Pengbo Xu,Huici Wu,Xiaofeng Tao,Chenyu Wang,Dajiang Chen,Guoshun Nan

DOI: https://doi.org/10.1109/jiot.2024.3353807

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is one of the most representative application scenarios in the 5G and 6G era. The concurrent access of massive IoT devices definitely poses enormous communication, computation, and certificate management challenges to the wireless authentication. Moreover, the emergence of quantum computing makes classical cryptography-based authentication protocols, such as 5G-AKA, more easier to be broken. Facing the challenges posed by the massive concurrent authentication and quantum attacks, this paper proposes a lattice cryptography based group authentication scheme, where lattice-based aggregate signature algorithm and identity-based encryption (IBE) are leveraged to achieve simultaneous authentication of concurrent accessed devices. The proposed authentication scheme eliminates the process of public key certificate management, greatly reducing the storage overhead of core network. Moreover, the utilization of lattice cryptography enables the resistance of quantum attacks. The proposed solution does not rely on additional security assumptions such as security channel or trusted group center, making it more flexible to be deployed in actual network scenario. Finally, formal security analysis of the proposed protocol is provided with the tool ProVerif. It is demonstrated that the proposed protocol can satisfy the goals of identity privacy, authentication, data confidentiality and forward secrecy. In addition, compared with existing advanced solutions, the outperformance of the proposed scheme in terms of computation overhead, signaling overhead, communication overhead, and security properties is validated with simulations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Hongfei Zhu,Yu-an Tan,Liehuang Zhu,Xianmin Wang,Quanxin Zhang,Yuanzhang Li

DOI: https://doi.org/10.3390/s18051663

IF: 3.9

2018-01-01

Sensors

Abstract:With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people's lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size.

Yonghao Zhu,Dongfen Li,Yangyang Jiang,Xiaoyu Hua,You Fu,Jie Zhou,Yuqiao Tan,Xiaolong Yang

DOI: https://doi.org/10.3390/sym16121589

2024-11-29

Symmetry

Abstract:Quantum communication holds great potential for enhancing the security and efficiency of the Internet of Things (IoT). However, existing schemes often overlook device identity authentication, leaving systems vulnerable to unauthorized access, and rely on third-party controllers, which increase complexity and undermine trust. This paper proposes a novel asymmetric bidirectional quantum communication scheme tailored for IoT, integrating device identity authentication and information transmission without requiring third-party controllers. We provide a detailed description of the scheme's application scenarios in IoT, conduct a security analysis of the identity authentication module, and experimentally validate the feasibility of the information transmission module. Additionally, we analyze the impact of quantum noise on the proposed scheme and compare it with existing approaches, highlighting its advantages in terms of resource consumption and efficiency.

multidisciplinary sciences

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bai Liu,Xiangyi Zhang,Runhua Shi,Mingwu Zhang,Guoxing Zhang

DOI: https://doi.org/10.3390/math10122120

IF: 2.4

2022-01-01

Mathematics

Abstract:The rapid development of the Internet of Things (IoT), big data and artificial intelligence (AI) technology has brought extensive IoT services to entities. However, most IoT services carry the risk of leaking privacy. Privacy-preserving set intersection in IoT is used for a wide range of basic services, and its privacy protection issues have received widespread attention. The traditional candidate protocols to solve the privacy-preserving set intersection are classical encryption protocols based on computational difficulty. With the emergence of quantum computing, some advanced quantum algorithms may undermine the security and reliability of traditional protocols. Therefore, it is important to design more secure privacy-preserving set intersection protocols. In addition, identity information is also very important compared to data security. To this end, we propose a quantum privacy-preserving set intersection protocol for IoT scenarios, which has higher security and linear communication efficiency. This protocol can protect identity anonymity while protecting private data.

Renjie Jin,Longjiang Qu,Rongmao Chen,Zhichao Yang,Yi Wang

DOI: https://doi.org/10.1016/j.ins.2023.120083

IF: 8.1

2024-01-05

Information Sciences

Abstract:The Internet of Things (IoT) is gaining popularity as it can effectively connect the real world with the Internet. However, security and privacy issues are widely considered the major obstructions to its widespread adoption. Hence, various cryptographic tools (e.g., encryption and signature schemes) have been proposed to build secure and authenticated channels for data communication in IoT. In this work, we investigate the well-known encryption scheme called identity-based encryption (IBE) for IoT-oriented applications. In particular, we are mainly interested in forward-secure IBE (fs-IBE) which could still protect the data transferred in the past when the current secret key stored in the IoT device is stolen. To this end, we propose an fs-IBE scheme which, as far as we know, is the first construction of fs-IBE that can resist quantum attacks. Our scheme is based on the lattice-based hardness assumption namely Learning with Error (LWE), which is widely adopted for designing other quantum-resistant cryptographic schemes. At the core of our design is the minimal cover mechanism in the context of binary tree and we rigorously prove the security of our scheme in the forward-secure, selective ID, chosen-plaintext attack (CPA) model. Besides the post-quantum security, our scheme enjoys comparatively compact ciphertext and secret key, and thus it is suitable for bandwidth-limited IoT communication.

