Lianhai Liu,Yujue Wang,Jingwei Zhang,Qing Yang

DOI: https://doi.org/10.3390/s19030482

IF: 3.9

2019-01-01

Sensors

Abstract:A vehicular ad hoc network (VANET) is a special mobile ad hoc network that provides vehicle collaborative security applications using intervehicle communication technology. The method enables vehicles to exchange information (e.g., emergency brake). In VANET, there are many vehicle platoon driving scenes, where vehicles with identical attributes (location, organization, etc.) are organized as a group. However, this organization causes the issue of security threats (message confidentiality, identity privacy, etc.) because of an unsafe wireless communication channel. To protect the security and privacy of group communication, it is necessary to design an effective group key agreement scheme. By negotiating a dynamic session secret key using a fixed roadside unit (RSU), which has stronger computational ability than the on-board unit (OBU) equipped on the vehicle, the designed scheme can help to provide more stable communication performance and speed up the encryption and decryption processes. To effectively implement the anonymous authentication mechanism and authentication efficiency, we use a batch authentication scheme and a shared secret key mechanism among the vehicles, RSUs and trusted authority (TA). We design an efficient group secret key agreement scheme, which satisfies the above communication and security requirements, protects the privacy of vehicles, and traces the real identity of the vehicle at a time when it is necessary. Computational analysis shows that the proposed scheme is secure and more efficient than existing schemes.

Fan Wu,Xiong Li

DOI: https://doi.org/10.1002/ett.4745

IF: 3.6

2023-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:SummaryWithout the involvements of human beings, cyber physical systems (CPSs) run based on many devices distributed everywhere around the smart city. Autonomous vehicles (AVs) occupy a critical part in modern transportation systems under the condition of 5G wireless communication. To help people make decisions, AVs collect and produce instant information on the roads. When messages are trasferred from AVs, real‐time and dependable authentications are required. Recently, a host of signature or key agreement authentication schemes have been proposed by researchers. However, weaknesses appear, such as instant data sent from autonomous vehicles are in plaintext, and attackers can track the identity of the autonomous vehicle even if pseudo‐identity mechanism is employed. In this paper, we introduce a new authentication scheme for AVs in transportation systems. Formal proof with random oracles demonstrates that it is difficult for the adversary to forge the four messages in the public communication environment. Moreover, security properties including vehicle anonymity, traceability and mutual authentication meet the requirements in our discussion. At last, the performation test with miracl library and simulation with NS3 show that the proposed scheme is practical due to completeness of more security targets than others.

Chunhua Jin,Penghui Zhou,Zhiwei Chen,Wenyu Qin,Guanhua Chen,Hao Zhang,Jian Weng

DOI: https://doi.org/10.1016/j.vehcom.2024.100847

IF: 6.7

2024-10-27

Vehicular Communications

Abstract:Vehicular ad hoc network (VANET) has been a promising technology in smart transportation system, which can enable information exchange between vehicles and roadside units (RSUs). However, the privacy of vehicles and RSUs is a critical challenge in VANET, as they may expose sensitive information to malicious attackers or unauthorized parties. Many existing authenticated key agreement (AKA) schemes aim to protect the privacy of vehicles and RSUs, but they often neglect the physical security of the devices involved in the communication. Therefore, we propose an efficient and privacy-preserving AKA scheme in VANET, which embeds physical unclonable function (PUF) and fuzzy extraction (FE) technology. PUF is a physical device that generates random strings based on their intrinsic characteristics and external inputs, which can protect the secrets in the devices from being stolen by attackers. FE can compensate for the drawbacks of PUF affected by environmental factors. Our scheme preserves the identity privacy of legitimate RSUs and vehicles, as well as intercepts and traces the identity of malicious attackers. In addition, we eliminate the involvement of the third party (TP) in the AKA phase to better meet the high-speed driving of vehicles. Finally, we conduct formal and informal security analyses in random oracle model (ROM), which prove that our scheme can resist various attacks. We also show in the performance analysis that our scheme has the lowest computational cost, communication overhead, and total energy consumption.

