The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Tel...The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Telemetry Transport(MQTT)protocol,which,while efficient in bandwidth consumption,lacks inherent security features,making it vulnerable to various cyber threats.This research addresses these challenges by presenting a secure,lightweight communication proxy that enhances the scalability and security of MQTT-based Internet of Things(IoT)networks.The proposed solution builds upon the Dang-Scheme,a mutual authentication protocol designed explicitly for resource-constrained environments and enhances it using Elliptic Curve Cryptography(ECC).This integration significantly improves device authentication,data confidentiality,and energy efficiency,achieving an 87.68%increase in data confidentiality and up to 77.04%energy savings during publish/subscribe communications in smart homes.The Middleware Broker System dynamically manages transaction keys and session IDs,offering robust defences against common cyber threats like impersonation and brute-force attacks.Penetration testing with tools such as Hydra and Nmap further validated the system’s security,demonstrating its potential to significantly improve the security and efficiency of IoT networks while underscoring the need for ongoing research to combat emerging threats.展开更多
In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them...In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them.The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy,storage,and processing.Although recently many lightweight schemes have been proposed,to the best of our knowledge,they are unable to address the problem of privacy preservation with the resistance of Denial of Service(DoS)attacks in a practical way.In this paper,we propose a lightweight authentication protocol based on the Physically Unclonable Function(PUF)to overcome the limitations of existing schemes.The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy,DoS attacks,and resource-constrained.The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.展开更多
Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with o...Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with other real-world applications.The security of transferred,stored,and processed data in IoT is not ensured in many constraints.Internet-enabled smart devices are widely used among populations for all types of applications,thus increasing the popularity of IoT among widely used server technologies.Smart grid is used in this article with IoT to manage large data.A smart grid is a collection of numerous users in the network with the fastest response time.This article aims to provide high authentication to the smart grid,which constitutes secure communication in cloud-based IoT.Many IoT devices are deployed openly in all places.This open-access is vulnerable toward cloning attacks.Authentication is a significant process that provides strength while attacking.The security of the cloud and IoT must be computationally high.A lightweight authentication using hashing technique is proposed considering the aforementioned condition.The main factor of the authentication involves physically unclonable functions,which are utilized in improving the performance of the authentication.The proposed approach is evaluated with the existing techniques.Results show that the performance of the proposed algorithm provides high robust security.展开更多
Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integ...Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.展开更多
Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs....Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.展开更多
Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which mak...Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.展开更多
基于云-边缘计算的车联网(Cloud-Edge computing for the Internet of Vehicle,CEIoV)能够支持大规模车辆的实时访问与服务请求,为了保证其内部资源的安全性,需要对车辆进行身份认证而后才能接入CEIoV;但是车辆本身处于运行状态且计算...基于云-边缘计算的车联网(Cloud-Edge computing for the Internet of Vehicle,CEIoV)能够支持大规模车辆的实时访问与服务请求,为了保证其内部资源的安全性,需要对车辆进行身份认证而后才能接入CEIoV;但是车辆本身处于运行状态且计算、存储和通信资源受限,给CEIoV车辆的身份认证带来挑战.本文基于具有简单密码操作的变色龙哈希函数,提出了一个连续轻量级身份认证协议(Lightweight Continuous identity Authentication,LCA),实现了对于资源受限车辆的认证和CEIoV内部资源的安全保障.本文在随机预言机模型下证明了LCA协议的语义安全性;并通过实验验证LCA协议在连续认证过程中具有较低的计算和通信成本.展开更多
With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devic...With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. Th...We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. The proposed approach can solve the task of error control and authentication in unified algorithmic technology, called MAC (Message Authentication Code) with ECC (Error Correction Code). We follow a provable approach in the design of the cryptographic primitive, where we quantify the security measures in the parameters of the system. Provable security approaches are missing in the field of secure in-vehicle communication.展开更多
边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认...边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认证,减轻终端计算压力与带宽传输压力。利用安全协议与应用自动化验证工具(automated validation of internet security protocols and applications,AVISPA)以及安全特性分析验证协议的安全性,分析和仿真结果表明:所提协议可以抵抗重放攻击和仿冒攻击等,与同类型协议相比,具有更小的计算和通信开销。展开更多
基金supported through Universiti Sains Malaysia(USM)and the Ministry of Higher Education Malaysia providing the research grant,Fundamental Research Grant Scheme(FRGS-Grant No.FRGS/1/2020/TK0/USM/02/1).