computer science, information systems

Ze Yang,Qin Shi,Teng Cheng,Xunji Wang,Rutong Zhang,Lin Yu

DOI: https://doi.org/10.1016/j.vehcom.2024.100789

IF: 6.7

2024-01-01

Vehicular Communications

Abstract:The Internet of vehicles (IoV) is an essential part of modern intelligent transportation systems (ITS). In the ITS, intelligent connected vehicle can access a variety of latency-sensitive cloud services through the vulnerable wireless communication channel, which could lead to security and privacy issues. To prevent access by malicious nodes, a large number of authentication schemes have been proposed. However, with the diversification of cloud services and the rapid development of quantum computing, there are many drawbacks remain, including timeliness of authentication and resisting quantum computing. In light of this, we propose a lattice-based secure and efficient multi-cloud authentication and key agreement scheme for quantum key distribution (QKD) enabled IoV. Its features are as follows: i) Security-enhanced and Efficient Authentication: We combine the lattice-based lightweight signatures and quantum authentication keys to guarantee security-enhanced authentication. Meanwhile, we propose the quantum security service cloud (QSC) to manage the authentication of all vehicles and cloud server providers (CSPs) to reduce the authentication rounds and improve efficiency. ii) Extended Quantum Key Distribution (eQKD): In wireless networks, quantum key agreement is achieved through the pre-filled quantum keys. In wired networks, quantum key is accomplished by QKD with Bennett-Brassard 1984 (BB84) protocol. Furthermore, formal and informal security demonstrates that the scheme could resist potential security attacks. The performance comparison illustrates that our scheme could decrease the computational overhead by 27.23%-81.78% and authentication rounds by 81.34%-93.10%.

Run Xie,Chanlian He,Chunxiang Xu,Chongzhi Gao

DOI: https://doi.org/10.1007/s12243-019-00705-x

2019-01-01

Annals of Telecommunications

Abstract:Anonymous authentication is one of the most critical tools for the privacy protection in Internet-of-Things (IoT). The primitive of group signature has been widely applied to achieving anonymous authentication. Any mobile device is able to prove its privilege of the access control to a remote server which is an authenticated device with valid attestation. However, the traditional group signature schemes cannot support dynamic authentication efficiently. Furthermore, they are insecure against quantum attack. To tackle the abovementioned challenges, a new lattice-based dynamic group signature scheme is proposed. The new scheme allows any user to dynamically join the group while achieving efficient revocation. Furthermore, it is shown that the new scheme can achieve the security of non-frameability. The security of non-frameability guarantees that any user’s signature can not be forged by other users in the system. In addition, the scheme based on the hardness of lattice problem in the random oracle model is provably secure. The efficiency analysis demonstrates that the scheme is effective in practice.

Shanshan Wang,Guofeng Zhao,Chuan Xu,Zhenzhen Han,Shui Yu

DOI: https://doi.org/10.1007/s11227-024-06687-5

IF: 3.3

2024-12-05

The Journal of Supercomputing

Abstract:The satellite networks are the development of the 6th Generation mobile network (6 G). Compared to terrestrial networks, these networks are particularly susceptible to network attacks such as man-in-the-middle and replay attacks during communication. Node identity verification plays a crucial role in preventing malicious attacks. The security of current access authentication schemes relies on the discrete logarithm and prime factorization problems. However, the advent of quantum computers has the capability to solve these problems in polynomial time, necessitating the exploration of post-quantum security authentication schemes. Additionally, due to limited satellite resources and the long distance between the satellite and the ground, an authentication scheme with low cost and short interaction time needed to be adopted. To this end, a lightweight post-quantum access authentication scheme based on lattice for satellite networks is proposed. In the registration phase, a lattice hash function based on the approximate shortest vector problem (SVP) is employed to maintain the confidentiality of the user's identity, thereby reducing the registration computation time. In the authentication phase, a low-dimensional modular multiplication and modular addition mutual authentication algorithm is designed based on the bonsai tree algorithm. This design reduces the algorithm's complexity from a quadratic level to a linear level, further decreasing both the communication costs during the authentication process and the computational costs on the satellite. The theoretical proof and performance analysis demonstrate that the scheme is resistant to quantum computing attacks and reduces authentication time by at least 150 compared to lattice-based authentication schemes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Quanrun Li,Chingfang Hsu,Debiao He,Kim-Kwang Raymond Choo,Peng Gong

