Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Yuan Zhang,Chunxiang Xu,Shui Yu,Hongwei Li,Xiaojun Zhang

DOI: https://doi.org/10.1109/tcss.2016.2517205

2015-01-01

IEEE Transactions on Computational Social Systems

Abstract:Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace but also physical space. This has resulted in generating numerous data at a user's local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective, and flexible way to manage data, whereas users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many schemes have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these schemes bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these schemes, an auditor needs to manage users certificates to choose the correct public keys for verification. In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that the SCLPV is efficient and practical. Compared with the only existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. In comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server of the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

Jie Zhao,Yifeng Zheng,Hejiao Huang,Jing Wang,Xiaojun Zhang,Daojing He

DOI: https://doi.org/10.1016/j.sysarc.2023.102860

IF: 5.836

2023-03-23

Journal of Systems Architecture

Abstract:Cloud-assisted medical cyber–physical systems (MCPSs) leverage the power of cloud computing for scalable storage and management of outsourced medical data. Based on the crucial outsouced medical data, guardians could know patient's health condition timely, doctors can make accurate diagnoses of patients, and medical research centers could also conduct medical big data analysis. However, medical data is highly sensitive and demands strong protection. Meanwhile, the integrity of outsourced medical data is vulnerable to hardware failures, software bugs or human errors. To date, a large number of data privacy-preserving integrity auditing schemes have been presented, but most of them suffer from the burden of complex public key certificate management or the key escrow problem of identity-based cryptography. In this paper, we propose a lightweight certificateless privacy-preserving integrity verification scheme (LCPPIV) with conditional anonymity for cloud-assisted MCPSs by developing an elliptic-curve digital signature and a key exchange mechanism, which can achieve the functionalities of medical data privacy protection, integrity verification of outsourced medical data, conditional anonymity, batch auditing, and secure compensation mechanism, simultaneously. Theoretical security analysis demonstrates that our scheme is provably secure in the random oracle model, with resistance to the public key replacement attack, malicious-but-passive-KGC attack, and response auditing proofs forgery. The performance evaluations indicate that LCPPIV is much more practical for cloud-assisted MCPSs compared with state-of-art data auditing schemes.

computer science, software engineering, hardware & architecture

Chao Gai,Wenting Shen,Ming Yang,Ye Su

DOI: https://doi.org/10.3389/fenrg.2022.1058125

IF: 3.4

2023-01-17

Frontiers in Energy Research

Abstract:As the promising next generation power system, smart grid can collect and analyze the grid information in real time, which greatly improves the reliability and efficiency of the grid. However, as smart grid coverage expands, more and more data is being collected. To store and manage the massive amount of smart grid data, the data owners choose to upload the grid data to the cloud for storage and regularly check the integrity of their data. However, traditional public auditing schemes are mostly based on Public Key Infrastructure (PKI) or Identity Based Cryptography (IBC) system, which will lead to complicated certificate management and inherent key escrow problems. We propose a certificateless public auditing scheme for cloud-based smart grid data, which can avoid the above two problems. In order to prevent the disclosure of the private data collected by the smart grid during the phase of auditing, we use the random masking technology to protect data privacy. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.

energy & fuels

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Yuyang Zhou,Jing Guo,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101754

IF: 5.836

2020-01-01

Journal of Systems Architecture

Abstract:The Snowden incident shows that powerful attackers can compromise users' machines to steal users' private information. Currently, many encryption schemes that have proven to be secure cannot detect vulnerabilities. These vulnerabilities may reveal users' secrets, e.g., a machine hides some backdoors without a user's awareness, and an attacker can steal the user's private information through these backdoors. In 2015, Mironov and Stephens-Davidowitz proposed a new framework for solving this problem: cryptographic reverse firewall (CRF). However, their protocols can't protect certificateless public key encryption (CL-PKE). In this paper, we design a CRF protocol for CL-PKE, which is a one-round CL-PKE with CRFs (CL-PKE-CRF) deployed on a receiver and a key generating centre (KGC). This protocol is proved to achieve indistinguishability against chosen plaintext attack (IND-CPA). Compared with existing protocol with CRFs and two CL-PKE schemes, our protocol has the least communication cost. Meanwhile, we use JPBC library to implement our one-round CL-PKE-CRF. The experimental results indicate that under high security levels, our protocol has a advantage in the percentage of the running time. Since our protocol can resist exfiltration attacks from internal attackers, it is efficient and practical. Finally, we apply the same method to design a secure and effective one-round certificateless public key signature with a CRF (CL-PKS-CRF). This means that our protocol is not only targeted at a single CL-PKE scheme, but also can inspire the design of other certificateless public key cryptography schemes with CRFs.

