BDSec:Security Authentication Protocol for BeiDou-II Civil Navigation Message

Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-II civil navigation message(BDII-CNAV)are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM)series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDII-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism)to protect the integrity of the BDII-CNAV,adopts the SM2 algorithm(Public key cryptosystem)to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm)to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDII-CNAV.

PSAP-WSN:A Provably Secure Authentication Protocol for 5G-Based Wireless Sensor Networks

Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and widespread connections.Wireless sensor networks(WSNs),which comprise various sensors,are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection,and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol forWSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSNis proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable forWSN environments.

Sequence Patterns of Identity Authentication Protocols

From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases： with or without the trusted third party （TFP）. Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.

An Enhanced Privacy Preserving, Secure and Efficient Authentication Protocol for VANET

Vehicular ad hoc networks (VANETs) have attracted growing interest in both academia and industry because they can provide a viable solutionthat improves road safety and comfort for travelers on roads. However, wireless communications over open-access environments face many security andprivacy issues that may affect deployment of large-scale VANETs. Researchershave proposed different protocols to address security and privacy issues in aVANET, and in this study we cryptanalyze some of the privacy preservingprotocols to show that all existing protocols are vulnerable to the Sybilattack. The Sybil attack can be used by malicious actors to create fakeidentities that impair existing protocols, which allows them to imitate trafficcongestion or at worse cause an accident that may result in the loss of humanlife. This vulnerability exists because those protocols store vehicle identitiesin an encrypted form, and it is not possible to search over the encryptedidentities to find fake vehicles. This attack is serious in nature and veryprevalent for privacy-preserving protocols. To cope with this kind of attack,we propose a novel and practical protocol that uses Public key encryptionwith an equality test (PKEET) to search over the encrypted identities withoutleaking any information, and eventually eliminate the Sybil attack. Theproposed approach improves security and at the same time maintains privacyin VANET. Our performance analysis indicates that the proposed protocoloutperforms state-of-the-art protocols: The proposed beacon generation timeis constant compared to a linear increase in existing protocols, with beaconverification shown to be faster by 7.908%. Our communicational analysisshows that the proposed protocol with a beacon size of 322 bytes has the leastcommunicational overhead compared to other state-of-the-art protocols.

ECC-Based RFID Authentication Protocol

The radio frequency identification(RFID)technology has been widely used so far in industrial and commercial applications.To develop the RFID tags that support elliptic curve cryptography(ECC),we propose a scalable and mutual authentication protocol based on ECC.We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy.We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements.Compared with other recent ECCbased RFID authentication protocols,our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy,tag computation cost,and communications cost.

The Vulnerability Analysis of Some Typical Hash-Based RFID Authentication Protocols

The low-cost RFID tags have very limited computing and storage resources and this makes it difficult to completely solve their security and privacy problems. Lightweight authentication is considered as one of the most effective methods to ensure the security in the RFID system. Many light-weight authentication protocols use Hash function and pseudorandom generator to ensure the anonymity and confidential communication of the RFID system. But these protocols do not provide such security as they claimed. By analyzing some typical Hash-based RFID authentication protocols, it is found that they are vulnerable to some common attacks. Many protocols cannot resist tracing attack and de-synchronization attack. Some protocols cannot provide forward security. Gy?z? Gódor and Sándor Imre proposed a Hash-based authentication protocol and they claimed their protocol could resist the well-known attacks. But by constructing some different attack scenarios, their protocol is shown to be vulnerable to tracing attack and de-synchronization attack. Based on the analysis for the Hash-based authentication protocols, some feasible suggestions are proposed to improve the security of the RFID authentication protocols.

New Semantic Model for Authentication Protocols in ASMs

A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations： separating a principal executing a run of protocol from the role in the protocol, and inferring a principal＇s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability （SAT） problem and efficiently implemented by a modern SAT solver.

An Efficient and Secure Authentication Protocol for RFID Systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.

Research on a provable security RFID authentication protocol based on Hash function

Research on existing radio frequency identification（RFID） authentication protocols security risks, poor performance and other problems, a RFID security authentication protocol based on dynamic identification（ID） and Key value renewal is proposed. Meanwhile, the security problems based on Hash function RFID security authentication protocol in recent years have been also sorted and analyzed. Then a security model to design and analyze RFID protocols is built. By using the computational complexity, its correctness and security have been proved. Compared with the safety performance, storage overhead, computational overhead and other aspects of other protocols, the protocol for RFID has more efficient performance and ability to withstand various attacks. And the C# programming language is used to simulate the authentication process on the visual studio platform, which verifies the feasibility of the protocol.

