Xiaoliang Wang,Xinhui She,Liang Bai,Yang Qing,Frank Jiang

DOI: https://doi.org/10.32604/cmc.2021.012454

2021-01-01

Abstract:The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of realtime interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.

Guanjie Cheng,Yan Chen,Shuiguang Deng,Honghao Gao,Jianwei Yin

DOI: https://doi.org/10.1109/tcss.2021.3056540

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the ever-increasing requirements of delay-sensitive and mission-critical applications, it becomes a popular research trend to incorporate edge computing in the Internet of Things (IoT) to mitigate the pressure of traditional cloud-based IoT architecture. Edge computing delivers real-time computations and communications for IoT devices by leveraging edge servers deployed close to users, which creates a collaborative edge computing (CEC) paradigm. The capacity of edge servers is beneficial but risky, as vulnerable servers can be exploited to conduct surveillance or perform other nefarious activities. Besides, fake IoT devices would bring security threats and compromise the IoT system. This highlights the necessity of designing a secure and efficient mutual authentication scheme for CEC. In this direction, related works have proposed various authentication mechanisms, but most of them are found unfit due to the absence of decentralization, anonymity, and mobility. Motivated by this fact, we propose a blockchain-based mutual authentication scheme that bridges these gaps. Specifically, blockchain, certificateless cryptography, elliptic curve cryptography, and pseudonym-based cryptography are integrated into our scheme to provide mutual authentication between edge servers and IoT devices. Except for static conditions, both intraedge and interedge authentication are considered. Besides, we elaborate on the key generation procedures and design a session key negotiation mechanism. Extensive experiments and security analyses have been conducted to show the feasibility of the proposed scheme.

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yi Chen,Ai-dong Xu,Hong Wen,Yi-xin Jiang,Teng-yue Zhang

DOI: https://doi.org/10.12783/dteees/icepe2019/28912

2019-01-01

Abstract:Because of heavy cost, using of the traditional Public Key Infrastructure (PKI) authentication schemes is limited for the energy-constrained intelligent devices such as the power edge computing system, in which lightweight secure authentication schemes are urgent needed. In this paper, we propose a lightweight mutual authentication scheme supported by the edge computing, which is a novel cross-layer secure authentication program with asymmetric resources. The novel scheme combines lightweight symmetric cipher and physical-layer Channel State Information (CSI) to provide two-way authentication between terminals and edge devices. Experimental results show that the proposed scheme can significantly reduce the access authentication latency compared with the traditional PKI authentication scheme.

Wenli Shang,Xudong Wen,Zhuo Chen,Wenze Xiong,Zhiwei Chang,Zhong Cao

DOI: https://doi.org/10.1631/fitee.2400497

IF: 2.526

2024-11-06

Frontiers of Information Technology & Electronic Engineering

Abstract:In edge control systems (ECSs), edge computing demands more local data processing power, while traditional industrial programmable logic controllers (PLCs) cannot meet this demand. Thus, edge intelligent controllers (EICs) have been developed, making their secure and reliable operation crucial. However, as EICs communicate sensitive information with resource-limited terminal devices (TDs), a low-cost, efficient authentication solution is urgently needed since it is challenging to implement traditional asymmetric cryptography on TDs. In this paper, we design a lightweight authentication scheme for ECSs using low-computational-cost hash functions and exclusive OR (XOR) operations; this scheme can achieve bidirectional anonymous authentication and key agreement between the EIC and TDs to protect the privacy of the devices. Through security analysis, we demonstrate that the authentication scheme can provide the necessary security features and resist major known attacks. Performance analysis and comparisons indicate that the proposed authentication scheme is effective and feasible for deployment in ECSs.

engineering, electrical & electronic,computer science, information systems, software engineering

