Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers.In this system,service providers consider user authentication as a critic...Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers.In this system,service providers consider user authentication as a critical requirement.To address this crucial requirement,various types of validation and key agreement protocols have been employed.The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws.This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol.The secureness of the proposed protocol undergoes an informal analysis,whose findings show that different security features are provided,including perfect forward secrecy and a resistance to DoS attacks.Furthermore,it is simulated and formally analyzed using Scyther tool.Simulation results indicate the protocol’s robustness,both in perfect forward security and against various attacks.In addition,the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost.The time complexity of the proposed protocol only involves time of performing a hash function Th,i.e.,:O(12Th).Average time required for executing the authentication is 0.006 seconds;with number of bit exchange is 704,both values are the lowest among the other protocols.The results of the comparison point to a superior performance by the proposed protocol.展开更多
Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stab...Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum sy...A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum system,the propounded protocol makes use of the advantage of the high-dimensional quantum system,which possesses higher efficiency and better robustness against eavesdropping.Besides,the protocol allows the classical participant to encode the secret key with qudit shifting operations without involving any quantum measurement abilities.The designed semi-quantum key agreement protocol could resist both participant attacks and outsider attacks.Meanwhile,the conjoint analysis of security and efficiency provides an appropriate choice for reference on the dimension of single-particle states and the number of decoy states.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. Thi...Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham's protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user's secret key and it is very beneficial to today's communication with portable devices.展开更多
Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is ...Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk(eCK) security model based on the hardness assumption of the computational Diffie Hellman(CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack(MIMA) of key generation center(KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication.展开更多
The development of wireless sensor network with Internet of Things(IoT)predicts various applications in the field of healthcare and cloud computing.This can give promising results on mobile health care(M-health)and Te...The development of wireless sensor network with Internet of Things(IoT)predicts various applications in the field of healthcare and cloud computing.This can give promising results on mobile health care(M-health)and Telecare medicine information systems.M-health system on cloud Internet of Things(IoT)through wireless sensor network(WSN)becomes the rising research for the need of modern society.Sensor devices attached to the patients’body which is connected to the mobile device can ease the medical services.Security is the key connect for optimal performance of the m-health system that share the data of patients in wireless networks in order to maintain the anonymity of the patients.This paper proposed a secure transmission of M-health data in wireless networks using proposed key agreement based Kerberos protocol.The patients processed data are stored in cloud server and accessed by doctors and caregivers.The data transfer between the patients,server and the doctors are accessed with proposed protocol in order to maintain the confidentiality and integrity of authentication.The efficiency of the proposed algorithm is compared with the existing protocols.For computing 100 devices it consumes only 91milllisecond for computation.展开更多
Simple authenticated key agreement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-in-the-middle attack with only two more packets required to agree on the secret session key, but it h...Simple authenticated key agreement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-in-the-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.展开更多
Wearable body area network(WBAN)aids the communication between the health providers and patients by supporting health monitoring services.It assists the users to maintain their health status records by collecting the ...Wearable body area network(WBAN)aids the communication between the health providers and patients by supporting health monitoring services.It assists the users to maintain their health status records by collecting the body signals and transmitting them for further processing measurements.However,sensor data are publicly transferred through insecure network that facilitates the attacker malicious acts like performing masquerading attack,man in the middle,and snooping.Several authentication techniques were suggested to levitate the security of the communication channels to preserve the user data from exposure.Moreover,authentication schemes aid plenty of security issues related to user and data privacy,anonymity,repudiation,confidentiality,and integrity,but they lack performance efficiency.On the other hand,it is very hard to find the balance between security and efficiency in most of the authentication schemes,especially for the WBAN platform that consists of memory and processing constraint devices.Therefore,this paper surveys and discusses the latest authentication schemes types,techniques,and system features.Also,it highlights their strengths and weaknesses towards common knowingly attacks and provides a comparison between the popular scheme validation proofs and simulation tools.Thence,this paper draws a path for the new direction of the authentication technologies,the authentication schemes open issues,and the potential future evolution in this area.展开更多