telecommunications,transportation science & technology

Qi Jiang,Xin Zhang,Ning Zhang,Youliang Tian,Xindi Ma,Jianfeng Ma

DOI: https://doi.org/10.1016/j.comcom.2021.03.022

IF: 5.047

2021-01-01

Computer Communications

Abstract:As an extension of Internet of Things (IoT) in transportation sector, the Internet of Vehicles (IoV) can greatly facilitate vehicle management and route planning. With ever-increasing penetration of IoV, the security and privacy of driving data should be guaranteed. Moreover, since vehicles are often left unattended with minimum human interventions, the onboard sensors are vulnerable to physical attacks. Therefore, the physically secure authentication and key exchange (AKE) protocol is urgently needed for IoV to implement access control and information protection. In this paper, physical unclonable function (PUF) is introduced in the AKE protocol to ensure that the system is secure even if the user devices or sensors are compromised. Specifically, PUF, as a hardware fingerprint generator, eliminates the storage of any secret information in user devices or vehicle sensors. By combining password, biometrics with PUF, the user device cannot be used by someone else to be successfully authenticated as the user. Finally, the elaborate security analysis demonstrates that the proposed protocol is free from the influence of known attacks and can achieve expected security properties, and the performance evaluation indicates the efficiency of our protocol.

Jie Cui,Yaning Chen,Hong Zhong,Debiao He,Lu Wei,Irina Bolodurina,Lu Liu

DOI: https://doi.org/10.1109/tvt.2023.3281276

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:With the rapid development of autonomous vehicles (AVs), vehicle safety has attracted attention. Controller area network (CAN) bus without authentication and encryption mechanisms is a weakness of the in-vehicle network (IVN), and attackers always primarily target the CAN bus. Attacks on the AVs' CAN bus are more frequent because AVs have more external interfaces and sensors than ordinary vehicles. To address the abovementioned issues, this paper proposes a lightweight encryption and authentication scheme for the CAN bus of AVs using message authentication codes and Grain stream cipher. The scheme realizes efficient authentication between electronic control units and a counter re-synchronization protocol is used to ensure that authentication failure owing to counter inconsistency is prevented. Blom key management scheme is employed to rapidly distribute and update session keys, avoiding the complicated process of updating pairwise keys. In addition, considering the scalability of the IVN, a key distribution protocol for new nodes was provided. The security proof using Burrows-Abadi-Needham logic and security analysis prove that the proposed scheme can satisfy the security requirements of the IVN. In addition, performance analysis shows that the proposed scheme can meet real-time requirements and has little impact on the busload.

telecommunications,engineering, electrical & electronic,transportation science & technology

Zisang Xu,Xiong Li,Jianbo Xu,Wei Liang,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.compeleceng.2021.107409

IF: 4.152

2021-01-01

Computers & Electrical Engineering

Abstract:In the Internet of Vehicles (IoV), the communication between vehicles and RoadSide Units (RSUs) usually through wireless channels. Therefore, the IoV requires a reliable and secure authentication and key agreement scheme to ensure that the exchanged data in the channel cannot be forged or modified by the adversary. In most existing authentication schemes, the vehicle can only authenticate with a Trusted Authority (TA), which results in the authentication efficiency of these centralized authentication schemes are easily affected by the TA’s computational and communication bottlenecks as the increase of traffic density. Therefore, this paper proposes a secure and computationally efficient authentication and key agreement scheme for the IoV, where the RSU can authenticate with the vehicle. Under the analysis of the Real-Or-Random model and the simulation tool ProVerif, the proposed scheme is proved to be secure. Compared with existing schemes, the proposed scheme improves the authentication efficiency and reduces energy consumption.

Qin Shi,Ze Yang,Teng Cheng,Chuansu Wang,Zexu Wu,Xing Zhang,Peiling Xu

DOI: https://doi.org/10.1109/jiot.2023.3332947

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of intelligent connected vehicles, networked vehicles carry a large amount of sensitive data. Secure authentication and controlled access to data in the Internet of Vehicles (IoV) are essential to protect vehicular private data. We propose a quantum-key-based authentication and key agreement scheme for IoV, called QKBAKA. Its features are as follows: 1) Role-Based Data Access Control Strategy: Access to private data requires authorization and management by vehicle owners. 2) Vehicle privatization manages quantum session keys. The quantum random number generator (QRNG) deployed on the vehicle side generates quantum session keys and realizes secure agreement through multilevel quantum keys. The multilevel quantum key includes the quantum prefilled key, the quantum protection key and the quantum session key. 3) Secure and Efficient Authentication Scheme: QKBAKA uses quantum keys, symmetric encryption algorithms, and hash algorithms. It is relatively secure for quantum computing and has better performance. Security analysis shows that QKBAKA is secure under the real-or-random (ROR) model and meets the security requirements of IoV. Performance evaluation shows that, compared with the existing schemes, QKBAKA reduces computation and communication costs by 74.83%-98.59% and 28.7%-83.1%. Simulation and real vehicle tests show that QKBAKA has good communication stability and feasibility.

