Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. ...A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.展开更多
A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit tw...A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.展开更多
Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Probl...Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challe...Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.展开更多
Based on public key, a quantum identity authenticated (QIA) system is proposed without quantum entanglement. The public key acts as the authentication key of a user. Following the idea of the classical public key infr...Based on public key, a quantum identity authenticated (QIA) system is proposed without quantum entanglement. The public key acts as the authentication key of a user. Following the idea of the classical public key infrastructure (PKI), a trusted center of authentication (CA) is involved. The user selects a public key randomly and CA generates a private key for the user according to his public key. When it is necessary to perform QIA, the user sends a sequence of single photons encoded with its private key and a message to CA. According to the corresponding secret key kept by CA, CA performs the unitary operations on the single photon sequence. At last, the receiver can judge whether the user is an impersonator.展开更多
As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents p...As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents problems of information leakage and single point of failure,and those related to key escrow.Therefore,herein,an effective IA model based on multiattribute centers is designed.First,a private key of each attribute of a data requester is generated by the attribute authorization center.After obtaining the private key of attribute,the data requester generates a personal private key.Second,a dynamic key generation algorithm is proposed,which combines blockchain and smart contracts to periodically update the key of a data requester to prevent theft by external attackers,ensure the traceability of IA,and reduce the risk of privacy leakage.Third,the combination of blockchain and interplanetary file systems is used to store attribute field information of the data requester to further reduce the cost of blockchain information storage and improve the effectiveness of information storage.Experimental results show that the proposed model ensures the privacy and security of identity information and outperforms similar authentication models in terms of computational and communication costs.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
Two multiparty simultaneous quantum identity authentication (MSQIA) protocols based on secret sharing are presented. All the users can be authenticated by a trusted third party (TTP) simultaneously. In the first proto...Two multiparty simultaneous quantum identity authentication (MSQIA) protocols based on secret sharing are presented. All the users can be authenticated by a trusted third party (TTP) simultaneously. In the first protocol,the TTP shares a random key K with all the users using quantum secret sharing. The ith share acts as the authentication key of the ith user. When it is necessary to perform MSQIA,the TTP generates a random number R secretly and sends a sequence of single photons encoded with K and R to all the users. According to his share,each user performs the corresponding unitary operations on the single photon sequence sequentially. At last,the TTP can judge whether the impersonator exists. The sec-ond protocol is a modified version with a circular structure. The two protocols can be efficiently used for MSQIA in a network. They are feasible with current technol-ogy.展开更多
In this paper, the authors present a novel mutual authentication and key agreement protocol based on the Number Theory Research Unit (NTRU) public key cryptography. The symmetric encryption, hash and “challenge-respo...In this paper, the authors present a novel mutual authentication and key agreement protocol based on the Number Theory Research Unit (NTRU) public key cryptography. The symmetric encryption, hash and “challenge-response” techniques were adopted to build their protocol. To implement the mutual authentication and session key agreement, the proposed protocol contains two stages: namely initial procedure and real execution stage. Since the lightweight NTRU public key cryptography is employed, their protocol can not only overcome the security flaws of secret-key based authentication protocols such as those used in Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS), but also provide greater security and lower computational complexity in comparison with currently well-known public key based wireless authentication schemes such as Beller-Yacobi and M.Aydos protocols.展开更多
In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentica...In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentication that exploits the measurement correlation of six-particle entangled states is proposed. In contrast to some recently proposed quantum key agreement protocols with authentication, this protocol requires neither a semi-trusted third party nor additional private keys in the authentication process. The entire process of authentication and key agreement can be achieved using only n six-particle entangled states, which saves communication costs and reduces the complexity of the authentication process.Finally, security analysis shows that this scheme is resistant to some important attacks.展开更多
Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is ...Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk(eCK) security model based on the hardness assumption of the computational Diffie Hellman(CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack(MIMA) of key generation center(KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication.展开更多
