Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stab...Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.展开更多
Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the ...Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.展开更多
Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (C...Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.展开更多
Objective Aiming at lots of vulnerabilities in the Wired Equivalent Privacy (WEP) which threats the authentication and confidentiality in wireless communication, a new kind of mutual authentication and privacy mechan...Objective Aiming at lots of vulnerabilities in the Wired Equivalent Privacy (WEP) which threats the authentication and confidentiality in wireless communication, a new kind of mutual authentication and privacy mechanism named MWEP(Modified WEP) is proposed. Methods MWEP is based on pseudo random number generator (PRNG) and asymmetric cryptograph approach, it generates a unique session key like “One Time Password” for each data frame transmission between any two mobile stations. Results Using this session key to encrypt the transmission data, not only can it avoid replay attack, but also provide a good secure virtual channel for the sender and receiver. MWEP can be incorporated into IEEE 802.11. Conclusion It shows that the proposed mechanism is effective and practical after comparison with WEP and simulation.展开更多
The mature design of wireless mobile sensor network makes it to be used in vast verities of applications including from home used to the security surveillance.All such types of applications based on wireless mobile se...The mature design of wireless mobile sensor network makes it to be used in vast verities of applications including from home used to the security surveillance.All such types of applications based on wireless mobile sensor network are generally using real time data,most of them are interested in real time communication directly from cluster head of cluster instead of a base station in cluster network.This would be possible if an external user allows to directly access real time data from the cluster head in cluster wireless mobile sensor network instead of accessing data from base station.But this leads to a serious security breach and degrades the performance of any security protocol available in this domain.Most existing schemes for authentication and cluster key management for external users,exchange a number of messages between cluster head and base station to allow external to access real time data from the base station instead of cluster head.This increase communication cost and delay in such real time access information.To handle this critical issue in cluster wireless mobile sensor network,we propose a lightweight authentication and key management scheme using a fuzzy extractor.In this scheme,any external user can access data directly from the cluster head of any cluster without the involvement of the base station.The proposed scheme only uses the one-way hash functions and bitwise XOR operations,apart from the fuzzy extractor method for the user biometric verification at the login phase.The presented scheme supports scalability for an increasing number of nodes using polynomials.The proposed scheme increases the life-time of the network by decreasing the key pool size.展开更多
To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user ...To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.展开更多
文摘Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.
基金supported by the National Key Research and Development Program of China (No. 2017YFC0820603)
文摘Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.
基金Supported by the National Natural Science Founda-tion of China (60225007, 60572155) and the Science and Technology Research Project of Shanghai (04DZ07067)
文摘Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.
基金ThisprojectwassupportedbytheFoundationofNational863ClimbingProject (No .2 001BA101A01).HarvardUniversityDivisionofEngineeringandAppliedScience+1 种基金Cambridge MA0 2 1 38.
文摘Objective Aiming at lots of vulnerabilities in the Wired Equivalent Privacy (WEP) which threats the authentication and confidentiality in wireless communication, a new kind of mutual authentication and privacy mechanism named MWEP(Modified WEP) is proposed. Methods MWEP is based on pseudo random number generator (PRNG) and asymmetric cryptograph approach, it generates a unique session key like “One Time Password” for each data frame transmission between any two mobile stations. Results Using this session key to encrypt the transmission data, not only can it avoid replay attack, but also provide a good secure virtual channel for the sender and receiver. MWEP can be incorporated into IEEE 802.11. Conclusion It shows that the proposed mechanism is effective and practical after comparison with WEP and simulation.
基金This research was financially supported in part by the Ministry of Trade,Industry and Energy(MOTIE)and Korea Institute for Advancement of Technology(KIAT)through the International Cooperative R&D program.(Project No.P0016038)in part by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2021-2016-0-00312)supervised by the IITP(Institute for Information&communications Technology Planning&Evaluation).
文摘The mature design of wireless mobile sensor network makes it to be used in vast verities of applications including from home used to the security surveillance.All such types of applications based on wireless mobile sensor network are generally using real time data,most of them are interested in real time communication directly from cluster head of cluster instead of a base station in cluster network.This would be possible if an external user allows to directly access real time data from the cluster head in cluster wireless mobile sensor network instead of accessing data from base station.But this leads to a serious security breach and degrades the performance of any security protocol available in this domain.Most existing schemes for authentication and cluster key management for external users,exchange a number of messages between cluster head and base station to allow external to access real time data from the base station instead of cluster head.This increase communication cost and delay in such real time access information.To handle this critical issue in cluster wireless mobile sensor network,we propose a lightweight authentication and key management scheme using a fuzzy extractor.In this scheme,any external user can access data directly from the cluster head of any cluster without the involvement of the base station.The proposed scheme only uses the one-way hash functions and bitwise XOR operations,apart from the fuzzy extractor method for the user biometric verification at the login phase.The presented scheme supports scalability for an increasing number of nodes using polynomials.The proposed scheme increases the life-time of the network by decreasing the key pool size.
文摘To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.