An Enhanced Direct Anonymous Attestation Scheme with Mutual Authentication for Network-Connected UAV Communication Systems

In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.

DYNAMIC ID-BASED REMOTE USER MUTUAL AUTHENTICATION SCHEME WITH SMARTCARD USING ELLIPTIC CURVE CRYPTOGRAPHY

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography(ECC), however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.

Mutual Authentication Protocols for RFID Systems

With the availability of low-cost radio frequency identification (RFID) tags,security becomes an increasing concern. However,such tags do not permit complex cryptographic functions due to their computational,communications,and storage limitations. In this paper,we investigate the security issues and requirements of RFID systems,and propose ultra-light weight and light weight protocols for low-cost RFID tags.The proposed protocols has been applied to a supply chain management system.

A novel mutual authentication and key agreement protocol based on NTRU cryptography for wireless communications

In this paper, the authors present a novel mutual authentication and key agreement protocol based on the Number Theory Research Unit (NTRU) public key cryptography. The symmetric encryption, hash and “challenge-response” techniques were adopted to build their protocol. To implement the mutual authentication and session key agreement, the proposed protocol contains two stages: namely initial procedure and real execution stage. Since the lightweight NTRU public key cryptography is employed, their protocol can not only overcome the security flaws of secret-key based authentication protocols such as those used in Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS), but also provide greater security and lower computational complexity in comparison with currently well-known public key based wireless authentication schemes such as Beller-Yacobi and M.Aydos protocols.

Secure and Efficient Mutual Authentication Scheme for NFC Mobile Devices

As the technology of mobile devices spreads fast,the price of mobile devices is getting cheaper.Most of the people have mobile devices,and these devices have the technology of near field communication（NFC）.With the long time development and research,the mobile devices use NFC technology on the payment and authentication applications,and replace the smartcard,the access control card,and the credit card by using the card emulation mode.It helps the development of NFC applications.In recent years,more and more users begin using NFC technology on mobile payment and authentication.Many researches have proposed the related NFC authentication protocols,but their schemes are still lack of some security properties and functions,which are necessary for NFC authentication protocols.In this paper,we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.

RUAP:Random Rearrangement Block Matrix-Based Ultra-Lightweight RFID Authentication Protocol for End-Edge-Cloud Collaborative Environment

Cloud computing provides powerful processing capabilities for large-scale intelligent Internet of things(IoT)terminals.However,the massive realtime data processing requirements challenge the existing cloud computing model.The edge server is closer to the data source.The end-edge-cloud collaboration offloads the cloud computing tasks to the edge environment,which solves the shortcomings of the cloud in resource storage,computing performance,and energy consumption.IoT terminals and sensors have caused security and privacy challenges due to resource constraints and exponential growth.As the key technology of IoT,Radio-Frequency Identification(RFID)authentication protocol tremendously strengthens privacy protection and improves IoT security.However,it inevitably increases system overhead while improving security,which is a major blow to low-cost RFID tags.The existing RFID authentication protocols are difficult to balance overhead and security.This paper designs an ultra-lightweight encryption function and proposes an RFID authentication scheme based on this function for the end-edge-cloud collaborative environment.The BAN logic proof and protocol verification tools AVISPA formally verify the protocol’s security.We use VIVADO to implement the encryption function and tag’s overhead on the FPGA platform.Performance evaluation indicates that the proposed protocol balances low computing costs and high-security requirements.

Efficient Joint Key Authentication Model in E-Healthcare

Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones.These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things(mIoT).mIoT is an important part of the digital transformation of healthcare,because it can introduce new business models and allow efficiency improvements,cost control and improve patient experience.In the mIoT system,when migrating from traditional medical services to electronic medical services,patient protection and privacy are the priorities of each stakeholder.Therefore,it is recommended to use different user authentication and authorization methods to improve security and privacy.In this paper,our prosed model involves a shared identity verification process with different situations in the e-health system.We aim to reduce the strict and formal specification of the joint key authentication model.We use the AVISPA tool to verify through the wellknown HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment.Our model has economic and strategic advantages for healthcare organizations and healthcare workers.The medical staff can increase their knowledge and ability to analyze medical data more easily.Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time.Further,it can help customers prevent chronic diseases with the enhanced cognitive functions support.The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.