Haipeng Sun,Yu'an Tan,Congwu Li,Lei,Qikun Zhang,Jingjing Hu

DOI: https://doi.org/10.1049/cje.2021.00.269

IF: 1.019

2022-01-01

Chinese Journal of Electronics

Abstract:Edge-cloud collaborative application scenario is more complex, it involves collaborative operations among different security domains, frequently accessing and exiting application system of mobile terminals. A cross-domain identity authentication protocol based on privacy protection is proposed. The main advantages of the protocol are as follows. 1) Self-certified key generation algorithm: the public/private key pair of the mobile terminal is generated by the terminal members themselves. It avoids security risks caused by third-party key distribution and key escrow; 2) Cross-domain identity authentication: the alliance keys are calculated among edge servers through blockchain technology. Cross-domain identity authentication is realized through the signature authentication of the alliance domain. The cross-domain authentication process is simple and efficient; 3) Revocability of identity authentication: When the mobile terminal has logged off or exited the system, the legal identity of the terminal in the system will also become invalid immediately, so as to ensure the forward and backward security of accessing system resources. Under the hardness assumption of discrete logarithm problem and computational Diffie-Hellman problem, the security of the protocol is proven, and the efficiency of the protocol is verified.

Kexian Liu,Jianfeng Guan,Xiaolong Hu,Jing Zhang,Jianli Liu,Hongke Zhang

2024-11-14

Abstract:To meet the diverse needs of users, the rapid advancement of cloud-edge-device collaboration has become a standard practice. However, this complex environment, particularly in untrusted (non-collaborative) scenarios, presents numerous security challenges. Authentication acts as the first line of defense and is fundamental to addressing these issues. Although many authentication and key agreement schemes exist, they often face limitations, such as being tailored to overly specific scenarios where devices authenticate solely with either the edge or the cloud, or being unsuitable for resource-constrained devices. To address these challenges, we propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments. This scheme is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements. Additionally, it employs an edge-assisted authentication approach to reduce the load on third-party trust authorities. Furthermore, we introduce a hash-based algorithm for the authentication protocol, ensuring a lightweight method suitable for a wide range of resource-constrained devices while maintaining security. AEAKA ensures that entities use associated authentication credentials, enhancing the privacy of the authentication process. Security proofs and performance analyses demonstrate that AEAKA outperforms other methods in terms of security and authentication efficiency.

Cryptography and Security

Liu,Chai,Hui,Wu

DOI: https://doi.org/10.3390/electronics12010219

IF: 2.9

2023-01-02

Electronics

Abstract:Authentication is an important requirement for the security of edge computing applications. The existing authentication schemes either frequently rely on third-party trusted authorities, leading to the security risk of user information disclosure, or have high authentication overhead, causing certain pressure on the computation and communication of lightweight terminal equipment in the edge environment. In this paper, we proposed a blockchain-based anonymous authentication scheme for edge computing environments. We first designed a blockchain-based authentication architecture to store a small number of authentication elements in the blockchain network, and provide a decentralized and trusted authentication environment to ensure device anonymity and improve the security of authentication processes. Then, an elliptic cryptographic curve-based authentication scheme is proposed. It uses the chameleon hash function to dynamically generate the authentication data according to the elements stored in the blockchain and negotiate the session key, which effectively reduces the computational overhead in the authentication process. The experimental results show that the proposed scheme achieves a secure authentication process and effectively reduces the authentication overhead by up to 43.16% compared to three state-of-the-art schemes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shaoyong Guo,Xing Hu,Song Guo,Xuesong Qiu,Feng Qi

DOI: https://doi.org/10.1109/tii.2019.2938001

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the great prevalence of various Internet of Things (IoT) terminals, how to solve the problem of isolated information among different IoT platforms attracts attention from both academia and industry. It is necessary to establish a trusted access system to achieve secure authentication and collaborative sharing. Therefore, this article proposes a distributed and trusted authentication system based on blockchain and edge computing, aiming to improve authentication efficiency. This system consists of physical network layer, blockchain edge layer and blockchain network layer. Through the blockchain network, an optimized practical Byzantine fault tolerance consensus algorithm is designed to construct a consortium blockchain for storing authentication data and logs. It guarantees trusted authentication and achieves activity traceability of terminals. Furthermore, edge computing is applied in blockchain edge nodes, to provide name resolution and edge authentication service based on smart contracts. Meanwhile, an asymmetric cryptography is designed, to prevent connection between nodes and terminals from being attacked. And a caching strategy based on edge computing is proposed to improve hit ratio. Our proposed authentication mechanism is evaluated with respect to communication and computation costs. Simulation results show that the caching strategy outperforms existing edge computing strategies by 6%-12% in terms of average delay, and 8%-14% in hit ratio.

