The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective se...The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λ_(i) of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server S_(j) and members C_(i),with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.展开更多
In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memo...In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memory consumption.Given this,based on snapshot compressive ghost imaging,a public network cryptographic key distribution protocol is proposed,where the cryptographic keys and joint authentication information are encrypted into several color block diagrams to guarantee security.It transforms the previous single-pixel sequential multiple measurements into multi-pixel single exposure measurements,significantly reducing sampling time and memory storage.Both simulation and experimental results demonstrate the feasibility of this protocol and its ability to detect illegal attacks.Therefore,it takes GCKD a big step closer to practical applications.展开更多
Nowadays, devices are connected across all areas, from intelligent buildings and smart cities to Industry 4.0 andsmart healthcare. With the exponential growth of Internet of Things usage in our world, IoT security is ...Nowadays, devices are connected across all areas, from intelligent buildings and smart cities to Industry 4.0 andsmart healthcare. With the exponential growth of Internet of Things usage in our world, IoT security is still thebiggest challenge for its deployment. The main goal of IoT security is to ensure the accessibility of services providedby an IoT environment, protect privacy, and confidentiality, and guarantee the safety of IoT users, infrastructures,data, and devices. Authentication, as the first line of defense against security threats, becomes the priority ofeveryone. It can either grant or deny users access to resources according to their legitimacy. As a result, studyingand researching authentication issues within IoT is extremely important. As a result, studying and researchingauthentication issues within IoT is extremely important. This article presents a comparative study of recent researchin IoT security;it provides an analysis of recent authentication protocols from2019 to 2023 that cover several areaswithin IoT (such as smart cities, healthcare, and industry). This survey sought to provide an IoT security researchsummary, the biggest susceptibilities, and attacks, the appropriate technologies, and the most used simulators. Itillustrates that the resistance of protocols against attacks, and their computational and communication cost arelinked directly to the cryptography technique used to build it. Furthermore, it discusses the gaps in recent schemesand provides some future research directions.展开更多
The Internet of Vehicles(IoV)is extensively deployed in outdoor and open environments to effectively address traffic efficiency and safety issues by connecting vehicles to the network.However,due to the open and varia...The Internet of Vehicles(IoV)is extensively deployed in outdoor and open environments to effectively address traffic efficiency and safety issues by connecting vehicles to the network.However,due to the open and variable nature of its network topology,vehicles frequently engage in cross-domain interactions.During such processes,directly uploading sensitive information to roadside units for interaction may expose it to malicious tampering or interception by attackers,thus compromising the security of the cross-domain authentication process.Additionally,IoV imposes high real-time requirements,and existing cross-domain authentication schemes for IoV often encounter efficiency issues.To mitigate these challenges,we propose CAIoV,a blockchain-based efficient cross-domain authentication scheme for IoV.This scheme comprehensively integrates technologies such as zero-knowledge proofs,smart contracts,and Merkle hash tree structures.It divides the cross-domain process into anonymous cross-domain authentication and safe cross-domain authentication phases to ensure efficiency while maintaining a balance between efficiency and security.Finally,we evaluate the performance of CAIoV.Experimental results demonstrate that our proposed scheme reduces computational overhead by approximately 20%,communication overhead by around 10%,and storage overhead by nearly 30%.展开更多
With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protecti...With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
Effective user authentication is key to ensuring equipment security,data privacy,and personalized services in Internet of Things(IoT)systems.However,conventional mode-based authentication methods(e.g.,passwords and sm...Effective user authentication is key to ensuring equipment security,data privacy,and personalized services in Internet of Things(IoT)systems.However,conventional mode-based authentication methods(e.g.,passwords and smart cards)may be vulnerable to a broad range of attacks(e.g.,eavesdropping and side-channel attacks).Hence,there have been attempts to design biometric-based authentication solutions,which rely on physiological and behavioral characteristics.Behavioral characteristics need continuous monitoring and specific environmental settings,which can be challenging to implement in practice.However,we can also leverage Artificial Intelligence(AI)in the extraction and classification of physiological characteristics from IoT devices processing to facilitate authentication.Thus,we review the literature on the use of AI in physiological characteristics recognition pub-lished after 2015.We use the three-layer architecture of the IoT(i.e.,sensing layer,feature layer,and algorithm layer)to guide the discussion of existing approaches and their limitations.We also identify a number of future research opportunities,which will hopefully guide the design of next generation solutions.