Bilinear pair based authentication protocol for wireless medical sensor network

With the development of wirdess network and electronic technologies, the wireless sensor network （WSN） has been widely used in many applications. One of the most important applications is wireless medical sensor network （WMSN） , which makes modern heahh-care more popular. However, most of the sensor data transmitted in the WMSN is patient-related information. The sensor data are important and should be confidential. In addition, the attackers may also maliciously modify these sensor data. Therefore, both security and privacy are two very important issues in WMSN. A user authentication protocol and data security transmission mechanism based on bilinear pairing is proposed to protect data security and privacy. The proposed protocol enables the medical staff to monitor the health status of health care workers and provide timely and comprehensive health care information to the patient. Finally, through security and performance analysis, it can be found that the proposed authentication and key agreement protocol can resist common attacks such as impersonation attack, replay attack, online or offline password guessing attack, and stolen verifier attack. At the same time, this agreement is also in line with the performance of WMSN application environment.

An Anti-Quantum Authentication Protocol for Space Information Networks Based on Ring Learning with Errors

With the continuous development of satellite communication and Internet of things technology,more and more devices can access space information networks(SIN)and enjoy satellite services everywhere in the world.However,due to the openness of the air-to-ground channel,the device will face a series of security threats when accessing SIN,such as replay attacks,eavesdropping attacks,impersonation attacks,and man-in-the-middle attacks.These security threats will lead to illegal entity access and further endanger the reliability and availability of the system.Although scholars have proposed many enhanced security access authentication protocols,most of them have been proved to have security vulnerabilities.In addition,with the development of quantum computing,the previous authentication protocols based on some asymmetric cryptographic mechanisms such as discrete logarithm and elliptic curve cryptographic mechanisms may face new security challenges.In this context,this paper proposes a novel antiquantum access authentication protocol based on ring learning with errors(RLWE),which meets more security requirements and greatly reduces the authentication delay through prenegotiation.Through the security analysis and performance analysis,it is shown that our protocol can be more suitable for delaysensitive IoT devices to access SIN while ensuring higher security.

An enhanced scheme for mutual authentication for healthcare services

With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.

Efficient Authenticated Key Agreement Protocol Using Self-Certified Public Keys from Pairings

An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.

Efficient and Secure Authenticated Quantum Dialogue Protocols over Collective-Noise Channels

Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.

基于椭圆曲线的RFID协议的安全分析(英文)

Martínez et al.have proposed a secure RFID protocol recently which relies exclusively on the use of Elliptic Curve Cryptography(ECC)combined with a zero knowledge-based authentication scheme.In this paper,we show that this proposed protocol is not secure against the tracking attack.To make the attack successful,the adversary needs to execute three phases.Firstly,the attacker just eavesdrops on the messages exchanged between Reader and Tag.Secondly,the attacker impersonates the Reader to replay the message which is obtained from the first phase.Finally,the adversary acts as a man in the middle to tamper the messages exchanged between Reader and Tag.Then we propose an enhancement and prove that the revision is secure against the tracking attack while keeping other security properties.

Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-relatedprocesses to attain more profits. However, such IoT based smart industriesneed internet connectivity and interoperability which makes them susceptibleto numerous cyber-attacks due to the scarcity of computational resourcesof IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoTenvironment. In this paper, we propose a hyperelliptic curve cryptography(HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with theaim of improving security while lowering computational and communicationoverhead in IIoT environment. HECC with 80-bit smaller key and parameterssizes offers similar security as elliptic curve cryptography (ECC) with 160-bitlong key and parameters sizes. We assessed the IIoT-CS scheme security byapplying formal and informal security evaluation techniques. We used Realor Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formalsecurity analysis and proved that the IIoT-CS scheme provides resistance tovarious attacks. Our proposed IIoT-CS scheme is relatively less expensivecompared to the current state-of-the-art in terms of computational cost andcommunication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively, compared to the most recent protocol.

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.＇s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.＇s scheme still cannot achieve the claimed security goals and report its following problems： （1） It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; （2） It fails to provide forward secrecy; （3） It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

An Efficient Two-Party Key Exchange Protocol with Strong Security

Combined public key （CPK） cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman （DDH） assumption. The protocol can keep the session key secret from the adversary except that one party＇s ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.

Authenticated Diffie-Hellman Key Agreement Protocol with Forward Secrecy

Forward secrecy is an important security property in key agreement protocol. Based on Ham＇s protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham＇s protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user＇s secret key and it is very beneficial to today＇s communication with portable devices.