Yifeng Yin,Ruilin An,Yanhua Zhang,Yong Gan

DOI: https://doi.org/10.1109/icsp62122.2024.10743919

2024-01-01

Abstract:It is critical to ensure secure communication and data integrity between devices in the cross-domain collaboration scenario of industrial internet of things (IIoT). Traditional cross-domain authentication is centralized and monolithic, which is easy to attacked. Edge computing and blockchain technologies have emerged as a promising solution to address these challenges. Therefore, this paper focuses on exploring the effectiveness of blockchain and edge computing to solve this problem. Firstly, we summarized the related background knowledge and key technologies of cross-domain authentication of IIoT devices. Then, aiming at the cross-domain authentication requirements of IIoT devices, a cross-domain authentication method based on blockchain and edge computing is proposed to realize secure communication between IIoT devices. In addition, for the proposed scheme, the analysis proves that the scheme has better performance and security.

Xutong Jiang,Guoming Zhang,Hao Tian,Haolong Xiang,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1109/icpads60453.2023.00345

2023-01-01

Abstract:Edge computing has emerged as a transformative paradigm with applications ranging from IoT to smart homes and transportation systems. However, its decentralized nature presents significant challenges in securing sensitive data, particularly in scenarios involving data sharing. To address these issues, this paper introduces a secure data access control system for edge computing by leveraging blockchain to foster mutual trust among edge servers and employing attribute-based encryption for secure data sharing. Our proposed solution seeks to enhance data security in distributed environments. We validate our method through practical experiments conducted on multiple edge servers, confirming its effectiveness in safeguarding data integrity and privacy.

YANG Jinxiang,PENG Yonggang,CAI Tiantian,XI Wei,DENG Qingtang

DOI: https://doi.org/10.11930/j.issn.1004-9649.202204082

2023-01-01

Abstract:Edge computing effectively relieves the computing pressure of cloud platform and reduces the consumption of network transmission bandwidth, but it brings new security problems as well, the traditional authentication mechanism no longer applies to“cloud-edge-end” network architecture. We proposed a lightweight two-way authentication protocol based on cloud-edge collaboration. In view of the limited resources of massive power terminal, the protocol is only based on a Hash and XOR operation to achieve certification, so it reduces the pressure of terminal calculation and transmission bandwidth. Its security was successfully verified by AVISPA tool together with informal analysis. The analysis and simulation results show that the protocol can resist replay attack, impersonation attack and so on. In addition, the comparison with similar protocols shows that the protocol has less computation and communication overhead.

Premkumar, N.,Kumar, B. Santhosh

DOI: https://doi.org/10.1007/s11277-024-11596-0

IF: 2.017

2024-11-06

Wireless Personal Communications

Abstract:Recently, Fog computing become a hot research area with the fast development of Internet of Things (IoT) which cannot be handled efficiently by the traditional cloud computing. The essence of Fog computing is to place some datacenters at the edge of the network called as Edge DataCenters (EDCs) or fog nodes with limited storage and processing capabilities, which is closer to the location of data sources, and located between cloud datacenter and the data source. This EDCs serve as a storage and processing point in the network and act as a middle layer between cloud datacenter and IoT in the fog hierarchy. Since most of the EDCs are positioned in isolated environments, the need for secure authentication is of major importance. Thus, ensuring that only legitimate EDCs are allowed in the environment become an attractive research problem. There are few techniques have been proposed in the past for authenticating EDCs to discover legitimate EDCs and permit secure communication. Unfortunately, such techniques involved memory intensive and complex calculations which pay no attention to the resource limitation nature of the EDCs. Thus, to address these challenges, a lightweight strong authentication algorithm has been proposed to ensure safe communication between EDCs. The computation costs of the proposed scheme is low compared to other solutions, thus it has been proved lightweight and can be a suitable solution for resource constrained devices.

