Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a s...Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.展开更多
Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here...Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.展开更多
This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid me...This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.展开更多
To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication sch...To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.展开更多
This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder genera...This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.展开更多
According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the stan...According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.展开更多
A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC o...A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.展开更多
The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic cu...The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic curve cryptosystem to design a source authentication scheme for real-time applications. The proposed scheme uses the message recovery signature to reduce the computation cost. Thus, the proposed source authentication scheme is more suitable for real-time applications, such as online meeting, online movie, and online music.展开更多
The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solut...The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic.Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks,which might entice adversaries and endanger the system with a wide range of security attacks.To ensure the security of such a sensitive network,we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm.Using timestamp and challenge-responsemechanisms,the proposed authentication model can withstand several security attacks such asMan-in-Middle(MiM)attacks,Distributed Denial of Service(DDoS)attacks,server spoofing attacks and more.The proposed method also provides a solution for single-point failure,forward secrecy,revocability,etc.We exhibit the security of our proposed model by using formal(mathematical)analysis and informal analysis.We used Random Oracle Model to perform themathematical analysis.In addition,we compared the communication cost,computation cost,and security of the proposed model with the related existing studies.We have verified the security of the model by using AVISPA tool simulation.The security analysis and computation analysis show that the proposed protocol is viable.展开更多
Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesd...Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesdropper,who will be able to destroy the authentication function.Afterwards,he or she can acquire the secret transmitted message or even modify it while escaping detection,by implementing an efficient man-in-the-middle attack.Furthermore,we show a simple scheme to defend this attack,that is,applying non-reusable identity strings.展开更多
The study on design and implementation of end to end encrypted Short Message Service (SMS) using hybrid cipher algorithm is motivated by high rate of insecurity of data observed during Short Message Service (SMS) on M...The study on design and implementation of end to end encrypted Short Message Service (SMS) using hybrid cipher algorithm is motivated by high rate of insecurity of data observed during Short Message Service (SMS) on Mobile devices. SMS messages are one of the popular ways of communication. The aim therefore is to design a software for end to end encryption short message service (SMS) that can conceal message while on transit to another mobile device using Hybrid Cipher Algorithm on Android Operating System and implement it for security of mobile SMS. Hybrid encryption incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption. Various encryption algorithms have been discussed. Secondary sources were employed in gathering useful data. In this research work three methodologies are employed—Structured System Analysis Design Methodology (SSADM), Object Oriented Analysis Design Methodology (OOADM) and prototyping. With the help of the three cryptographic algorithms employed—Message digest 5 (MD5), Blowfish and Rivest-Shamir Adleman (RSA);integrity, confidentiality, authentication and security of messages were achieved. The messages encrypted by developed application are also resistant to brute force attack. The implementing programs were coded in Java.展开更多
Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challe...Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.展开更多
Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),a...Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.展开更多
A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health infor...A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.展开更多
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)the joint funds of National Natural Science Foundation of China and Civil Aviation Administration of China(No.U2133203).
文摘Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.
基金supported in part by the Joint Foundation of National Natural Science Committee of China and Civil Aviation Administration of China under Grant U1933108in part by the Scientific Research Project of Tianjin Municipal Education Commission under Grant 2019KJ117.
文摘Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.
基金supported by the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No 200800131016)+5 种基金Beijing Nova Program (Grant No2008B51)Key Project of the Chinese Ministry of Education (Grant No 109014)the Natural Science Foundation of Beijing (Grant No 4072020)the National Laboratory for Modern Communications Science Foundation of China (Grant No 9140C1101010601)the Natural Science Foundation of Education Bureau of Henan Province (Grant No 2008B120005)the Youth Foundation of Luoyang Normal University
文摘This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.
基金Project supported by NSFC(Grant Nos.U1836205,61702040)the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)+2 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(Grant No.2018BDKFJJ016)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)Beijing Natural Science Foundation(Grant No.4174089).
文摘To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.
文摘This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.
基金This work was supported by the Mobile Police Project of China(No.J1GAB23W013)National High Technology Research and Development Program of China(863 Program,No.2007AA01Z479).
文摘According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.
基金Supported bythe National Natural Science Foundationof China (60175001)
文摘A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.