A Lightweight Anonymous Device Authentication Scheme for Information-Centric Distribution Feeder Microgrid

Distribution feeder microgrid(DFM)built based on existing distributed feeder(DF),is a promising solution for modern microgrid.DFM contains a large number of heterogeneous devices that generate heavy network traffice and require a low data delivery latency.The information-centric networking(ICN)paradigm has shown a great potential to address the communication requirements of smart grid.However,the integration of advanced information and communication technologies with DFM make it vulnerable to cyber attacks.Adequate authentication of grid devices is essential for preventing unauthorized accesses to the grid network and defending against cyber attacks.In this paper,we propose a new lightweight anonymous device authentication scheme for DFM supported by named data networking(NDN),a representative implementation of ICN.We perform a security analysis to show that the proposed scheme can provide security features such as mutual authentication,session key agreement,defending against various cyber attacks,anonymity,and resilience against device capture attack.The security of the proposed scheme is also formally verified using the popular AVISPA(Automated Validation of Internet Security Protocols and Applications)tool.The computational and communication costs of the proposed scheme are evaluated.Our results demonstrate that the proposed scheme achieves significantly lower computational,communication and energy costs than other state-of-the-art schemes.

Quantum Secure Direct Communication Protocol with Mutual Authentication Based on Single Photons and Bell States

Quantum secure direct communication(QSDC)can transmit secret messages directly from one user to another without first establishing a shared secret key,which is different from quantum key distribution.In this paper,we propose a novel quantum secure direct communication protocol based on signal photons and Bell states.Before the execution of the proposed protocol,two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret,respectively.Then the message sender,Alice,encodes each secret message bit into two single photons(|01>or|10>)or a Bell state(1|φ^(+)>=1/√2(|0>|-|1>1>)),and composes an ordered secret message sequence.To insure the security of communication,Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB.By the secret identity IDA and IDB,both sides of the communication can check eavesdropping and identify each other.The proposed protocol not only completes secure direct communication,but also realizes the mutual authentication.The security analysis of the proposed protocol is presented in the paper.The analysis results show that this protocol is secure against some common attacks,and no secret message leaks even if the messages are broken.Compared with the two-way QSDC protocols,the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack.Furthermore,our proposed protocol can be realized without quantum memory.

Secure and Anonymous Three-Factor Authentication Scheme for Remote Healthcare Systems

Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis.The protection of the patient’s privacy and their data from unauthorized access is a major concern in such systems.Therefore,an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns.Many authentication schemes for remote patient monitoring have been proposed recently.However,the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use.This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN.The proposed authentication scheme is formally verified using the Burrows,Abadi and Needham’s(BAN)logic model and an automatic cryptographic protocol verifier(ProVerif)tool.We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios.Comparisons of the security and performance are carried out with recently proposed authentication schemes.The results of the analysis show that the proposed authentication scheme is secure and practical for use,with reasonable storage space,computation,and communication efficiency.

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers.The goal is the remote monitoring of a patient’s physiological data by physicians.Moreover,this system can reduce the number and expenses of healthcare centers,make up for the shortage of healthcare centers in remote areas,enable consultation with expert physicians around the world,and increase the health awareness of communities.The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process,which should maintain the privacy of patients,and the integrity of remote medical instructions.Current research results indicate the need of a flexible authentication scheme.This study proposes a scheme with enhanced security for healthcare IoT systems,called an end-to-end authentication scheme for healthcare IoT systems,that is,an E2EA.The proposed scheme supports security services such as a strong and flexible authentication process,simultaneous anonymity of the patient and physician,and perfect forward secrecy services.A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks.A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication,computation,and storage,and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.

Design of a Mutual Authentication and Key Agreement Protocol for WBANs

Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.

基于MI-PUF的V2X车联网通信安全认证协议

针对目前车联万物(Vehicle-to-Everything,V2X)中车辆与路边单元(Vehicle-to-Infrastructure,V2I)、车辆与车辆(Vehicle-to-Vehicle,V2V)通信的认证协议计算开销大、易受到攻击者假冒合法身份攻击的问题,文章提出一种基于索引图与索引提示符物理不可克隆函数(Map-Index Physical Unclonable Function,MI-PUF)的车联网通信安全认证协议。该协议引入PUF并利用其轻量级计算的特性降低车辆的计算开销和通信开销;借助PUF自身不可克隆的特性,解决身份假冒攻击问题;通过构建索引图以及哈希函数对PUF的输出信号进行处理,有效解决了机器学习攻击问题。在Dolve-Yao模型下使用形式化验证工具AVISPA验证该协议的安全性,实验结果表明,该协议能够为车联网的V2I及V2V通信提供基本的安全保障。

ATTACKS AND IMPROVEMENTS ON THE RFID AUTHENTICATION PROTOCOLS BASED ON MATRIX

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.

