In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure ...During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.展开更多
Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment ar...Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.展开更多
Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (C...Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.展开更多
Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Probl...Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.展开更多
The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a ...The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.展开更多
In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are describ...In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.展开更多
Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor f...Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secu...Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.展开更多
The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to requi...The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy--perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder genera...This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.展开更多
The Internet of Medical Things(IoMT)is a collection of smart healthcare devices,hardware infrastructure,and related software applications,that facilitate the connection of healthcare information technology system via ...The Internet of Medical Things(IoMT)is a collection of smart healthcare devices,hardware infrastructure,and related software applications,that facilitate the connection of healthcare information technology system via the Internet.It is also called IoT in healthcare,facilitating secure communication of remote healthcare devices over the Internet for quick and flexible analysis of healthcare data.In other words,IoMT is an amalgam of medical devices and applications,which improves overall healthcare outcomes.However,this system is prone to securityand privacy-related attacks on healthcare data.Therefore,providing a robust security mechanism to prevent the attacks and vulnerability of IoMT is essential.To mitigate this,we proposed a new Artificial-Intelligence envisioned secure communication scheme for IoMT.The discussed network and threat models provide details of the associated network arrangement of the IoMT devices and attacks relevant to IoMT.Furthermore,we provide the security analysis of the proposed scheme to show its security against different possible attacks.Moreover,a comparative study of the proposed scheme with other similar schemes is presented.Our results show that the proposed scheme outperforms other similar schemes in terms of communication and computation costs,and security and functionality attributes.Finally,we provide a pragmatic study of the proposed scheme to observe its impact on various network performance parameters.展开更多
Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. Thi...Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham's protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user's secret key and it is very beneficial to today's communication with portable devices.展开更多
McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI att...McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI attack). In this paper, we give a formal treatment of key compromise impersonation (KCI) attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption.展开更多
A mutual authentication and key establishment protocol proposed by Aydos et al, for wireless communication based on elliptic curve cryptography can provide authentication between the user and server and they agreement...A mutual authentication and key establishment protocol proposed by Aydos et al, for wireless communication based on elliptic curve cryptography can provide authentication between the user and server and they agreement a session key in the end of it. Unfortunately, Mangipudi pointed out Aydos' scheme was incurred the man-in-middle attack denial-of-service attack and impersonation based on man-in-middle attack. Then he proposed an improved scheme m overcome the above weakness. However, there is an attack which can forge the message required in the protocol and impersonation a valid user to the server.展开更多
The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these ...The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these features and applications have many problems and issues in terms of security,which has become a great challenge in the telecommunication industry.This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity,which randomly changes and does not use the permanent identity between the user equipment and home network.Through this mechanism,the user identity privacy would be secured and hidden.Moreover,it improves the synchronization between mobile users and home networks.Additionally,its compliance with the Authentication and Key Agreement(AKA)structure was adopted in the previous generations.It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector’s message size.Moreover,the addition of any hardware to the AKA carries minor adjustments on the network parties.In this paper,the ProVerif is used to verify the proposed scheme.展开更多
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
文摘During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.
基金This work is supported by the Sichuan education department research project(No.16226483)Sichuan Science and Technology Program(No.2018GZDZX0008)+1 种基金Chengdu Science and Technology Program(No.2018-YF08-00007-GX)the National Natural Science Foundation of China(No.61872087).
文摘Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.
基金Supported by the National Natural Science Founda-tion of China (60225007, 60572155) and the Science and Technology Research Project of Shanghai (04DZ07067)
文摘Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.
基金Supported by "973" Program of China (No.G1999035805), "863" Program of China(No.2002AA143041), and RGC Project (No.HKU/7144/03E) of the Hong Kong SpecialAdministrative Region, China.
文摘Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.
基金The authors extend their gratitude to the Deanship of Scientific Research at King Khalid University for funding this work through the research group program under grant number R.G.P.1/72/42The work of Agbotiname Lucky Imoize is supported by the Nigerian Petroleum Technology Development Fund(PTDF)and the German Academic Exchange Service(DAAD)through the Nigerian-German Postgraduate Program under grant 57473408.
文摘The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.
基金Supported by the National Natural Science Foundation of China (No.60203004) Post-doctor Foundation of China (No.2003033155).
文摘In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.
文摘Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
文摘Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.
基金Supported in part by the National High-Tech Research & Development Program of China (Grant No. 2006AA01Z424)the National NaturalScience Foundation of China (Grant Nos. 60673079, 60773086)the National Basic Research Program of China (Grant No. 2007CB311201)
文摘The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy--perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
文摘This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.
基金The authors would like to thank the reviewers and the Associate Editor for their valuable suggestions that helped in improving the quality,readability and presentation of the paper.This work was supported by FCT/MCTES through national funds and when applicable co-funded EU funds under the Project UIDB/50008/2020by the Brazilian National Council for Research and Development(CNPq)via Grants No.431726/2018-3 and 313036/2020-9.
文摘The Internet of Medical Things(IoMT)is a collection of smart healthcare devices,hardware infrastructure,and related software applications,that facilitate the connection of healthcare information technology system via the Internet.It is also called IoT in healthcare,facilitating secure communication of remote healthcare devices over the Internet for quick and flexible analysis of healthcare data.In other words,IoMT is an amalgam of medical devices and applications,which improves overall healthcare outcomes.However,this system is prone to securityand privacy-related attacks on healthcare data.Therefore,providing a robust security mechanism to prevent the attacks and vulnerability of IoMT is essential.To mitigate this,we proposed a new Artificial-Intelligence envisioned secure communication scheme for IoMT.The discussed network and threat models provide details of the associated network arrangement of the IoMT devices and attacks relevant to IoMT.Furthermore,we provide the security analysis of the proposed scheme to show its security against different possible attacks.Moreover,a comparative study of the proposed scheme with other similar schemes is presented.Our results show that the proposed scheme outperforms other similar schemes in terms of communication and computation costs,and security and functionality attributes.Finally,we provide a pragmatic study of the proposed scheme to observe its impact on various network performance parameters.
基金Supported by the National Natural Science Foundation of China (60873233)the Nature Science Foundation of Shaanxi Province, China (2006F19)the Technology Research Program of Xi’an, China (CXY08016)
文摘Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham's protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user's secret key and it is very beneficial to today's communication with portable devices.
基金supported by the National Natural Science Foundation of China(60773003,60603010)the Natural Science Foundation of Shaanxi Province(2006F19)
文摘McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI attack). In this paper, we give a formal treatment of key compromise impersonation (KCI) attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption.
基金Supported by the Natural Science Foundation ofShandong Province (Y2005G09)
文摘A mutual authentication and key establishment protocol proposed by Aydos et al, for wireless communication based on elliptic curve cryptography can provide authentication between the user and server and they agreement a session key in the end of it. Unfortunately, Mangipudi pointed out Aydos' scheme was incurred the man-in-middle attack denial-of-service attack and impersonation based on man-in-middle attack. Then he proposed an improved scheme m overcome the above weakness. However, there is an attack which can forge the message required in the protocol and impersonation a valid user to the server.
基金The Universiti Kebangsaan Malaysia(UKM)Research Grant Scheme GGPM-2020-028 funded this research.
文摘The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these features and applications have many problems and issues in terms of security,which has become a great challenge in the telecommunication industry.This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity,which randomly changes and does not use the permanent identity between the user equipment and home network.Through this mechanism,the user identity privacy would be secured and hidden.Moreover,it improves the synchronization between mobile users and home networks.Additionally,its compliance with the Authentication and Key Agreement(AKA)structure was adopted in the previous generations.It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector’s message size.Moreover,the addition of any hardware to the AKA carries minor adjustments on the network parties.In this paper,the ProVerif is used to verify the proposed scheme.