文摘The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic curve cryptosystem to design a source authentication scheme for real-time applications. The proposed scheme uses the message recovery signature to reduce the computation cost. Thus, the proposed source authentication scheme is more suitable for real-time applications, such as online meeting, online movie, and online music.
基金This work was supported by the Ministry of Science and Technology of Taiwan,R.O.C.,under Grant MOST 110-2622-E-468-002 and 110-2218-E-468-001-MBK.
文摘The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic.Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks,which might entice adversaries and endanger the system with a wide range of security attacks.To ensure the security of such a sensitive network,we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm.Using timestamp and challenge-responsemechanisms,the proposed authentication model can withstand several security attacks such asMan-in-Middle(MiM)attacks,Distributed Denial of Service(DDoS)attacks,server spoofing attacks and more.The proposed method also provides a solution for single-point failure,forward secrecy,revocability,etc.We exhibit the security of our proposed model by using formal(mathematical)analysis and informal analysis.We used Random Oracle Model to perform themathematical analysis.In addition,we compared the communication cost,computation cost,and security of the proposed model with the related existing studies.We have verified the security of the model by using AVISPA tool simulation.The security analysis and computation analysis show that the proposed protocol is viable.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61272057 and 61170270)
文摘Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesdropper,who will be able to destroy the authentication function.Afterwards,he or she can acquire the secret transmitted message or even modify it while escaping detection,by implementing an efficient man-in-the-middle attack.Furthermore,we show a simple scheme to defend this attack,that is,applying non-reusable identity strings.
文摘The study on design and implementation of end to end encrypted Short Message Service (SMS) using hybrid cipher algorithm is motivated by high rate of insecurity of data observed during Short Message Service (SMS) on Mobile devices. SMS messages are one of the popular ways of communication. The aim therefore is to design a software for end to end encryption short message service (SMS) that can conceal message while on transit to another mobile device using Hybrid Cipher Algorithm on Android Operating System and implement it for security of mobile SMS. Hybrid encryption incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption. Various encryption algorithms have been discussed. Secondary sources were employed in gathering useful data. In this research work three methodologies are employed—Structured System Analysis Design Methodology (SSADM), Object Oriented Analysis Design Methodology (OOADM) and prototyping. With the help of the three cryptographic algorithms employed—Message digest 5 (MD5), Blowfish and Rivest-Shamir Adleman (RSA);integrity, confidentiality, authentication and security of messages were achieved. The messages encrypted by developed application are also resistant to brute force attack. The implementing programs were coded in Java.
基金supported by the Researchers Supporting Project(No.RSP-2021/395)King Saud University,Riyadh,Saudi Arabia.
文摘Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.
文摘星基增强系统(Satellite Based Augmentation System,SBAS)的电文格式公开,为防止SBAS服务遭受生成式欺骗攻击,国际民航组织积极推进SBAS认证服务标准的制定.本文面向北斗星基增强系统(BeiDou SatelliteBased Augmentation System,BDSBAS)阐述了基于中国商用密码算法的椭圆曲线数字签名(Elliptic Curve Digital Signature Algorithm,ECDSA)电文认证方案与时间效应流丢失容错(Time Efficient Stream Loss-tolerant Authentication,TESLA)电文认证方案,设计了BDSBAS认证电文,依据空中密钥管理OTAR(Over The Air Rekeying)的策略制定了OTAR电文(OTAR Message Type,OMT)与播发方案.通过蒙特卡洛OTAR仿真器开展仿真,对不同OTAR电文接收时间进行分析,本文设计的方案与国外方案对比结果有明显的提升,有效的减少了接收机完成认证使用SBAS增强服务的时间,对BDSBAS电文认证服务提供一定参考与建议.
文摘Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.
基金supported by the National Foundation of Netherlands with SenterNovem for the ALwEN project under Grant No.PNE07007the National Natural Science Foundation of China under Grant Nos.61100201,U1135004,and 61170080+3 种基金the Universities and Colleges Pearl River Scholar Funded Scheme of Guangdong Province of China(2011)the High-Level Talents Project of Guangdong Institutions of Higher Education of China(2012)the Project on the Integration of Industry,Education and Research of Guangdong Province of China under Grant No.2012B091000035the Project of Science and Technology New Star of Guangzhou Pearl River of China(2014)
文摘A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.