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) ...Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) regularly share extensive data without human intervention while making all types of decisions. Thesedecisions may involve controlling sensitive ventilation systems maintaining uniform temperature, live heartbeatmonitoring, and several different alert systems. Many of these devices simultaneously share data to form anautomated system. The data shared between machine-type communication devices (MTCDs) is prone to risk dueto limited computational power, internal memory, and energy capacity. Therefore, securing the data and devicesbecomes challenging due to factors such as dynamic operational environments, remoteness, harsh conditions,and areas where human physical access is difficult. One of the crucial parts of securing MTCDs and data isauthentication, where each devicemust be verified before data transmission. SeveralM2Mauthentication schemeshave been proposed in the literature, however, the literature lacks a comprehensive overview of current M2Mauthentication techniques and the challenges associated with them. To utilize a suitable authentication schemefor specific scenarios, it is important to understand the challenges associated with it. Therefore, this article fillsthis gap by reviewing the state-of-the-art research on authentication schemes in MTCDs specifically concerningapplication categories, security provisions, and performance efficiency.展开更多
Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For...Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For example,a malicious participant can launch attacks by capturing a physical device.Therefore,node authentication that can resist malicious attacks is very important to network security.Recently,blockchain technology has shown the potential to enhance the security of the Internet of Things(IoT).In this paper,we propose a Blockchain-empowered Authentication Scheme(BAS)for WSN.In our scheme,all nodes are managed by utilizing the identity information stored on the blockchain.Besides,the simulation experiment about worm detection is executed on BAS,and the security is evaluated from detection and infection rate.The experiment results indicate that the proposed scheme can effectively inhibit the spread and infection of worms in the network.展开更多
The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can le...The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can lead to wrong location reports and time indication.In order to deal with this threat,we proposed a scheme of anti-spoofing for BDⅡ-CNAV based on integrated information authentication.This scheme generates two type authentication information,one is authentication code information(ACI),which is applied to confirm the authenticity and reliability of satellite time information,and the other is signature information,which is used to authenticate the integrity of satellite location information and other information.Both authentication information is designed to embed into the reserved bits in BDⅡ-CNAV without changing the frame structure.In order to avoid authentication failure caused by public key error or key error,the key or public key prompt information(KPKPI)are designed to remind the receiver to update both keys in time.Experimental results indicate that the scheme can successfully detect spoofing attacks,and the authentication delay is less than 1%of the transmission delay,which meets the requirements of BDⅡ-CNAV information authentication.展开更多
Internet of Health Things(IoHT)is a subset of Internet of Things(IoT)technology that includes interconnected medical devices and sensors used in medical and healthcare information systems.However,IoHT is susceptible t...Internet of Health Things(IoHT)is a subset of Internet of Things(IoT)technology that includes interconnected medical devices and sensors used in medical and healthcare information systems.However,IoHT is susceptible to cybersecurity threats due to its reliance on low-power biomedical devices and the use of open wireless channels for communication.In this article,we intend to address this shortcoming,and as a result,we propose a new scheme called,the certificateless anonymous authentication(CAA)scheme.The proposed scheme is based on hyperelliptic curve cryptography(HECC),an enhanced variant of elliptic curve cryptography(ECC)that employs a smaller key size of 80 bits as compared to 160 bits.The proposed scheme is secure against various attacks in both formal and informal security analyses.The formal study makes use of the Real-or-Random(ROR)model.A thorough comparative study of the proposed scheme is conducted for the security and efficiency of the proposed scheme with the relevant existing schemes.The results demonstrate that the proposed scheme not only ensures high security for health-related data but also increases efficiency.The proposed scheme’s computation cost is 2.88 ms,and the communication cost is 1440 bits,which shows its better efficiency compared to its counterpart schemes.展开更多
Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impa...Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a s...Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.展开更多
With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware ...With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.展开更多
Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured...Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.展开更多
System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation ai...System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.展开更多
The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuou...The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuous authentication initiating to be loftier to conventional authentication mechanisms by continuously confirming users’identities on continuing basis and mark the instant at which an illegitimate hacker grasps dominance of the session.However,divergent issues remain unaddressed.This research aims to investigate the power of Deep Reinforcement Learning technique to implicit continuous authentication for mobile devices using a method called,Gaussian Weighted Cauchy Kriging-based Continuous Czekanowski’s(GWCK-CC).First,a Gaussian Weighted Non-local Mean Filter Preprocessing model is applied for reducing the noise pre-sent in the raw input face images.Cauchy Kriging Regression function is employed to reduce the dimensionality.Finally,Continuous Czekanowski’s Clas-sification is utilized for proficient classification between the genuine user and attacker.By this way,the proposed GWCK-CC method achieves accurate authen-tication with minimum error rate and time.Experimental assessment of the pro-posed GWCK-CC method and existing methods are carried out with different factors by using UMDAA-02 Face Dataset.The results confirm that the proposed GWCK-CC method enhances authentication accuracy,by 9%,reduces the authen-tication time,and error rate by 44%,and 43%as compared to the existing methods.展开更多
文摘The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λ_(i) of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server S_(j) and members C_(i),with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.
基金supported by the Beijing Natural Science Foundation(Grant No.4222016).
文摘In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memory consumption.Given this,based on snapshot compressive ghost imaging,a public network cryptographic key distribution protocol is proposed,where the cryptographic keys and joint authentication information are encrypted into several color block diagrams to guarantee security.It transforms the previous single-pixel sequential multiple measurements into multi-pixel single exposure measurements,significantly reducing sampling time and memory storage.Both simulation and experimental results demonstrate the feasibility of this protocol and its ability to detect illegal attacks.Therefore,it takes GCKD a big step closer to practical applications.
文摘Nowadays, devices are connected across all areas, from intelligent buildings and smart cities to Industry 4.0 andsmart healthcare. With the exponential growth of Internet of Things usage in our world, IoT security is still thebiggest challenge for its deployment. The main goal of IoT security is to ensure the accessibility of services providedby an IoT environment, protect privacy, and confidentiality, and guarantee the safety of IoT users, infrastructures,data, and devices. Authentication, as the first line of defense against security threats, becomes the priority ofeveryone. It can either grant or deny users access to resources according to their legitimacy. As a result, studyingand researching authentication issues within IoT is extremely important. As a result, studying and researchingauthentication issues within IoT is extremely important. This article presents a comparative study of recent researchin IoT security;it provides an analysis of recent authentication protocols from2019 to 2023 that cover several areaswithin IoT (such as smart cities, healthcare, and industry). This survey sought to provide an IoT security researchsummary, the biggest susceptibilities, and attacks, the appropriate technologies, and the most used simulators. Itillustrates that the resistance of protocols against attacks, and their computational and communication cost arelinked directly to the cryptography technique used to build it. Furthermore, it discusses the gaps in recent schemesand provides some future research directions.
基金supported by the National Natural Science Foundation of China(62362013)the Guangxi Natural Science Foundation(2023GXNSFAA026294).
文摘The Internet of Vehicles(IoV)is extensively deployed in outdoor and open environments to effectively address traffic efficiency and safety issues by connecting vehicles to the network.However,due to the open and variable nature of its network topology,vehicles frequently engage in cross-domain interactions.During such processes,directly uploading sensitive information to roadside units for interaction may expose it to malicious tampering or interception by attackers,thus compromising the security of the cross-domain authentication process.Additionally,IoV imposes high real-time requirements,and existing cross-domain authentication schemes for IoV often encounter efficiency issues.To mitigate these challenges,we propose CAIoV,a blockchain-based efficient cross-domain authentication scheme for IoV.This scheme comprehensively integrates technologies such as zero-knowledge proofs,smart contracts,and Merkle hash tree structures.It divides the cross-domain process into anonymous cross-domain authentication and safe cross-domain authentication phases to ensure efficiency while maintaining a balance between efficiency and security.Finally,we evaluate the performance of CAIoV.Experimental results demonstrate that our proposed scheme reduces computational overhead by approximately 20%,communication overhead by around 10%,and storage overhead by nearly 30%.