telecommunications

Dong Xie,Jinghua Yang,Bin Wu,Weixin Bian,Fulong Chen,Taochun Wang

DOI: https://doi.org/10.1109/tifs.2024.3362589

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:In a mobile edge computing environment, the computing tasks of resource-constrained IoT devices are often offloaded to mobile edge computing servers for processing. In order to ensure the security of the task offloading process, both parties need to perform mutual authentication and negotiate a session key first. The security defenses in the existing authentication schemes are often only aimed at external attackers, while ignoring the possible malicious behaviors of semi-trusted servers. Furthermore, they cannot effectively take into account the device-side lightweight and security, as well as the load problem of a single registry. In this paper, we propose a new anonymous authentication key agreement scheme that fully considers the resource constraints of terminal devices and the security risks of semi-trusted servers. In the scheme, we use the method of generating pairing information during registration to avoid the server-side directly contacting the user's private information, and support trusted third parties not to participate in the authentication process. In addition, by setting up authentication servers to outsource computing tasks, the device-side can avoid blindly selecting a computing server for task offloading, achieve accurate task assignment and efficient execution of authentication. We use Real-Or-Random model and BAN logic to demonstrate the security of the proposed scheme, and use the ProVerif tool to verify its authenticated reachability and confidentiality. Compared with other schemes with the same structure, this scheme is superior to similar schemes, and has higher security on the basis of ensuring the least amount of computation on the device-side.

computer science, theory & methods,engineering, electrical & electronic

Aidong Xu,Tengyue Zhang,Qicong Yang,Yixin Jiang,Yunan Zhang

DOI: https://doi.org/10.1088/1755-1315/693/1/012007

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:With the emergence of various low-latency application scenarios in the Internet of things (IoT), edge computing provides a series of low-latency computing modes such as real-time data processing and real-time decision-making, supports multiple terminals, and solves the problems of the existing cloud computing architecture. This paper proposes a channel fingerprint data packet authentication method based on edge computing cooperation. The edge server and smart terminal perform cooperative computing, make full use of the computing power of the smart terminal, reasonably allocate the amount of computing tasks, and effectively realize lightweight data packet authentication. The task running time is shortened and the authentication efficiency is improved.

Yifan Wang,Xiaoying Jia,Yongbo Xia,Muhammad Khurram Khan,Debiao He

DOI: https://doi.org/10.1016/j.jisa.2022.103334

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Edge computing is a new paradigm, especially suitable for Internet of Things (IoT) applications, which require low latency, location awareness and mass connections. It surely makes up for some shortcomings in cloud computing in terms of energy consumption and real-time analysis areas. However, it is still a great challenge to guarantee data security and privacy protection in edge computing environment. In this paper, we focus on the topic of authentication in edge computing and propose a conditional privacy-preserving authentication scheme based on blockchain, which guarantees user anonymity, conditional traceability as well as multi-factor security. The scheme uses elliptic curve cryptography (ECC) and does not use bilinear pairing operations. The key materials are stored on the blockchain and managed by the smart contracts. Formal security proof and heuristic security analysis show that the protocol satisfies desired security requirements and resists against most kinds of conventional attacks. Moreover, the performance comparison shows that the proposed scheme is more efficient in computation and communication than previous related schemes.