In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-...In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-Podolsky-Rosen (EPR) pairs and polarized single photons in batches. A particle of the EPR pairs is retained in the sender's station, and the other is transmitted forth and back between the sender and the receiver, similar to the‘ping-pong' QSDC protocol. According to the shared information beforehand, these two kinds of quantum states are mixed and then transmitted via a quantum channel. The EPR pairs are used to transmit secret messages and the polarized single photons used for authentication and eavesdropping check. Consequently, because of the dual contributions of the polarized single photons, no classical information is needed. The intrinsic efficiency and total efficiency are both 1 in this scheme as almost all of the instances are useful and each EPR pair can be used to carry two bits of information.展开更多
In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first sc...In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first scheme,the third party, called Trent is introduced to authenticate the users that participate in the communication.He sends thepolarized photons in blocks to authenticate communication parties Alice and Bob using the authentication keys.In thecommunication process, polarized single photons are used to serve as the carriers, which transmit the secret messagesdirectly.The second QSDC process with authentication between two parties is also discussed.展开更多
In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like st...In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like states. Unlike existing unidirectional quantum entity authentication, our protocol enables mutual quantum entity authentication utilizing entanglement swapping; moreover, it allows the managing trusted center(TC) or trusted third party(TTP) to effectively control the certification of two users using the nature of the GHZ-like state. We will also analyze the security of the protocol and quantum channel.展开更多
Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-b...Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-based healthcare system,Jia et al.proposed an authenticated key agreement scheme.Moreover,in view of the high computation cost existing in Jia et al.’s scheme,Ma et al.presented an efficient one using elliptic curve cryptography.In this paper,we observe that both the two schemes may potentially risk ephemeral key compromise attacks and need improving.Therefore,to overcome this potential risk,we propose a new authenticated scheme based on Jia et al.’s scheme using elliptic curve computational Diffie-Hellman hypothesis and hash functions.Additionally,we provide provable security under the adopted adversarial model and ProVerif simulation,and also analyze the performance in terms of computation and communication costs by comparisons.The analysis results show that the improved scheme resists the common attacks,reduces computation overhead,and has a certain significance.展开更多
Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded poi...Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid (IBAG) and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.展开更多
The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these ...The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these features and applications have many problems and issues in terms of security,which has become a great challenge in the telecommunication industry.This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity,which randomly changes and does not use the permanent identity between the user equipment and home network.Through this mechanism,the user identity privacy would be secured and hidden.Moreover,it improves the synchronization between mobile users and home networks.Additionally,its compliance with the Authentication and Key Agreement(AKA)structure was adopted in the previous generations.It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector’s message size.Moreover,the addition of any hardware to the AKA carries minor adjustments on the network parties.In this paper,the ProVerif is used to verify the proposed scheme.展开更多
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
基金supported by the National High-Tech Research,Development Plan of China (Grant Nos 2006AA01Z440,2009AA012441 and 2009AA012437)National Basic Research Program of China (973 Program) (Grant No 2007CB311100)+5 种基金the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Scientific Research Common Program of Beijing Municipal Commission of Education (Grant No KM200810005004)Beijing Natural Science Foundation (Grant No 1093015)the Open Research Fund of National Mobile Communications Research Laboratory,Southeast Universitythe ISN Open FoundationScience and Technology Program of Beijing (Grant No Z07000100720706)
文摘A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 60572071 and 60873101)Natural Science Foundation of Jiangsu Province (Grant Nos BM2006504, BK2007104 and BK2008209)College Natural Science Foundation of Jiangsu Province (Grant No 06KJB520137)
文摘A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.
基金Supported by "973" Program of China (No.G1999035805), "863" Program of China(No.2002AA143041), and RGC Project (No.HKU/7144/03E) of the Hong Kong SpecialAdministrative Region, China.
文摘Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金supported by the Researchers Supporting Project(No.RSP-2021/395)King Saud University,Riyadh,Saudi Arabia.
文摘Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.
基金Supported by the National Basic Research Program of China(Grant No.2007CB311100)High-Tech Research and Development Program of China(Grant No.2006AA01Z440)
文摘Based on public key, a quantum identity authenticated (QIA) system is proposed without quantum entanglement. The public key acts as the authentication key of a user. Following the idea of the classical public key infrastructure (PKI), a trusted center of authentication (CA) is involved. The user selects a public key randomly and CA generates a private key for the user according to his public key. When it is necessary to perform QIA, the user sends a sequence of single photons encoded with its private key and a message to CA. According to the corresponding secret key kept by CA, CA performs the unitary operations on the single photon sequence. At last, the receiver can judge whether the user is an impersonator.