Yuanshuai Li,Li Cao,Guoli Zheng,Honglei Men,Liang Chen

DOI: https://doi.org/10.1016/j.compeleceng.2024.109261

IF: 4.152

2024-05-02

Computers & Electrical Engineering

Abstract:The Internet of Vehicles (IoV) provides various services to vehicles through information sharing to ensure road safety and improve traffic efficiency. However, malicious attackers can challenge the privacy and security systems of the IoV by conducting security attacks. Currently, many schemes use bilinear pairing or elliptic curves to construct authentication systems, ensuring anonymity of vehicle identities and message security. However, these schemes suffer drawbacks such as low computational efficiency and high communication overhead in highly dynamic IoV. Therefore, we propose a new efficient certificateless message authentication scheme. The proposed scheme constructs a lightweight security authentication protocol by improving the RSA dynamic accumulator and combining it with non-interactive discrete logarithm zero-knowledge proofs. In addition, our scheme eliminates the need for bilinear pairing operations, thereby reducing computational overhead. Simultaneously, it enables real-time tracking and revocation of malicious vehicle identities. Security analysis shows that our scheme can be reduced to a secure S-RSA assumption under the random oracle model, meeting various security requirements of the IoV. Performance analysis shows that our scheme diminishes not only the computational overhead but also the communication overhead.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Chaeeon Kim,DeokKyu Kwon,Seunghwan Son,Sungjin Yu,Youngho Park

DOI: https://doi.org/10.3390/math12233756

IF: 2.4

2024-11-29

Mathematics

Abstract:The Internet of Vehicles (IoV) is an emerging technology that enables vehicles to communicate with their surroundings, provide convenient services, and enhance transportation systems. However, IoV networks can be vulnerable to security attacks because vehicles communicate with other IoV components through an open wireless channel. The recent related work suggested a two-factor-based lightweight authentication scheme for IoV networks. Unfortunately, we prove that the related work cannot prevent various security attacks, such as insider and ephemeral secret leakage (ESL) attacks, and fails to ensure perfect forward secrecy. To address these security weaknesses, we propose an anonymous and efficient authentication scheme with conditional privacy-preserving capabilities in IoV networks. The proposed scheme can ensure robustness against various security attacks and provide essential security features. The proposed scheme ensures conditional privacy to revoke malicious behavior in IoV networks. Moreover, our scheme uses only one-way hash functions and XOR operations, which are low-cost cryptographic operations suitable for IoV. We also prove the security of our scheme using the "Burrows–Abadi–Needham (BAN) logic", "Real-or-Random (ROR) model", and "Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool". We evaluate and compare the performance and security features of the proposed scheme with existing methods. Consequently, our scheme provides improved security and efficiency and is suitable for practical IoV networks.

mathematics

Jie Cui,Xuelian Chen,Jing Zhang,Qingyang Zhang,Hong Zhong

DOI: https://doi.org/10.1109/jiot.2020.3041860

IF: 10.6

2021-05-15

IEEE Internet of Things Journal

Abstract:A connected and autonomous vehicle (CAV) is often fitted with a large number of onboard sensors and applications to support autonomous driving functions. Based on the current research, little work on applications' access to in-vehicle data has been done. Furthermore, most existing autonomous driving operating systems lack authentication and encryption units. As such, applications can excessively obtain confidential information, such as vehicle location and owner preferences and even upload it to the cloud, threatening the security of the vehicle and the privacy of the owner. In this study, we propose a fine-grained access control scheme to restrict applications' access to data in CAVs (FGAC-inCAVs). First, we present a system model composed of the following elements: a trusted third party (TTP), which is a fully trusted authority; perception components like sensors, which can capture the road information (pictures, videos, etc.); and multiple applications. Then, a fast attribute-based encryption (ABE) is presented, and security analysis also shows it is secure against selective and chosen-plaintext attacks. Furthermore, we propose a key update scheme based on the Chinese remainder theorem (CRT). Finally, the theoretical analysis and simulation experiments demonstrate its feasibility and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenting Li,Haibo Cheng,Ping Wang