Jie Cui,Fengqun Wang,Qingyang Zhang,Chengjie Gu,Hong Zhong

DOI: https://doi.org/10.1109/tnsm.2022.3206378

2023-01-01

Abstract:In the industrial Internet of Things (IIoT) environment (e.g., a smart factory), smart devices with limited computing power can bring large amounts of privacy-sensitive data into insecure networks when they interact. If a network attacker intercepts and tampers with this data, it may cause chaos in production and even paralyze the entire IIoT system. Therefore, to ensure the regular operation of intelligent production, data receivers must authenticate the data before using them. However, existing message authentication schemes in the IIoT environment authenticate each message individually, which creates many redundant operations. Hence, to ensure data security among smart devices and reduce the computational overhead of data processing, we propose a batch authentication scheme based on edge computing in IIoT. Specifically, we design a lightweight batch authentication algorithm and use edge servers to assist smart devices in authenticating data, thus reducing the computational burden on smart devices and improving the efficiency of message authentication. The security analysis shows that the proposed scheme is secure in the random oracle model and meets the series of security requirements of the IIoT. In addition, we illustrate the efficiency of the scheme through experiments.

Fengqun Wang,Jie Cui,Qingyang Zhang,Debiao He,Chengjie Gu,Hong Zhong

DOI: https://doi.org/10.1109/tdsc.2023.3285800

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In edge-assisted cross-domain Industrial Internet of Things (IIoT), blockchain-based authentication is an effective way to build cross-domain trust and secure cross-domain data. However, existing authentication schemes still have serious challenges in terms of efficiency and security. In this article, we propose a blockchain-based lightweight message authentication scheme. First, to address efficiency challenges, we build a blockchain-enabled edge-assisted lightweight authentication framework. This framework uses edge servers to assist smart devices in achieving cross-domain authentication and effectively reduce redundant interactions between entities. Second, to resolve the security challenges, we design a lightweight message authentication algorithm for cross-domain IIoT. The algorithm guarantees message security with low computational overhead and is suitable for multi-receiver cross-domain IIoT. The security proof and analysis demonstrate that the proposed scheme is secure under the random oracle model and can resist various attacks. The performance evaluation shows that our proposed scheme is superior in terms of computation and communication overhead when compared with other related schemes.

Fan Wu,Xiong Li,Xiangyang Luo,Ke Gu

DOI: https://doi.org/10.1016/j.sysarc.2022.102737

IF: 5.836

2022-01-01

Journal of Systems Architecture

Abstract:As an element of the network edge for the smart city, the smart vehicle with computation capability undertakes information collection and transmission and serves as a node of the Internet of Vehicles (IoV). It is emergent to keep available communication for IoV in rural or disaster areas under 5G/beyond 5G environments, where drones play a critical part in the above cases. Also, edge computing is a good method to complete the incentive computing for high-speed vehicles. In this paper, an authentication scheme is constructed for an edge computing-enabled Internet of Vehicles with drone assistance. The vehicles can keep their identities anonymous in the data transmission. The roadside unit, as the mobile edge computing server, deals with data from vehicles. If any vehicle’s identity is required, the trusted authority will disclose it via the corresponding message. The formal proof demonstrates that the messages between participants cannot be forged by the attacker. Compared with some recent schemes of drone-assisted IoV, our scheme is the only one that maintains all security features. Moreover, our scheme is sound and practical via the expression of performance discussion and network simulation.

Zhiyuan Li,Zhenjiang Zhang

DOI: https://doi.org/10.1007/978-3-031-31275-5_5

2023-01-01

Abstract:As an emerging technology, edge computing can solve the problem of limited computing resources of IoT devices under the premise of lower latency. However, the existing mobile edge computing architecture cannot well solve the security problem of the identity authentication of the terminal device. In particular, the cross-domain authentication of the device cannot be completed efficiently when the device is switched between different IoT domains. To address these challenging issues, in this article, a lightweight edge computing cross-domain identity authentication scheme which combines edge computing with blockchain based on master-slave chain is proposed. The scheme uses the consortium blockchain as the master chain, that is, a decentralized authentication platform, realizes cross-domain authentication when the device switches domains, and can also solve the single point of failure problem of traditional authentication. The slave chain is maintained by edge computing nodes and terminal devices in each domain. When devices in the domain are mutually authenticated, the efficiency of authentication can be improved. During authentication, ring signature technology is used to ensure the security of the system, and at the same time, it can effectively save the storage space of the blockchain. Finally, the performance evaluation and security analysis of this scheme have been carried out to prove the safety and effectiveness of our scheme.