DOI: https://doi.org/10.1155/2020/7528571

IF: 1.43

2020-01-01

Mathematical Problems in Engineering

Abstract:With the rapid development of quantum computing and quantum information technology, the universal quantum computer will emerge in the near decades with a very high probability and it could break most of the current public key cryptosystems totally. Due to the ability of withstanding the universal quantum computer’s attack, the lattice-based cryptosystems have received lots of attention from both industry and academia. In this paper, we propose an identity-based blind signature scheme using lattice. We also prove that the proposed scheme is provably secure in the random oracle model. The performance analysis shows that the proposed scheme has less mean value of sampling times and smaller signature size than previous schemes. Thus, the proposed scheme is more suitable for practical applications.

Alawi A Al-Saggaf,Tarek Sheltami,Hoda Alkhzaimi,Gamil Ahmed

DOI: https://doi.org/10.1007/s13369-022-07235-0

Abstract:The healthcare ecosystem is migrating from legacy systems to the Internet of Things (IoT), resulting in a digital environment. This transformation has increased importance on demanding both secure and usable user authentication methods. Recently, a post-quantum fuzzy commitment scheme (PQFC) has been constructed as a reliable and efficient method of biometric template protection. This paper presents a new two-factor-based user authentication protocol for the IoT-enabled healthcare ecosystem in post-quantum computing environments using the PQFC scheme. The proposed protocol is proved to be secure using random oracle model. Furthermore, the functionality and security of the proposed protocol are analyzed, showing that memoryless-effortless, user anonymity, mutual authentication, and resistance to biometric templates tampering and stolen attacks, stolen smart card attack, privileged interior attack are fulfilled. The costs of storage requirement, computation, communication and storage are estimated. The results demonstrate that the proposed protocol is more efficient than Mukherjee et al., Chaudhary et al., and Gupta et al. protocols.

Attila A. Yavuz,Saleh Darzi,Saif E. Nouma

2024-05-10

Abstract:The Medical Internet of Things (MIoT) harbors resource-limited medical embedded devices that collect security-sensitive data from users for analysis, monitoring, and diagnosis. Digital signatures play a foundational role in ensuring the authentication and integrity of this sensitive medical information, critical for the trustworthiness of MIoT applications. However, traditional signatures used in current IoT systems may lack the necessary long-term security and are vulnerable to emerging quantum computer threats. NISt's PQC standards impose heavy overhead unsuitable for battery-limited MIoT devices. Efforts to design more computationally efficient PQ signatures have faced challenges, either introducing significant memory overhead and potential vulnerabilities or relying on strong assumptions. Hence, this paper introduces INFinity-HORS (INF-HORS), a lightweight PQ digital signature. To the best of our knowledge, INF-HORS is the first signer-optimal hash-based signature offering polynomial unbounded signing capabilities under minimal architectural assumptions. Unlike other PQ signatures, INF-HORS does not require hyper-tree structures or incur the high memory usage seen in multivariate counterparts. Our performance analysis confirms that INF-HORS is significantly more computationally efficient than NIST PQC standards like Dilithium and SPHINCS+. We prove INF-HORS's security in the random oracle model and show through experiments that it achieves 20x faster signature generation and smaller signature and private key sizes compared to BLISS-I on an 8-bit ATxmega128A1 microcontroller. INF-HORS does not rely on non-colluding verification servers, secure enclaves, or trusted verification assisting entities, minimizing security risks and making it ideal for MIoT with minimal cryptographic overhead and strong security assumptions.

Cryptography and Security

Min Wang,Gui-Lu Long

DOI: https://doi.org/10.1007/s11432-024-4177-5

2024-11-10

Science China Information Sciences

Abstract:Access authentication scheme plays a foundational role in ensuring the security of communication networks. However, an access authentication scheme with high security and efficiency is still lacking in quantum communication networks. In this paper, we propose a lattice-based access authentication scheme for quantum communication networks in the manner of real-time interaction with the network control center, which could achieve properties of mutual authentication, conditional anonymity, data confidentiality, unforgeability, undeniability, and data integrity. We utilize the digital signature algorithm CRYSTALS-Dilithium and the key-establishment algorithm CRYSTALS-KYBER, both of which have been selected for standardization by the National Institute of Standards and Technology, to realize secure access authentication for users of the quantum communication networks. Specifically, in the quantum secure direct communication network, key-establishment is replaced by the verification of signatures encoded in quantum states. Our results demonstrate the feasibility of establishing a quantum-secure communication network.