DOI: https://doi.org/10.1109/cybersecpods.2019.8885375

2019-01-01

Abstract:User authentication plays an important role in generic IoT networks that prevents malicious parties from gaining access to various services offered by remote servers. As user-end IoT devices are typically resource-constrained, how to design secure and efficient multi-factor authentication schemes remains hard to tackle. Very recently, instead of using traditional asymmetric encryption algorithms such as RSA, EIGamal encryption, a number of attempts have been made to employ chaotic maps as building blocks to design multi-factor authentication schemes for IoT environments. In this paper, we first revisit two foremost chaotic maps based multi-factor user authentication schemes presented by Roy et al. and Truong et al., and show that, despite being armed with a formal security proof, none of them can achieve the goal of “truly multi-factor security”. Besides, we find Roy et al.'s scheme fails to achieve the claimed feature of forward secrecy, while Truong et al.'s scheme suffers from stolen verifier attack and violation of user anonymity. Further, we indicate how to mend these weaknesses and propose an enhanced protocol with high efficiency. Security and efficiency analysis suggest that our scheme outperforms existing schemes and is practical for real applications of IoT environments.

Junfeng Miao,Zhaoshun Wang,Xin Ning,Achyut Shankar,Carsten Maple,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1109/tits.2024.3360251

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:As a component of the Intelligent Transportation System (ITS), Internet of Vehicles (IoV) is becoming increasingly important in the management and construction of urban transportation as it can provide users with a range of applications related to traffic accident warnings, entertainment information, collaborative driving and real-time road information through communication devices on vehicles. However, with the increasing variety of services in the IoV, the growing demand for user traffic and the advances in Unmanned Aerial Vehicle (UAV) technology, UAV is introduced into the IoV as a solution, which can relieve the pressure on the communication infrastructure in the network, provide emergency communication services and improve the performance of network services. Due to the openness of IoV and the high-speed movement of vehicles, authentication and privacy issues are among the most pressing issues in IoV. Therefore, the paper proposes a secure and effective authentication protocol for UAV-assisted IoV. The protocol utilises elliptic curve cryptography to assure the security of the authentication. The protocol undergoes proof of security, Burrows-Abadi-Needham (BAN) logic analysis and informal security analysis to ensure secure and mutual authentication, and have a good resistance to known attacks. Furthermore, performance analysis and comparison are conducted to evaluate the efficiency of our protocol. The results indicate that our protocol has superior advantages in overhead.

engineering, electrical & electronic,transportation science & technology, civil

Qing Yang,Xiaoqian Zhu,Xiaoliang Wang,Junjie Fu,Jing Zheng,Yuzhen Liu

DOI: https://doi.org/10.1016/j.future.2023.03.037

IF: 7.307

2023-04-02

Future Generation Computer Systems

Abstract:With the proposal of the intelligent transportation system, vehicular ad-hoc networks have been widely concerned and well-developed. Vehicular ad-hoc network is recognized as a major innovation of the Internet of Things technology. It can collect and analyze traffic data uploaded by vehicles through the network, monitor vehicle state in real-time, provide better driving routes and real-time traffic decisions for vehicles, and improve vehicles' overall level of intelligent driving. To make vehicles quickly join the vehicular ad-hoc networks through the authentication of identity legitimacy, take into account security and efficiency, and further reduce the calculation and communication consumption in authentication, this paper designs a mutual anonymous authentication and key agreement scheme based on an elliptic curve for the vehicular ad-hoc networks. To complete vehicle authentication and session key establishment, we work with lightweight operations like hash, XOR, and connection in conjunction with the elliptic curve discrete logarithm problem to guarantee the confidentiality of communication data. In the scheme, identity authentication is divided into two types: initial authentication and subsequent authentication. When the vehicle is just on the road, it will use the first roadside unit it encounters for initial authentication. All roadside units that cars on the road come across are then authenticated after the accomplishment of the initial authentication with the first roadside unit. Subsequent authentication is lighter and less computationally complex than initial authentication. Of course, subsequent authentication is based on initial authentication. This paper also analyzes the scheme's security and uses BAN logic analysis and Proverif simulation to verify the scheme's security. Additionally, performance analysis is used to demonstrate the scheme's superiority.

