Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with o...Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with other real-world applications.The security of transferred,stored,and processed data in IoT is not ensured in many constraints.Internet-enabled smart devices are widely used among populations for all types of applications,thus increasing the popularity of IoT among widely used server technologies.Smart grid is used in this article with IoT to manage large data.A smart grid is a collection of numerous users in the network with the fastest response time.This article aims to provide high authentication to the smart grid,which constitutes secure communication in cloud-based IoT.Many IoT devices are deployed openly in all places.This open-access is vulnerable toward cloning attacks.Authentication is a significant process that provides strength while attacking.The security of the cloud and IoT must be computationally high.A lightweight authentication using hashing technique is proposed considering the aforementioned condition.The main factor of the authentication involves physically unclonable functions,which are utilized in improving the performance of the authentication.The proposed approach is evaluated with the existing techniques.Results show that the performance of the proposed algorithm provides high robust security.展开更多
In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them...In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them.The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy,storage,and processing.Although recently many lightweight schemes have been proposed,to the best of our knowledge,they are unable to address the problem of privacy preservation with the resistance of Denial of Service(DoS)attacks in a practical way.In this paper,we propose a lightweight authentication protocol based on the Physically Unclonable Function(PUF)to overcome the limitations of existing schemes.The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy,DoS attacks,and resource-constrained.The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.展开更多
Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integ...Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.展开更多
Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs....Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.展开更多
Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which mak...Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.展开更多
With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devic...With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. Th...We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. The proposed approach can solve the task of error control and authentication in unified algorithmic technology, called MAC (Message Authentication Code) with ECC (Error Correction Code). We follow a provable approach in the design of the cryptographic primitive, where we quantify the security measures in the parameters of the system. Provable security approaches are missing in the field of secure in-vehicle communication.展开更多
边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认...边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认证,减轻终端计算压力与带宽传输压力。利用安全协议与应用自动化验证工具(automated validation of internet security protocols and applications,AVISPA)以及安全特性分析验证协议的安全性,分析和仿真结果表明:所提协议可以抵抗重放攻击和仿冒攻击等,与同类型协议相比,具有更小的计算和通信开销。展开更多
无线射频识别(radio frequency identification,RFID)认证协议可实现读写器和标签之间的身份识别,保证只有合法的读写器才能访问标签的数据.由于标签的成本限制,设计最轻量级的RFID认证协议是面临的主要挑战.为了达到不可预测性隐私,标...无线射频识别(radio frequency identification,RFID)认证协议可实现读写器和标签之间的身份识别,保证只有合法的读写器才能访问标签的数据.由于标签的成本限制,设计最轻量级的RFID认证协议是面临的主要挑战.为了达到不可预测性隐私,标签至少需要具有伪随机函数PRF的能力.首先提出了一种基于PRF的RFID轻量级认证协议的基本框架,给出了抽象描述.基于对消息认证函数Fi的实例化,提出了一种新的RFID轻量级认证协议ELAP.与现有协议相比,该协议可以实现读写器和标签之间的双向认证,并能抵抗已知的所有攻击方式.在效率方面,标签只需要进行2次消息摘要运算,让标签的计算代价达到了最小.展开更多
文摘Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with other real-world applications.The security of transferred,stored,and processed data in IoT is not ensured in many constraints.Internet-enabled smart devices are widely used among populations for all types of applications,thus increasing the popularity of IoT among widely used server technologies.Smart grid is used in this article with IoT to manage large data.A smart grid is a collection of numerous users in the network with the fastest response time.This article aims to provide high authentication to the smart grid,which constitutes secure communication in cloud-based IoT.Many IoT devices are deployed openly in all places.This open-access is vulnerable toward cloning attacks.Authentication is a significant process that provides strength while attacking.The security of the cloud and IoT must be computationally high.A lightweight authentication using hashing technique is proposed considering the aforementioned condition.The main factor of the authentication involves physically unclonable functions,which are utilized in improving the performance of the authentication.The proposed approach is evaluated with the existing techniques.Results show that the performance of the proposed algorithm provides high robust security.
基金This work was supported by China Postdoctoral Science Foundation under Grant Nos.2020M681959 and 2020TQ0291in part by the national key R&D project under Grant No.2018YFB2100401in part by the National Key Research and Development Project No.2018YFB2100400.
文摘In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them.The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy,storage,and processing.Although recently many lightweight schemes have been proposed,to the best of our knowledge,they are unable to address the problem of privacy preservation with the resistance of Denial of Service(DoS)attacks in a practical way.In this paper,we propose a lightweight authentication protocol based on the Physically Unclonable Function(PUF)to overcome the limitations of existing schemes.The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy,DoS attacks,and resource-constrained.The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.
基金The Universiti Kebangsaan Malaysia(UKM)Research Grant Scheme FRGS/1/2020/ICT03/UKM/02/6 and GGPM-2020-028 funded this research.
文摘Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.
文摘Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.
基金supported by the National Natural Science Foundation of China(Grant No.61872138).
文摘Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.
基金Supported by Research Project of Undergraduate Teaching Reform and Quality Construction in Tianjin Colleges and Universities in 2023(B231005806)。
文摘With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
文摘We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. The proposed approach can solve the task of error control and authentication in unified algorithmic technology, called MAC (Message Authentication Code) with ECC (Error Correction Code). We follow a provable approach in the design of the cryptographic primitive, where we quantify the security measures in the parameters of the system. Provable security approaches are missing in the field of secure in-vehicle communication.
文摘边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认证,减轻终端计算压力与带宽传输压力。利用安全协议与应用自动化验证工具(automated validation of internet security protocols and applications,AVISPA)以及安全特性分析验证协议的安全性,分析和仿真结果表明:所提协议可以抵抗重放攻击和仿冒攻击等,与同类型协议相比,具有更小的计算和通信开销。
文摘无线射频识别(radio frequency identification,RFID)认证协议可实现读写器和标签之间的身份识别,保证只有合法的读写器才能访问标签的数据.由于标签的成本限制,设计最轻量级的RFID认证协议是面临的主要挑战.为了达到不可预测性隐私,标签至少需要具有伪随机函数PRF的能力.首先提出了一种基于PRF的RFID轻量级认证协议的基本框架,给出了抽象描述.基于对消息认证函数Fi的实例化,提出了一种新的RFID轻量级认证协议ELAP.与现有协议相比,该协议可以实现读写器和标签之间的双向认证,并能抵抗已知的所有攻击方式.在效率方面,标签只需要进行2次消息摘要运算,让标签的计算代价达到了最小.