Authenticated Privacy Preserving Pairing-Based Scheme for Remote Health Monitoring Systems

The digitization of patient health information has brought many benefits and challenges for both the patients and physicians. However, security and privacy preservation have remained important challenges for remote health monitoring systems. Since a patient’s health information is sensitive and the communication channel (i.e. the Internet) is insecure, it is important to protect them against unauthorized entities. Otherwise, failure to do so will not only lead to compromise of a patient’s privacy, but will also put his/her life at risk. How to provide for confidentiality, patient anonymity and un-traceability, access control to a patient’s health information and even key exchange between a patient and her physician are critical issues that need to be addressed if a wider adoption of remote health monitoring systems is to be realized. This paper proposes an authenticated privacy preserving pairing-based scheme for remote health monitoring systems. The scheme is based on the concepts of bilinear paring, identity-based cryptography and non-interactive identity-based key agreement protocol. The scheme also incorporates an efficient batch signature verification scheme to reduce computation cost during multiple simultaneous signature verifications.

一种基于密钥协商的UAV与用户的安全通信算法

针对无人机与用户间进行通信时的安全问题,提出轻量级的安全认证和密钥协商(Se-cure Authentication and Key Agreement,SAKA)算法。SAKA算法采用轻量级的加密操作,完成无人机与用户间的安全认证,并保证无人机和用户的位置不泄露。同时,为了保证无人机与用户间的安全通信,无人机与用户在通信前相互认证,并建立会话密钥。性能分析表明,SAKA算法能防御典型的安全攻击。相比于同类的认证算法,SAKA算法在运算时间和通信成本方面具有更好的性能。

一种基于GHZ态的半量子双方身份认证协议

半量子身份认证在保障通讯安全方面发挥着至关重要的作用。通过引入一个量子第三方对密钥进行集中管理,提出一种新的基于Greenberger-Home-Zeilinger (GHZ)态的半量子双方身份认证协议。首先,对参与者的量子能力进行限制,两个认证者都只具有半量子的能力,协议使用更少的量子资源。其次,协议中两个半量子参与者只需要执行简单的测量操作和异或操作。安全性分析发现,利用该协议进行量子通信时,假冒攻击、截获重发攻击和纠缠附加攻击等攻击都无法引起合法身份信息的泄露,表明该协议可以有效防止非法的不诚实参与者获得合法身份,具有较好的安全性和实用性。

基于USB-Key的强口令认证方案设计与分析

针对OSPA强口令认证方案无法抵抗重放攻击、拒绝服务攻击的不足,提出了一种基于USB-Key的口令认证方案。该方案使用USB-Key进行用户口令的验证并存储认证的安全参数,能够有效地保护安全参数不被窃取。认证方案在认证过程中对用户的身份信息进行了保护,使用Hash运算计算认证参数,通过用户端和服务器端之间的认证参数的传递实现双向认证。方案的安全性分析表明,它能够防止口令猜测攻击、重放攻击、假冒攻击、拒绝服务攻击,方案系统开销小,适用于运算能力有限的终端用户。

基于EAP-TLS的可信网络连接认证方案设计与实现

TNC架构在终端接入网络前对终端的平台身份和平台环境进行可信认证,保证了接入终端的可信,但这种可信认证存在单向性的局限,无法保证网络服务器的可信。EAP-TLS是802.1x中一种基于证书的扩展认证协议,支持双向认证机制。本文在分析TNC架构和EAP-TLS双向认证机制基础上,设计了一种基于EAP-TLS的可信网络连接双向认证方案,该方案能够对终端和服务器的平台身份、平台完整性和平台可信环境进行双向认证。在FHH@TNC开源架构搭建的可信网络环境上实现了客户端与服务器之间双向可信认证方案,并进行了方案测试,证明了方案的正确性。

基于Grain-128a算法的RFID安全机制

RFID技术的安全与成本问题是阻碍其获得更进一步推广的原因。平衡安全与成本这一对矛盾,设计出安全有效的安全技术解决方案,仍然是一个具有相当挑战性的课题。讨论了RFID系统的特点,介绍了相互认证技术的工作流程并分析其安全特性。在此基础上,提出在相互认证机制中应用Grain-128a算法的安全方案并完成了Grain-128a在FPGA上的设计。