computer science, theory & methods

Li Li,XingJuan Fan,BoYuan Zhi,ShaoJun Li,Seyyed Amirreza Dabollahi

DOI: https://doi.org/10.1007/s11235-024-01172-z

2024-06-20

Telecommunication Systems

Abstract:In the contemporary era, the Internet of Vehicles (IoV) plays a pivotal role in traffic management, especially in the context of highly scalable and dynamic 5 G networks. Safeguarding these networks presents numerous challenges, particularly in controlling access for unauthenticated users and establishing secure key agreements with fine-grained access control. Balancing these security measures is vital to prevent unauthorized information flow while aligning with the promising goals of future generation technologies. Despite numerous related studies being conducted, existing schemes face risks such as privacy breaches, identity tracing, and substantial computation overheads. Consequently, there is an urgent need to introduce a more secure and efficient scheme to counter various attacks. This paper introduces an authenticated key agreement scheme, tailored for fog-based IoV. The scheme's security is established under the Random Oracle Model and verified using the ProVerif tool. Additionally, a performance assessment is conducted, demonstrating that the proposed protocol simultaneously meets both security and efficiency requirements when compared to several related schemes.

telecommunications

Kaiyan He,Zhe Ren

DOI: https://doi.org/10.1016/j.comnet.2024.110450

IF: 5.493

2024-04-26

Computer Networks

Abstract:The Industrial Internet of Things (IIoT) is an emerging technology for smart manufacturing and productivity improvement. Due to the increasing complexity of manufacturing, devices with smart industrial sensors from several domains work together on the same job, raising serious security and privacy concerns about peer-to-peer (P2P) communication. Specifically, P2P secure communication should be focused on when it comes to high efficiency and security of information exchange between two industrial sensors. However, none of the existing schemes can resist physical attacks toward industrial sensors. To resolve the problem, we propose a new three-factor authentication and key agreement scheme named NTFAK for P2P IIoT communication using Physical Unclonable Functions (PUF) and Chebyshev chaotic mapping, where PUF is used to replace the smart card factor in the traditional schemes. The unclonable property of PUF and its ability to securely identify a device by challenge-response can provide safety to physical attacks. Besides, the use of the Chebyshev chaotic map also can provide high computational efficiency while ensuring better security. The proposed scheme enables secure communication between any two industrial sensors, which can resist physical attacks and offer a smaller key size, faster computation, and higher efficiency for IIoT. The security of our scheme is formally proved by the random oracle model, and security properties are discussed to show our scheme resists various attacks. Moreover, experiments were implemented to prove the efficiency of our scheme. Specifically, the results show that NTFAK can improve the computation and communication overheads by 36.6% and 17.5% at least, compared to existing schemes, while also ensure a minimum time reduction of 30.4% in delay time. In terms of security and functionality features, NTFAK satisfies the proposed 14 properties, outperforming existing solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zhishuo Zhang,Wen Huang,Ying Huang,Yongjian Liao,Zhun Zhang,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3349005

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Authenticated Key agreement protocol (AKA) is one of the essential components for reliable secure communication in Industrial Internet-of-Things (IIoT) communication model. Recently, Srinivas et al. proposed a three-factor elliptic curve cryptosystem (ECC)-based AKA protocol called UAP-BCIoT for WSN-based intelligent transportation system (ITS). In this paper, we first find out that their protocol has a security weak point inherently called master secret disclose and key forgery defect which makes their protocol susceptible to variant impersonation attacks. To overcome the deficiency of their protocol, we construct an improved ECC-based three-factors (credential, password and biometric) tripartite authenticated key agreement protocol among managers Ui, domain gateway DG and IIoT nodes INj with identity dynamic revocation and online updating (IDR-OU-TAKA) for secure communication in IIoT. Unlike the vast majority of previous GWN-assisted MAKA protocols that only negotiate the session key between Ui and INj, our IDR-OU-TAKA protocol can selectively achieve Ui DG INj tripartite key negotiation according to Ui’s IPv6 addresses, meaning that any two parties can use the session key to establish a secure channel which can achieve isolation security within the IIoT domain. Besides, in our proposed IDR-OU-TAKA, the overdue or corrupted manager can be immediately revoked by dynamically maintaining the revocation list and the identity of manager can be securely updated online through an open channel. We give rigorous security proof based on real-or-random (ROR) model and the non-mathematical (informal) security analysis to our proposed IDR-OU-TAKA protocol. Finally, we conduct a comprehensive comparison and evaluation to our proposed IDR-OU-TAKA protocol with other state-of-art MAKA protocols in terms of security and functionality features, communication, and computation costs which clearly indicate that our protocol is more practical and suitable for IIoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingwei Liu,Qingqing Li,Rong Sun,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1811.03239

2018-11-08

Abstract:Internet of Vehicles (IoV) is an intelligent application of IoT in smart transportation, which can make intelligent decisions for passengers. It has drawn extensive attention to improve traffic safety and efficiency and create a more comfortable driving and riding environment. Vehicular cloud computing is a variant of mobile cloud computing, which can process local information quickly. The cooperation of the Internet and vehicular cloud can make the communication more efficient in IoV. In this paper, we mainly focus on the secure communication between vehicles and roadside units. We first propose a new certificateless short signature scheme (CLSS) and prove the unforgeability of it in random oracle model. Then, by combining CLSS and a regional management strategy we design an efficient anonymous mutual quick authentication scheme for IoV. Additionally, the quantitative performance analysis shows that the proposed scheme achieves higher efficiency in terms of interaction between vehicles and roadside units compared with other existing schemes.