文摘The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Telemetry Transport(MQTT)protocol,which,while efficient in bandwidth consumption,lacks inherent security features,making it vulnerable to various cyber threats.This research addresses these challenges by presenting a secure,lightweight communication proxy that enhances the scalability and security of MQTT-based Internet of Things(IoT)networks.The proposed solution builds upon the Dang-Scheme,a mutual authentication protocol designed explicitly for resource-constrained environments and enhances it using Elliptic Curve Cryptography(ECC).This integration significantly improves device authentication,data confidentiality,and energy efficiency,achieving an 87.68%increase in data confidentiality and up to 77.04%energy savings during publish/subscribe communications in smart homes.The Middleware Broker System dynamically manages transaction keys and session IDs,offering robust defences against common cyber threats like impersonation and brute-force attacks.Penetration testing with tools such as Hydra and Nmap further validated the system’s security,demonstrating its potential to significantly improve the security and efficiency of IoT networks while underscoring the need for ongoing research to combat emerging threats.
基金This work was supported by China Postdoctoral Science Foundation under Grant Nos.2020M681959 and 2020TQ0291in part by the national key R&D project under Grant No.2018YFB2100401in part by the National Key Research and Development Project No.2018YFB2100400.
文摘In the emerging Industrial Internet of Things(IIoT),authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them.The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy,storage,and processing.Although recently many lightweight schemes have been proposed,to the best of our knowledge,they are unable to address the problem of privacy preservation with the resistance of Denial of Service(DoS)attacks in a practical way.In this paper,we propose a lightweight authentication protocol based on the Physically Unclonable Function(PUF)to overcome the limitations of existing schemes.The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy,DoS attacks,and resource-constrained.The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.
文摘Internet-of-Things(IoT)is an awaited technology in real-world applications to process daily tasks using intelligent techniques.The main process of data in IoT involves communication,integration,and coordination with other real-world applications.The security of transferred,stored,and processed data in IoT is not ensured in many constraints.Internet-enabled smart devices are widely used among populations for all types of applications,thus increasing the popularity of IoT among widely used server technologies.Smart grid is used in this article with IoT to manage large data.A smart grid is a collection of numerous users in the network with the fastest response time.This article aims to provide high authentication to the smart grid,which constitutes secure communication in cloud-based IoT.Many IoT devices are deployed openly in all places.This open-access is vulnerable toward cloning attacks.Authentication is a significant process that provides strength while attacking.The security of the cloud and IoT must be computationally high.A lightweight authentication using hashing technique is proposed considering the aforementioned condition.The main factor of the authentication involves physically unclonable functions,which are utilized in improving the performance of the authentication.The proposed approach is evaluated with the existing techniques.Results show that the performance of the proposed algorithm provides high robust security.
基金The Universiti Kebangsaan Malaysia(UKM)Research Grant Scheme FRGS/1/2020/ICT03/UKM/02/6 and GGPM-2020-028 funded this research.
文摘Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.
文摘Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.
基金supported by the National Natural Science Foundation of China(Grant No.61872138).
文摘Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.
文摘基于云-边缘计算的车联网(Cloud-Edge computing for the Internet of Vehicle,CEIoV)能够支持大规模车辆的实时访问与服务请求,为了保证其内部资源的安全性,需要对车辆进行身份认证而后才能接入CEIoV;但是车辆本身处于运行状态且计算、存储和通信资源受限,给CEIoV车辆的身份认证带来挑战.本文基于具有简单密码操作的变色龙哈希函数,提出了一个连续轻量级身份认证协议(Lightweight Continuous identity Authentication,LCA),实现了对于资源受限车辆的认证和CEIoV内部资源的安全保障.本文在随机预言机模型下证明了LCA协议的语义安全性;并通过实验验证LCA协议在连续认证过程中具有较低的计算和通信成本.
基金Supported by Research Project of Undergraduate Teaching Reform and Quality Construction in Tianjin Colleges and Universities in 2023(B231005806)。
文摘With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
文摘We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. The proposed approach can solve the task of error control and authentication in unified algorithmic technology, called MAC (Message Authentication Code) with ECC (Error Correction Code). We follow a provable approach in the design of the cryptographic primitive, where we quantify the security measures in the parameters of the system. Provable security approaches are missing in the field of secure in-vehicle communication.
文摘边缘计算有效缓解了云平台的计算压力,降低网络带宽消耗,但也带来了新的安全问题,传统的认证机制不再适用于“云边端”网络架构,对此提出一种轻量级云边协同的双向身份认证协议,针对海量资源受限的电力终端,仅基于哈希与异或操作实现认证,减轻终端计算压力与带宽传输压力。利用安全协议与应用自动化验证工具(automated validation of internet security protocols and applications,AVISPA)以及安全特性分析验证协议的安全性,分析和仿真结果表明:所提协议可以抵抗重放攻击和仿冒攻击等,与同类型协议相比,具有更小的计算和通信开销。