Yuan Zhang,Chunxiang Xu,Jining Zhao,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.1016/j.jisa.2015.05.001

IF: 4.96

2015-01-01

Journal of Information Security and Applications

Abstract:Cloud storage provides an efficient way for users to work together as a group by sharing data with each other. However, since shared data can be accessed and modified by multiple users and group membership may be changed frequently, this new paradigm poses many challenges for keeping integrity of shared data. Recently, Yuan et al. proposed an efficient integrity checking scheme (IEEE INFOCOM 2014, doi: 10.1109/INFOCOM.2014.6848154) for cloud data sharing with multi-user modification, which had many appealing features. They claimed that the scheme is secure and efficient, and they also provided the formal security proof and the performance evaluation. Regretfully, existing two security flaws in Yuan et al.'s scheme are pointed out in this letter. Specifically, by fooling the third-party auditor (TPA) into trusting that the data is well maintained by the cloud server, an adversary can process the following two deceiving methods. Firstly, the adversary can modify the shared data and tamper with the interaction messages between the cloud server and the TPA, thus invalidating shared data integrity checking. Secondly, an adversary, who records a fraction of the cloud-stored data, can overwrite the vast majority of the shared data by using the recorded data and passing shared data integrity verification. Furthermore, we suggest a solution to the two security flaws while retaining all the desirable features of the original scheme.

DOI: https://doi.org/10.1007/s11277-024-11023-4

IF: 2.017

2024-05-08

Wireless Personal Communications

Abstract:Data auditing in the cloud, along with files and authentication server Deduplication, may protect the integrity of cloud storage and substantially decrease the cloud stored data. With the rise of Smart Cities, the sector has offered plenty of potential problems. The failure in single point, Although, Cloud computing is standard in modern enterprise networks, and cloud security is a significant concern in the Cloud Integrated Smart City (CISC). However, to deal with large amounts of data created by different intelligent devices, storing and uploading all that information to the cloud servers is necessary. Therefore, cloud servers must protect the data against integrity as well as ensuring it is private. Over the last year, Cloud servers had suggested several cloud security auditing plans. Because of this, they were verifying data integrity using a third-party auditor (TPA) is crucial. Bi-linear pairing procedures are the most often used operation in the audit phase, and they require substantial effort and expense. Additionally, such approaches will not secure users' data privacy. Thus, we proposed a Artificial Bee colony and SHA algorithm for public cloud auditing system for CISC that preserves integrity and confidentiality. Security can be improved by using this proposed strategy, although the associated communication and computational costs are low National cyber security authorities may use CISC as security and privacy for auditing/scoring. A batch audit is used, as well as dynamic process data. In addition, the suggested method protects smart cities from unauthorized TPA. CISC auditing in TPA assessed the proposed system's security and performance to be strong.

telecommunications

Baoyuan Kang,Jiaqiang Wang,Dongyang Shao

DOI: https://doi.org/10.1155/2017/2925465

2017-01-01

Mobile Information Systems

Abstract:With cloud computing being integrated with wireless body area networks, the digital ecosystem called cloud-assisted WBAN was proposed. In cloud-assisted medical systems, the integrity of the stored data is important. Recently, based on certificateless public key cryptography, He et al. proposed a certificateless public auditing scheme for cloud-assisted WBANs. But He et al.’s scheme is not a scheme with privacy preserving. After many checks on some of the same data blocks, the auditor can derive these data blocks. In this paper, we propose a certificateless public auditing scheme with privacy preserving for cloud-assisted WBANs. In the proof phase of the proposed scheme, the proof information is protected from being directly exposed to the auditor. So, the curious auditor could not derive the data blocks. We also prove that the proposed scheme is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard, and we give a comparison of the proposed scheme with He et al.’s scheme in terms of security and computation cost.