基金Wenzhou Key Scientific and Technological Projects(No.ZG2020031)Wenzhou Polytechnic Research Projects(No.WZY2021002)+3 种基金Key R&D Projects in Zhejiang Province(No.2021C01117)Major Program of Natural Science Foundation of Zhejiang Province(LD22F020002)the Cloud Security Key Technology Research Laboratorythe Researchers Supporting Project Number(RSP2023R509),King Saud University,Riyadh,Saudi Arabia.
文摘With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金funded in part by the National Natural Science Foundation of China under Grant No.61872038in part by the Fundamental Research Funds for the Central Universities under Grant No.FRF-GF-20-15B.
文摘Effective user authentication is key to ensuring equipment security,data privacy,and personalized services in Internet of Things(IoT)systems.However,conventional mode-based authentication methods(e.g.,passwords and smart cards)may be vulnerable to a broad range of attacks(e.g.,eavesdropping and side-channel attacks).Hence,there have been attempts to design biometric-based authentication solutions,which rely on physiological and behavioral characteristics.Behavioral characteristics need continuous monitoring and specific environmental settings,which can be challenging to implement in practice.However,we can also leverage Artificial Intelligence(AI)in the extraction and classification of physiological characteristics from IoT devices processing to facilitate authentication.Thus,we review the literature on the use of AI in physiological characteristics recognition pub-lished after 2015.We use the three-layer architecture of the IoT(i.e.,sensing layer,feature layer,and algorithm layer)to guide the discussion of existing approaches and their limitations.We also identify a number of future research opportunities,which will hopefully guide the design of next generation solutions.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia(Grant No.GRANT5,208).
文摘Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) regularly share extensive data without human intervention while making all types of decisions. Thesedecisions may involve controlling sensitive ventilation systems maintaining uniform temperature, live heartbeatmonitoring, and several different alert systems. Many of these devices simultaneously share data to form anautomated system. The data shared between machine-type communication devices (MTCDs) is prone to risk dueto limited computational power, internal memory, and energy capacity. Therefore, securing the data and devicesbecomes challenging due to factors such as dynamic operational environments, remoteness, harsh conditions,and areas where human physical access is difficult. One of the crucial parts of securing MTCDs and data isauthentication, where each devicemust be verified before data transmission. SeveralM2Mauthentication schemeshave been proposed in the literature, however, the literature lacks a comprehensive overview of current M2Mauthentication techniques and the challenges associated with them. To utilize a suitable authentication schemefor specific scenarios, it is important to understand the challenges associated with it. Therefore, this article fillsthis gap by reviewing the state-of-the-art research on authentication schemes in MTCDs specifically concerningapplication categories, security provisions, and performance efficiency.
基金supported by the Natural Science Foundation under Grant No.61962009Major Scientific and Technological Special Project of Guizhou Province under Grant No.20183001Foundation of Guizhou Provincial Key Laboratory of Public Big Data under Grant No.2018BDKFJJ003,2018BDKFJJ005 and 2019BDKFJJ009.
文摘Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For example,a malicious participant can launch attacks by capturing a physical device.Therefore,node authentication that can resist malicious attacks is very important to network security.Recently,blockchain technology has shown the potential to enhance the security of the Internet of Things(IoT).In this paper,we propose a Blockchain-empowered Authentication Scheme(BAS)for WSN.In our scheme,all nodes are managed by utilizing the identity information stored on the blockchain.Besides,the simulation experiment about worm detection is executed on BAS,and the security is evaluated from detection and infection rate.The experiment results indicate that the proposed scheme can effectively inhibit the spread and infection of worms in the network.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)。
文摘The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can lead to wrong location reports and time indication.In order to deal with this threat,we proposed a scheme of anti-spoofing for BDⅡ-CNAV based on integrated information authentication.This scheme generates two type authentication information,one is authentication code information(ACI),which is applied to confirm the authenticity and reliability of satellite time information,and the other is signature information,which is used to authenticate the integrity of satellite location information and other information.Both authentication information is designed to embed into the reserved bits in BDⅡ-CNAV without changing the frame structure.In order to avoid authentication failure caused by public key error or key error,the key or public key prompt information(KPKPI)are designed to remind the receiver to update both keys in time.Experimental results indicate that the scheme can successfully detect spoofing attacks,and the authentication delay is less than 1%of the transmission delay,which meets the requirements of BDⅡ-CNAV information authentication.