Cryptography and Security

Jihu Zheng,Haixin Duan,Chenyu Wang,Qiang Cao,Guoai Xu,Rui Fang

DOI: https://doi.org/10.3390/electronics13101939

IF: 2.9

2024-05-16

Electronics

Abstract:The drone-assisted Internet of Vehicles (DIoV) displays great potential in the punctual provision of rescue services without geographical limitations. To ensure data security in accident response and rescue services, authentication schemes with access control are employed. These schemes ensure that only specific rescue vehicle operators acting within a valid period can achieve mutual authentication from a designated processor, while access for mismatched, revoked, or expired users is denied. However, the current alternatives fail to ensure session key forward secrecy, entities' mutual authentication, and user anonymity, thereby compromising users' privacy and the security of communications. Moreover, executing too many time-consuming operations on vehicles' resource-constrained devices inevitably degrades the performance of the authentication protocol. Balancing security and performance in the design of an authentication protocol with access control presents a significant challenge. To address this, a more efficient and robust authentication with access control has been designed. The proposed protocol ensures user anonymity through dynamic pseudonym allocation, achieves forward secrecy by excluding the long-term key from session key generation, and obtains mutual authentication by verifying the integrity of the messages exchanged. According to the security and performance analysis, it is demonstrated that the proposal is a robust, efficient, and cost-effective solution. In particular, the proposal can reduce the computational overhead by 66% compared to recent alternatives.

engineering, electrical & electronic,computer science, information systems,physics, applied

Fan Wu,Lili Xu

DOI: https://doi.org/10.1007/978-3-319-68542-7_16

2017-01-01

Abstract:Cloud computing is a hot issue mentioned more and more nowadays. Vast information for every domain are stored in cloud servers. Security issue is accompanied with the fast development of cloud application. On the other hand, many authentication schemes with different methods have been presented over the last decades. To guarantee the valid access to remote server, smart cards are used on the client side. Moreover, user anonymity becomes a hot issue in such schemes. We present a chaotic-map based mutual authentication scheme for cloud computing. After our concrete analysis, the new scheme not only makes user anonymous but also performs well in basic aspects compared with recent schemes. The new scheme is practical and efficient via our comparison and it overcomes various attacks and meets security requirements in public opinion. ...

Shuming Qiu,Ding Wang,Guoai Xu,Saru Kumari

DOI: https://doi.org/10.1109/tdsc.2020.3022797

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to the limitations of symmetric-key techniques, authentication and key agreement (AKA) protocols based on public-key techniques have attracted much attention, providing secure access and communication mechanism for various application environments. Among these public-key techniques used for AKA protocols, chaotic-map is more effective than scalar multiplication and modular exponentiation, and it offers a list of desirable cryptographic properties such as un-predictability, un-repeatability, un-certainty, and higher efficiency than scalar multiplication and modular exponentiation. Furthermore, it is usually believed that three-factor AKA protocols can achieve a higher security level than single- and two-factor protocols. However, none of existing three-factor AKA protocols can meet all security requirements. One of the most prevalent problems is how to balance security and usability, and particularly how to achieve truly three-factor security while providing password change friendliness. To deal with this problem, in this article we put forward a provably secure three-factor AKA protocol based on extended chaotic-maps for mobile lightweight devices, by adopting the techniques of "Fuzzy-Verifiers" and "Honeywords". We prove the security of the proposed protocol in the random oracle model, assuming the intractability of extended chaotic-maps Computational Diffie-Hellman problem. We also simulate the protocol by using the AVISPA tool. The security analysis and simulation results show that our protocol can meet all 13 evaluation criteria regarding security. We also assess the performance of our protocol by comparing with seven other related protocols. The evaluation results demonstrate that our protocol offers better balance between security and usability over state-of-the-art ones.

computer science, information systems, software engineering, hardware & architecture