computer science, information systems,telecommunications

Yuan Tian,Xuan Zhou,Tanping Zhou,Weidong Zhong,Ruifeng Li,Xiaoyuan Yang

DOI: https://doi.org/10.3390/math12131964

IF: 2.4

2024-06-25

Mathematics

Abstract:With the surge in cloud storage popularity, more individuals are choosing to store large amounts of data on remote cloud service providers (CSPs) to save local storage resources. However, users' primary worries revolve around maintaining data integrity and authenticity. Consequently, several cloud auditing methods have emerged to address these concerns. Many of these approaches rely on traditional public-key cryptography systems or are grounded in identity-based cryptography systems or certificateless cryptography systems. However, they are vulnerable to the increased costs linked with certificate management, key escrow, or the significant expenses of establishing a secure channel, respectively. To counter these limitations, Li et al. introduced a certificate-based cloud auditing protocol (LZ22), notable for its minimal tag generation overhead. Nonetheless, this protocol exhibits certain security vulnerabilities. In this paper, we devise a counterfeiting technique that allows the CSP to produce a counterfeit data block with an identical tag to the original one. Our counterfeiting method boasts a 100% success rate ∀ data block and operates with exceptional efficiency. The counterfeiting process for a single block of 10 kB, 50 kB, and 100 kB takes a maximum of 0.08 s, 0.51 s, and 1.04 s, respectively. By substituting the exponential component of homomorphic verifiable tags (HVTs) with non-public random elements, we formulate a secure certificate-based cloud auditing protocol. In comparison to the LZ22 protocol, the average tag generation overhead of our proposed protocol is reduced by 6.80%, 13.78%, and 8.66% for data sizes of 10 kB, 50 kB, and 100 kB, respectively. However, the auditing overhead of our proposed protocol shows an increase. The average overhead rises by 3.05%, 0.17%, and 0.45% over the LZ22 protocol's overhead for data sizes of 10 kB, 50 kB, and 100 kB, correspondingly.

mathematics

Xiaojun Zhang,Xin Wang,Dawu Gu,Jingting Xue,Wei Tang

DOI: https://doi.org/10.1109/TNSM.2022.3189650

2022-01-01

Abstract:Cloud computing provides users with convenient data storage services, which simultaneously poses various security concerns, the integrity of outsourced data has been termed as one of the most concerning security issues. Certificateless public auditing not only enables a third-party auditor (TPA) to check data integrity, but also avoids complex certificates management and inherent drawbacks of key escrow. Up to date, a few certificateless public auditing schemes have been proposed, without providing fast data dynamics or protecting the identity privacy of users. In this paper, we propose a lightweight conditional anonymous certificateless public auditing (CACPA) scheme, supporting much faster data dynamics in cloud storage systems. Based on a homomorphic hash function, we design a certificateless signature and integrate it into the construction of CACPA, reducing the computational costs of TPA substantially. CACPA achieves conditional identity privacy preservation, anyone cannot infer the real identity of a user based on outsourced data, only the private key generator (PKG) can revoke the users when some misbehaviors occur. We provide security analysis of CACPA, and conduct performance evaluation demonstrating the lightweight advantages of CACPA, and therefore it is suitable for auditors with resource-constrained mobile devices.

Jaya Rao Gudeme,Syamkumar Pasupuleti,Ramesh Kandukuri

DOI: https://doi.org/10.1016/j.jpdc.2021.06.001

IF: 4.542

2021-10-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing popularity of data sharing among users of a group in clouds, shared data auditing has become an important issue in the cloud auditing field. To address this issue, many shared data auditing schemes have been proposed in the literature based on either public key infrastructure (PKI) or identity-based cryptography (IBC). However, these schemes suffer from issues of complex certificate management or key escrow problem. To address these problems, recently, a certificateless shared auditing scheme was put forward. However, it cannot support data dynamics and does not protect data privacy against a verifier, i.e., the verifier can derive data content when verifying the data integrity, which affects the scheme's security. This paper proposes certificateless privacy preserving public auditing scheme for dynamic shared data with group user revocation in cloud storage (CLPPPA). CLPPPA protects the privacy of data from the verifier by leveraging a random masking technique. Further, CLPPPA also supports shared data dynamics and group user revocation. We formally prove the security of CLPPPA under computational Diffie-Hellman (CDH) and discrete logarithm (DL) assumptions in the Random Oracle Model (ROM). The performance of CLPPPA is evaluated by theoretical analysis, experimental results, and compared with the state-of-the-art ones. The results demonstrate that CLPPPA achieves desirable efficiency.

