org/10.1007/s12083-015-0404-5

IF: 3.488

2015-01-01

Peer-to-Peer Networking and Applications

Abstract:Wireless sensor network(WSN) contains many specially distributed sensors which collect information for people to analyze appointed objects in real-time. WSN is deployed widely in many fields, such as fire detection and remote health care monitoring. User authentication is an important part for the communication of WSN. In 2014, Jiang et al. and Choi et al. proposed their authentication schemes for WSN, respectively. However, we find some weaknesses in them. Jiang et al.'s scheme cannot resist the De-Synchronization attack, the off-line guessing attack and the user forgery attack. Besides, it does not keep the character of strong forward security. Choi et al.'s scheme is under the off-line password guessing attack and the user impersonation attack without user anonymity. We present an improved authentication scheme and prove it to be secure with the formal security model. Also, we analyze the concrete secure characters and the performance of our scheme. Through comparison with some recent schemes, our scheme is more practical and fit for applications.

Jian-bin Hu,Hu Xiong,Zhong Chen

2012-01-01

Abstract:Seamless roaming is highly desirable for wireless communications, and security such as authentication and privacy preserving of mobile users is challenging. Recently, Wu et al. and Wei et al. proposed two authentication schemes that guarantee user anonymity in wireless communications, respectively. However, Kang et al. pointed out some security flaws of Wu et al.’s and Wei et al.’s authentication schemes and showed how to overcome the problems regarding anonymity and the forged login messages. In this paper, we will show that Kang et al.’s improved scheme still did not provide user anonymity as they claimed and give a further improvement to fix the problem without losing any features of the original scheme.

CAO Xue-fei,ZENG Xing-wen,KOU Wei-dong,YU Yong

DOI: https://doi.org/10.3969/j.issn.1001-2400.2007.06.006

2007-01-01

Journal of Xidian University

Abstract:Firstly,an ID-based signature scheme is proposed based on pairings.The bilinearity and non-degeneration of pairings are explored to make the verification result of the signature vary only with the identity of the signer.Then an anonymous authentication scheme is proposed based on the signature scheme.During the authentication,a user chooses a pseudonym by him/herself;then server computes the user's account index from the pseudonym in order to identify and authenticate the user.With our scheme,users are able to travel incognito and to change their passwords at will.Furthermore,there is no need for server to maintain a table of users' passwords or pseudonyms.To the best of our knowledge,the proposed scheme realizes for the first time both user anonymity and authentication security requirements over the insecure channel.

HE Yuan,XU Li,HUANG Xin-yi

DOI: https://doi.org/10.3969/j.issn.1000-5277.2013.02.005

2013-01-01

Abstract:It presents an anonymous authentication scheme based on blind signature and a scheme based on partially blind signature,in order to improve user anonymity,protect user's identity privacy and pseudonym based location privacy from Wireless mesh networks(WMNs) infrastructure respectively.Users can select an anonymous set determined by the service provider and the times to authenticate anonymously according to their needs.