文摘Internet of Health Things(IoHT)is a subset of Internet of Things(IoT)technology that includes interconnected medical devices and sensors used in medical and healthcare information systems.However,IoHT is susceptible to cybersecurity threats due to its reliance on low-power biomedical devices and the use of open wireless channels for communication.In this article,we intend to address this shortcoming,and as a result,we propose a new scheme called,the certificateless anonymous authentication(CAA)scheme.The proposed scheme is based on hyperelliptic curve cryptography(HECC),an enhanced variant of elliptic curve cryptography(ECC)that employs a smaller key size of 80 bits as compared to 160 bits.The proposed scheme is secure against various attacks in both formal and informal security analyses.The formal study makes use of the Real-or-Random(ROR)model.A thorough comparative study of the proposed scheme is conducted for the security and efficiency of the proposed scheme with the relevant existing schemes.The results demonstrate that the proposed scheme not only ensures high security for health-related data but also increases efficiency.The proposed scheme’s computation cost is 2.88 ms,and the communication cost is 1440 bits,which shows its better efficiency compared to its counterpart schemes.
文摘Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)the joint funds of National Natural Science Foundation of China and Civil Aviation Administration of China(No.U2133203).
文摘Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.
基金funded by the College-level Characteristic Teaching Material Project(Project No.20220119Z0221)The College Teaching Incubation Project(Project No.20220120Z0220)+3 种基金The Ministry of Education Industry-University Cooperation Collaborative Education Project(Project No.20220163H0211)The Central Universities Basic Scientific Research Fund(Project No.3282024009,20230051Z0114,and 20230050Z0114)The Beijing Higher Education“Undergraduate Teaching Reform and Innovation Project”(Project No.20220121Z0208 and 202110018002)The College Discipline Construction Project(Project No.20230007Z0452 and 20230010Z0452)。
文摘With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.
基金Taif University Researchers Supporting Project number(TURSP-2020/98),Taif University,Taif,Saudi Arabia。
文摘Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.
基金funded by the National Natural Science Foundation of China(62172418)the Joint Funds of the National Natural Science Foundation of China and the Civil Aviation Administration of China(U2133203)+1 种基金the Education Commission Scientific Research Project of Tianjin China(2022KJ081)the Open Fund of Key Laboratory of Civil Aircraft Airworthiness Technology(SH2021111907).
文摘System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.
文摘The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuous authentication initiating to be loftier to conventional authentication mechanisms by continuously confirming users’identities on continuing basis and mark the instant at which an illegitimate hacker grasps dominance of the session.However,divergent issues remain unaddressed.This research aims to investigate the power of Deep Reinforcement Learning technique to implicit continuous authentication for mobile devices using a method called,Gaussian Weighted Cauchy Kriging-based Continuous Czekanowski’s(GWCK-CC).First,a Gaussian Weighted Non-local Mean Filter Preprocessing model is applied for reducing the noise pre-sent in the raw input face images.Cauchy Kriging Regression function is employed to reduce the dimensionality.Finally,Continuous Czekanowski’s Clas-sification is utilized for proficient classification between the genuine user and attacker.By this way,the proposed GWCK-CC method achieves accurate authen-tication with minimum error rate and time.Experimental assessment of the pro-posed GWCK-CC method and existing methods are carried out with different factors by using UMDAA-02 Face Dataset.The results confirm that the proposed GWCK-CC method enhances authentication accuracy,by 9%,reduces the authen-tication time,and error rate by 44%,and 43%as compared to the existing methods.