computer science, theory & methods

Yin Zhang,Ling Xiong,Fagen Li,Xianhua Niu,Hanzhou Wu

DOI: https://doi.org/10.1016/j.sysarc.2023.102949

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:Blockchain-based authentication mode, a fundamental solution to prevent unauthorized access behavior, gradually becomes a focus in future distributed mobile cloud computing (MCC) services. However, due to the transparent and immutable characteristics of blockchain, users' access behaviors are facing huge security and privacy threats. Storing the encrypted data on chain is an effective way to address these issues, but access permission confirmation and update in the form of ciphertext is the main bottleneck. To this end, this paper proposes a blockchain-based unified authentication and hierarchical access control scheme for the MCC environment, which provides both privacy protection and auditability. In the proposed scheme, users can access multiple MCC services with different access permissions using a single credential. To protect the privacy of both users and service providers, while still supporting auditability, the data on the public ledger is blinded using Pedersen commitments. Besides, the proposed scheme provides flexible dynamic updating in encrypted form. Theoretical analysis indicates that the proposed scheme can meet various security and privacy requirements in the MCC environment. Compared with related schemes, it has better communication efficiency. Therefore, the proposed scheme is more suitable for the actual MCC environment.

Gaimei Gao,Hongxia Fei,Zefeng Qin

DOI: https://doi.org/10.1002/cpe.5924

2020-07-18

Concurrency and Computation: Practice and Experience

Abstract:<p>Cloud storage is a mode of online storage in which data are stored on multiple virtual servers usually hosted by third parties. Cloud service providers manage and operate data storage as services. The major concern in cloud storage is the integrity of outsourced data. Many public auditing schemes which authorize the third party auditor (TPA) to check the integrity of outsourced data have been proposed. However, most of them are based on traditional public key cryptosystems. This paper proposes an efficient certificateless public auditing Scheme (CL‐PAS) in cloud storage. In the process of challenge and auditing, CL‐PAS ensures that malicious cloud servers cannot forge auditing evidences to deceive TPA to pass the verification, and prevents curious TPA from recovering original data from auditing evidences. So it strengthens privacy preserving. Security analysis shows that CL‐PAS scheme meets the predetermined security requirements. The simulation and performance analysis results show that, compared with similar schemes, CL‐PAS scheme has the higher efficiency.</p>

Guangjun Liu,Wangmei Guo,Ximeng Liu,Jinbo Xiong

DOI: https://doi.org/10.1155/2021/6652606

IF: 1.968

2021-04-21

Security and Communication Networks

Abstract:Enabling remote data integrity checking with failure recovery becomes exceedingly critical in distributed cloud systems. With the properties of a lower repair bandwidth while preserving fault tolerance, regenerating coding and network coding (NC) have received much attention in the coding-based storage field. Recently, an outstanding outsourced auditing scheme named NC-Audit was proposed for regenerating-coding-based distributed storage. The scheme claimed that it can effectively achieve lightweight privacy-preserving data verification remotely for these networked distributed systems. However, our algebraic analysis shows that NC-Audit can be easily broken due to a potential defect existing in its schematic design. That is, an adversarial cloud server can forge some illegal blocks to cheat the auditor with a high probability when the coding field is large. From the perspective of algebraic security, we propose a remote data integrity checking scheme RNC-Audit by resorting to hiding partial critical information to the server without compromising system performance. Our evaluation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for distributed remote data auditing.

computer science, information systems,telecommunications

Song Li,Jie Cui,Hong Zhong,Lu Liu

DOI: https://doi.org/10.3390/s17051032

IF: 3.9

2017-05-05

Sensors

Abstract:Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users&#x27; medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs&#x27; applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs&#x27; deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Bing Li,Mingxuan Zheng,Maode Ma