computer science, information systems,engineering, electrical & electronic

Tao Liu,Gowri Ramachandran,Raja Jurdak

2024-01-31

Abstract:Due to recent development in quantum computing, the invention of a large quantum computer is no longer a distant future. Quantum computing severely threatens modern cryptography, as the hard mathematical problems beneath classic public-key cryptosystems can be solved easily by a sufficiently large quantum computer. As such, researchers have proposed PQC based on problems that even quantum computers cannot efficiently solve. Generally, post-quantum encryption and signatures can be hard to compute. This could potentially be a problem for IoT, which usually consist lightweight devices with limited computational power. In this paper, we survey existing literature on the performance for PQC in resource-constrained devices to understand the severeness of this problem. We also review recent proposals to optimize PQC algorithms for resource-constrained devices. Overall, we find that whilst PQC may be feasible for reasonably lightweight IoT, proposals for their optimization seem to lack standardization. As such, we suggest future research to seek coordination, in order to ensure an efficient and safe migration toward IoT for the post-quantum era.

Cryptography and Security

Rui Xu,Chi Cheng,Yue Qin,Tao Jiang

2018-01-01

Abstract:The Ukraine power grid cyberattacks remind us that the smart Internet of Things (IoT) can help us control our light-bulbs, but if under attacks it might also take us into darkness. Nowadays, many literatures have tried to address the concerns on IoT security, but few of them take into consideration the sever threats to IoT coming from the advances of quantum computing. As a promising candidate for the future post-quantum cryptography standard, lattice-based cryptography enjoys the advantages of strong security guarantees and high efficiency, which make it extremely suitable for IoT applications. In this paper, we summarize the advantages of lattice-based cryptography and the state of art of their implementations for IoT devices.

Xiao Zhang,Faguo Wu,Wang Yao,Wenhua Wang,Zhiming Zheng

DOI: https://doi.org/10.32604/cmc.2020.08008

2020-01-01

Abstract:Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Jie Cai,Han Jiang,Qiuliang Xu,Guangshi Lv,Minghao Zhao,Hao Wang

DOI: https://doi.org/10.1007/978-3-030-02744-5_10

2018-01-01

Abstract:In recent years, IoT devices have been widely used in the newly-emerging technologized such as crowd-censoring and smart city. Authentication among each IoT node plays a central role in secure communications. Generally, zero-knowledge identification scheme enables one party to authenticate himself without disclosing any additional information. However, a zero-knowledge based protocol normally involves heavily computational or interactive overhead, which is unaffordable for lightweight IoT devices. In this paper, we propose a modified zero-knowledge identification scheme based on that of Silva, Cayrel and Lindner (SCL, for short). The security of our scheme relies on the existence of a commitment scheme and on the hardness of ISIS problem (i.e., a hardness assumption that can be reduced to worst-case lattice problems). We present the detail construction and security proof in this paper.

Yu-Jen Chen,Chien-Lung Hsu,Tzu-Wei Lin,Jung-San Lee

DOI: https://doi.org/10.3390/electronics13081575

IF: 2.9

2024-04-21

Electronics

Abstract:With the rapid development of Internet of Things (IoT) technology, the number of IoT users is growing year after year. IoT will become a part of our daily lives, so it is likely that the security of these devices will be an important issue in the future. Quantum computing is maturing, and the security threat associated with quantum computing will be faced in the transmissions of IoT devices, which mainly use wireless communication technologies. Therefore, to ensure the protection of transmitted data, a cryptographic algorithm that is efficient in defeating quantum computer attacks needs to be developed. In this paper, we propose a device authentication and secure communication system with post-quantum cryptography (PQC) for AIoT environments using the NTRU and Falcon signature mechanism, which can resist quantum computer attacks and be used in AIoT environments to effectively protect the confidentiality, integrity, and non-repudiation of transmitted data. We also used Raspberry Pi to simulate AIoT devices for implementation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Md. Jakir Hossain,Chunxiang Xu

DOI: https://doi.org/10.1109/ICCCS52626.2021.9449136

2021-01-01

Abstract:With the rapid development of the computing paradigm, cloud computing becomes the most notable one that offers convenient and on-demand services from a shared pool of configurable computing resources. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. In the near future, existing conventional hardness-based authentication schemes will be confronted with quantum attackers. Lattice-based authentication scheme resolves this tension. Albeit, existing lattice-based schemes, users and cloud servers are always worried about the communication privacy against misbehaved private key generator referred to as mPKG since PKG potentially has the power to generate the secret key for any given identity. In this paper, we proposed a secure authentication scheme for cloud storage that thwarts the misbehaved PKG. We integrate the identity-based encryption (IBE) scheme with the lattice-based signature, which is the variant of existing IBE-based authentication schemes and post-quantum secure. Additionally, we integrate identity certifying authority (ICA) with PKG to ensure security against misbehaved PKG. Our comprehensive security proof demonstrates that the proposed scheme provides stronger security guarantees against misbehaved PKG and ICA.