基金supported by the National Natural Science Foundation of China(Nos.61771289 and 61832012)the Natural Science Foundation of Shandong Province(Nos.ZR2021QF050 and ZR2021MF075)+2 种基金the Shandong Natural Science Foundation Major Basic Research(No.ZR2019ZD10)the Shandong Key Research and Development Program(No.2019GGX1050)the Shandong Major Agricultural Application Technology Innovation Project(No.SD2019NJ007).
文摘As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents problems of information leakage and single point of failure,and those related to key escrow.Therefore,herein,an effective IA model based on multiattribute centers is designed.First,a private key of each attribute of a data requester is generated by the attribute authorization center.After obtaining the private key of attribute,the data requester generates a personal private key.Second,a dynamic key generation algorithm is proposed,which combines blockchain and smart contracts to periodically update the key of a data requester to prevent theft by external attackers,ensure the traceability of IA,and reduce the risk of privacy leakage.Third,the combination of blockchain and interplanetary file systems is used to store attribute field information of the data requester to further reduce the cost of blockchain information storage and improve the effectiveness of information storage.Experimental results show that the proposed model ensures the privacy and security of identity information and outperforms similar authentication models in terms of computational and communication costs.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金the National Basic Research Program of China (973 Program) (Grant No. 2007CB311100)the National High Technology Research and Development Program of China (Grant Nos. 2006AA01Z419 and 20060101Z4015)+5 种基金the Major Research Plan of the National Natural Science Foundation of China (Grant No. 90604023)the Scientific Research Common Program of Beijing Municipal Commission of Education (Grant No. KM200810005004)the Scientific Research Foundation for the Youth of Beijing University of Technology (Grant No. 97007016200701)the National Research Foundation for the Doctoral Program of Higher Education of China (Grant No. 20040013007)the National Laboratory for Modern Communications Science Foundation of China (Grant No. 9140C1101010601)the Doctor Scientific Research Activation Foundation of Beijing University of Technology (Grant No. 52007016200702)
文摘Two multiparty simultaneous quantum identity authentication (MSQIA) protocols based on secret sharing are presented. All the users can be authenticated by a trusted third party (TTP) simultaneously. In the first protocol,the TTP shares a random key K with all the users using quantum secret sharing. The ith share acts as the authentication key of the ith user. When it is necessary to perform MSQIA,the TTP generates a random number R secretly and sends a sequence of single photons encoded with K and R to all the users. According to his share,each user performs the corresponding unitary operations on the single photon sequence sequentially. At last,the TTP can judge whether the impersonator exists. The sec-ond protocol is a modified version with a circular structure. The two protocols can be efficiently used for MSQIA in a network. They are feasible with current technol-ogy.
基金Project (No. 60372076) supported by the National Natural ScienceFoundation of China
文摘In this paper, the authors present a novel mutual authentication and key agreement protocol based on the Number Theory Research Unit (NTRU) public key cryptography. The symmetric encryption, hash and “challenge-response” techniques were adopted to build their protocol. To implement the mutual authentication and session key agreement, the proposed protocol contains two stages: namely initial procedure and real execution stage. Since the lightweight NTRU public key cryptography is employed, their protocol can not only overcome the security flaws of secret-key based authentication protocols such as those used in Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS), but also provide greater security and lower computational complexity in comparison with currently well-known public key based wireless authentication schemes such as Beller-Yacobi and M.Aydos protocols.
基金the National Science Foundation of Sichuan Province, China (Grant No. 2022NSFSC0534)Major Science, and Techonolgy Application Demonstration Project in Chengdu (Grant No. 2021-YF09-0116-GX)。
文摘In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentication that exploits the measurement correlation of six-particle entangled states is proposed. In contrast to some recently proposed quantum key agreement protocols with authentication, this protocol requires neither a semi-trusted third party nor additional private keys in the authentication process. The entire process of authentication and key agreement can be achieved using only n six-particle entangled states, which saves communication costs and reduces the complexity of the authentication process.Finally, security analysis shows that this scheme is resistant to some important attacks.
文摘Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk(eCK) security model based on the hardness assumption of the computational Diffie Hellman(CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack(MIMA) of key generation center(KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication.
基金Project supported by the National High Technology Research and Development Program of China (Grant No 2006AA01Z419), the Major Research plan of the National Natural Science Foundation of China (Grant No 90604023), National Laboratory for Moderm Communications Science Foundation of China (Grant No 9140C1101010601) and the 0pen Foundation of State Key Laboratory of Information Security (Graduate School of Chinese Academy of Sciences).
文摘In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-Podolsky-Rosen (EPR) pairs and polarized single photons in batches. A particle of the EPR pairs is retained in the sender's station, and the other is transmitted forth and back between the sender and the receiver, similar to the‘ping-pong' QSDC protocol. According to the shared information beforehand, these two kinds of quantum states are mixed and then transmitted via a quantum channel. The EPR pairs are used to transmit secret messages and the polarized single photons used for authentication and eavesdropping check. Consequently, because of the dual contributions of the polarized single photons, no classical information is needed. The intrinsic efficiency and total efficiency are both 1 in this scheme as almost all of the instances are useful and each EPR pair can be used to carry two bits of information.
基金Supported by the National Fundamental Research Program under Grant No.2010CB923202Specialized Research Fund for the Doctoral Program of Education Ministry of China under Grant No.20090005120008+1 种基金 the Fundamental Research Funds for the Central Universities under Grant No.BUPT2009RC0710 China National Natural Science Foundation under Grant Nos.60871082,60937003 and 10947151
文摘In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first scheme,the third party, called Trent is introduced to authenticate the users that participate in the communication.He sends thepolarized photons in blocks to authenticate communication parties Alice and Bob using the authentication keys.In thecommunication process, polarized single photons are used to serve as the carriers, which transmit the secret messagesdirectly.The second QSDC process with authentication between two parties is also discussed.
基金Project supported by the Research Foundation of Korea University
文摘In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like states. Unlike existing unidirectional quantum entity authentication, our protocol enables mutual quantum entity authentication utilizing entanglement swapping; moreover, it allows the managing trusted center(TC) or trusted third party(TTP) to effectively control the certification of two users using the nature of the GHZ-like state. We will also analyze the security of the protocol and quantum channel.
基金supported by the National Natural Science Foundation of China(Grant Nos.Ui708262,U1736203,61872449).
文摘Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-based healthcare system,Jia et al.proposed an authenticated key agreement scheme.Moreover,in view of the high computation cost existing in Jia et al.’s scheme,Ma et al.presented an efficient one using elliptic curve cryptography.In this paper,we observe that both the two schemes may potentially risk ephemeral key compromise attacks and need improving.Therefore,to overcome this potential risk,we propose a new authenticated scheme based on Jia et al.’s scheme using elliptic curve computational Diffie-Hellman hypothesis and hash functions.Additionally,we provide provable security under the adopted adversarial model and ProVerif simulation,and also analyze the performance in terms of computation and communication costs by comparisons.The analysis results show that the improved scheme resists the common attacks,reduces computation overhead,and has a certain significance.
基金the Sichuan Provincial Youth Software Innovation Foundation (2004AA03692005AA0827).
文摘Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid (IBAG) and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.
基金The Universiti Kebangsaan Malaysia(UKM)Research Grant Scheme GGPM-2020-028 funded this research.
文摘The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these features and applications have many problems and issues in terms of security,which has become a great challenge in the telecommunication industry.This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity,which randomly changes and does not use the permanent identity between the user equipment and home network.Through this mechanism,the user identity privacy would be secured and hidden.Moreover,it improves the synchronization between mobile users and home networks.Additionally,its compliance with the Authentication and Key Agreement(AKA)structure was adopted in the previous generations.It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector’s message size.Moreover,the addition of any hardware to the AKA carries minor adjustments on the network parties.In this paper,the ProVerif is used to verify the proposed scheme.