DOI: https://doi.org/10.1049/2024/6616095

2024-03-12

IET Information Security

Abstract:Named Data Networking (NDN) is a promising network architecture that differs from the traditional TCP/IP network, as it focuses on data rather than the host. A new secure model is required to provide the data-oriented trust instead of the host-oriented trust. This paper proposes a new secure solution in the NDNs named Secure Mechanism supported by Certificateless Digital Signature and Blockchain (CLDS-B). The CLDS-B scheme employs a certificateless digital signature to guarantee the authentication and integrity of data. On the one hand, the key escrow problem has been solved to eliminate the risks of compromised private key generators; on the other hand, the data name has been bound to the public key to prevent the false public key. Moreover, the blockchain is used to manage cryptographic information. Each domain designates an information service entity to join the blockchain so that the consumer could retrieve the cryptographic information public parameter in the local domain if necessary. Furthermore, due to the decentralization of the blockchain, the CLDS-B would be robust to resist the single-node failure. Simulation results show that the CLDS-B scheme outperforms a classic NDN scheme, although it shows slightly inferior to the other secure NDN scheme. The security verification and analysis show that the CLDS-B would resist the key escrow attack. The CLDS-B would be a competitive solution in scenarios with a high-security level.

computer science, information systems, theory & methods

Hui Tian,Weiping Ye,Jia Wang,Hanyu Quan,Chin-Chen Chang

DOI: https://doi.org/10.1155/2023/3375823

IF: 8.993

2023-11-27

International Journal of Intelligent Systems

Abstract:In the context of healthcare 4.0, cloud-based eHealth is a common paradigm, enabling stakeholders to access medical data and interact efficiently. However, it still faces some serious security issues that cannot be ignored. One of the major challenges is the assurance of the integrity of medical data remotely stored in the cloud. To solve this problem, we propose a novel certificateless public auditing for medical data in the cloud (CPAMD), which can achieve efficient batch auditing without complicated certificate management and key escrow. Specifically, in our CPAMD, a new secure certificateless signature method is designed to generate tamper-proof data block tags; a manageable delegated data outsourcing mechanism is presented to reduce the burden of data maintenance on patients and achieve auditability of outsourcing behavior; and a privacy-preserving augmented verification strategy is proposed to provide comprehensive auditing of both medical data and its source information without compromising privacy. We perform formal security analysis and comprehensive performance evaluation for CPAMD. The results demonstrate that the presented scheme can provide better auditing security and more comprehensive auditing capabilities while achieving good performance comparable to state-of-the-art ones.

computer science, artificial intelligence

Xiaodong Yang,Songyu Li,Lan Yang,Xiaoni Du,Caifen Wang

DOI: https://doi.org/10.1109/tits.2024.3367925

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) are integral to the evolution of intelligent transportation systems, offering substantial benefits in managing traffic flow, issuing warnings for potential accidents, and delivering information services to drivers. To ensure the authenticity and integrity of data exchanged within VANETs, numerous authentication schemes based on certificateless aggregate signature (CLAS) have been developed. However, state-of-the-art solutions often fail to be applicable in real-world VANETs due to security weaknesses and operational inefficiencies. Recently, Zhu et al. proposed an efficient CLAS-based authentication scheme with conditional privacy preservation (CPP) for VANETs (IEEE Transactions on Intelligent Transportation Systems, DOI: 10.1109/TITS.2023.3275077). Unfortunately, our analysis reveals that Zhu et al.’s scheme is incapable of withstanding coalition attacks from malicious RSUs and vehicles as well as public-key replacement attacks from dishonest vehicles. To facilitate secure communication in VANETs, we present a security-enhanced, pairing-free and energy-efficient CLAS-based authentication scheme with CPP for VANETs. This scheme has been rigorously proven to be secure against Type I, Type II and Type III attackers. Distinguished from other comparable schemes, our construction significantly reduces communication overhead and energy consumption while simultaneously fortifying security.

engineering, electrical & electronic,transportation science & technology, civil

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic