T-ATMChain:Blockchain-Based Identity Authentication for Air Traffic Management

The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.

Utilizing Certificateless Cryptography for IoT Device Identity Authentication Protocols in Web3

Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.

Design and Implementation of USB Key System Based on Dual-Factor Identity Authentication Protocol

With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.

An efficient deterministic secure quantum communication scheme based on cluster states and identity authentication

A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 （2006） 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator＇s attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.

Economical multiparty simultaneous quantum identity authentication based on Greenberger-Horne-Zeilinger states

A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger （GHZ） states is proposed. The multi-user can be authenticated by a trusted third party （TTP） simultaneously. Compared with the scheme proposed recently （Wang et al 2006 Chin. Phys. Lett. 23（9） 2360）, the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.

A Provably Secure Identity-based Authentication Multiple Key Agreement Protocol

An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.

Sequence Patterns of Identity Authentication Protocols

From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases： with or without the trusted third party （TFP）. Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.

Controlled mutual quantum entity authentication using entanglement swapping

In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger（GHZ）-like states. Unlike existing unidirectional quantum entity authentication, our protocol enables mutual quantum entity authentication utilizing entanglement swapping; moreover, it allows the managing trusted center（TC） or trusted third party（TTP） to effectively control the certification of two users using the nature of the GHZ-like state. We will also analyze the security of the protocol and quantum channel.

Lightweight Mutual Authentication Scheme for Protecting Identity in Insecure Environment

Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.

Fine-Grained and Fair Identity Authentication Scheme for Mobile Networks Based on Blockchain

With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.

Ubiquitous Computing Identity Authentication Mechanism Based on D-S Evidence Theory and Extended SPKI/SDSI

Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.

Identity-based authentication protocol for grid

Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol （SAP）. The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid （IBAG） and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.

Privacy Preservation of Smart Meters Based on Identity Authentication

Smart meters provide a lot of convenience for both power supply and consumption. Due to the frequent transmission of information, it brings great challenges to the privacy preservation of the user’s household power consumption data in the smart grid. In order to achieve the anonymity of smart meters. A smart meter privacy preservation scheme based on identity authentication is proposed. The third-party certification authority is introduced in this scheme;it issues pseudonym certificates to realize the identity privacy preservation of smart meters. The masking technology with the Advanced Encryption Standard algorithm is used for data aggregation. The results show that our scheme reduces the computational cost and the communication overhead.

An Identity-Based Secure and Optimal Authentication Scheme for the Cloud Computing Environment

Security is a critical issue in cloud computing(CC)because attackers can fabricate data by creating,copying,or deleting data with no user authorization.Most of the existing techniques make use of password-based authentication for encrypting data.Password-based schemes suffer from several issues and can be easily compromised.This paper presents a new concept of hybrid metaheuristic optimization as an identity-based secure and optimal authentication(HMO-ISOA)scheme for CC environments.The HMOISOA technique makes use of iris and fingerprint biometrics.Initially,the HMO-ISOA technique involves a directional local ternary quantized extrema pattern–based feature extraction process to extract features from the iris and fingerprint.Next,the features are fed into the hybrid social spider using the dragon fly algorithm to determine the optimal solution.This optimal solution acts as a key for an advanced encryption standard to encrypt and decrypt the data.A central benefit of determining the optimal value in this way is that the intruder cannot determine this value.The attacker also cannot work out which specific part of the fingerprint and iris feature values are acted upon as a key for the AES technique.Finally,the encrypted data can be saved in the cloud using a cloud simulator.Experimental analysis was performed on five fingerprint and iris images for a man-in-the-middle attack.The simulation outcome validated that the presented HMO-ISOA model achieved better results compared with other existing methods.

Identity-Based Edge Computing Anonymous Authentication Protocol

With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.

Identity Authentication Based on Two-Beam Interference

A two-factor identity authentication method on the basis of two-beam interference was presented. While verifying a user’s identity, a specific “phase key” as well as a corresponding “phase lock” are both mandatory required for a successful authentication. Note that this scheme can not only check the legality of the users, but also verify their identity levels so as to grant them hierarchical access permissions to various resources of the protected systems or organizations. The authentication process is straightforward and could be implemented by a hybrid optic-electrical system. However, the system designing procedure involves an iterative Modified Phase Retrieval Algorithm (MPRA) and can only be achieved by digital means. Theoretical analysis and simulations both validate the effectiveness of our method.

Application of a Dynamic Identity Authentication Model Based on an Improved Keystroke Rhythm Algorithm

Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.

Cryptanalysis of Two Dynamic Identity Based Authentication Schemes for Multi-Server Architecture

Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.＇s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user＇s anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.＇s scheme shows that Lee et al＇s protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.＇s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.＇s improved protocol is susceptible to collusion attack.

Dynamic Identity Based Authentication Protocol for Two-Server Architecture

Most of the password based authentication protocols make use of the single authentication server for user's authentication. User's verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any significant authentication information related to the legitimate users. In 2009, Liao and Wang proposed a dynamic identity based remote user authentication protocol for multi-server environment. However, we found that Liao and Wang's protocol is susceptible to malicious server attack and malicious user attack. This paper presents a novel dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned flaws, while keeping the merits of Liao and Wang's protocol. It uses two-server paradigm by imposing different levels of trust upon the two servers and the user's verifier information is distributed between these two servers known as the service provider server and the control server. The proposed protocol is practical and computational efficient because only nonce, one-way hash function and XOR operations are used in its implementation. It provides a secure method to change the user's password without the server's help. In e-commerce, the number of servers providing the services to the user is usually more than one and hence secure authentication protocols for multi-server environment are required.

Identity Authentication Based on Sensors of Smartphone and Neural Networks

The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to illegal users who cannot access legal users’ privacy information. This paper studies identity authentication using user action. This scheme does not rely on the password or biometric identification. It checks user identity just by user action features. We utilize sensors installed in smartphones and collect their data when the user waves the phone. We collect these data, process them and feed them into neural networks to realize identity recognition. We invited 13 participants and collected about 350 samples for each person. The sampling frequency is set at 200 Hz, and DenseNet is chosen as the neural network to validate system performance. The result shows that the neural network can effectively recognize user identity and achieve an authentication accuracy of 96.69 percent.