会话初始化协议(SIP)提供了认证和协商会话密钥,能保证后续会话的安全。2010年,Yoon等(YOONE-J,YOO K-Y.A three-factor authenticated key agreement scheme for SIP on elliptic curves.NSS'10:4th InternationalConference on Ne...会话初始化协议(SIP)提供了认证和协商会话密钥,能保证后续会话的安全。2010年,Yoon等(YOONE-J,YOO K-Y.A three-factor authenticated key agreement scheme for SIP on elliptic curves.NSS'10:4th InternationalConference on Network and System Security.Piscataway:IEEE,2010:334-339)提出一种新的三要素SIP认证密钥协商协议TAKASIP。但TAKASIP协议不能抵抗内部攻击、服务器伪装攻击、离线口令猜测攻击、身份冒充攻击和丢失标记攻击,并且没有提供双向认证。在TAKASIP协议基础上提出一种基于椭圆曲线密码三要素SIP认证协议ETAKASIP以解决上述问题。ETAKASIP基于椭圆曲线离散对数难题和椭圆曲线密码系统,提供了高安全性。该协议只需7次椭圆曲线点乘运算、1次椭圆曲线加法运算和最高6次哈希运算,有较高的运算效率。展开更多
文摘Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers.In this system,service providers consider user authentication as a critical requirement.To address this crucial requirement,various types of validation and key agreement protocols have been employed.The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws.This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol.The secureness of the proposed protocol undergoes an informal analysis,whose findings show that different security features are provided,including perfect forward secrecy and a resistance to DoS attacks.Furthermore,it is simulated and formally analyzed using Scyther tool.Simulation results indicate the protocol’s robustness,both in perfect forward security and against various attacks.In addition,the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost.The time complexity of the proposed protocol only involves time of performing a hash function Th,i.e.,:O(12Th).Average time required for executing the authentication is 0.006 seconds;with number of bit exchange is 704,both values are the lowest among the other protocols.The results of the comparison point to a superior performance by the proposed protocol.
文摘Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61871205 and 61561033)the Major Academic Discipline and Technical Leader of Jiangxi Province,China(Grant No.20162BCB22011).
文摘A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum system,the propounded protocol makes use of the advantage of the high-dimensional quantum system,which possesses higher efficiency and better robustness against eavesdropping.Besides,the protocol allows the classical participant to encode the secret key with qudit shifting operations without involving any quantum measurement abilities.The designed semi-quantum key agreement protocol could resist both participant attacks and outsider attacks.Meanwhile,the conjoint analysis of security and efficiency provides an appropriate choice for reference on the dimension of single-particle states and the number of decoy states.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金Supported by the National Natural Science Foundation of China (60873233)the Nature Science Foundation of Shaanxi Province, China (2006F19)the Technology Research Program of Xi’an, China (CXY08016)
文摘Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham's protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user's secret key and it is very beneficial to today's communication with portable devices.
文摘Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk(eCK) security model based on the hardness assumption of the computational Diffie Hellman(CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack(MIMA) of key generation center(KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication.
文摘The development of wireless sensor network with Internet of Things(IoT)predicts various applications in the field of healthcare and cloud computing.This can give promising results on mobile health care(M-health)and Telecare medicine information systems.M-health system on cloud Internet of Things(IoT)through wireless sensor network(WSN)becomes the rising research for the need of modern society.Sensor devices attached to the patients’body which is connected to the mobile device can ease the medical services.Security is the key connect for optimal performance of the m-health system that share the data of patients in wireless networks in order to maintain the anonymity of the patients.This paper proposed a secure transmission of M-health data in wireless networks using proposed key agreement based Kerberos protocol.The patients processed data are stored in cloud server and accessed by doctors and caregivers.The data transfer between the patients,server and the doctors are accessed with proposed protocol in order to maintain the confidentiality and integrity of authentication.The efficiency of the proposed algorithm is compared with the existing protocols.For computing 100 devices it consumes only 91milllisecond for computation.
基金This work was supported by National"863"High Technology Research and Development Programof China under grant 2002AA145090
文摘Simple authenticated key agreement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-in-the-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.
文摘Wearable body area network(WBAN)aids the communication between the health providers and patients by supporting health monitoring services.It assists the users to maintain their health status records by collecting the body signals and transmitting them for further processing measurements.However,sensor data are publicly transferred through insecure network that facilitates the attacker malicious acts like performing masquerading attack,man in the middle,and snooping.Several authentication techniques were suggested to levitate the security of the communication channels to preserve the user data from exposure.Moreover,authentication schemes aid plenty of security issues related to user and data privacy,anonymity,repudiation,confidentiality,and integrity,but they lack performance efficiency.On the other hand,it is very hard to find the balance between security and efficiency in most of the authentication schemes,especially for the WBAN platform that consists of memory and processing constraint devices.Therefore,this paper surveys and discusses the latest authentication schemes types,techniques,and system features.Also,it highlights their strengths and weaknesses towards common knowingly attacks and provides a comparison between the popular scheme validation proofs and simulation tools.Thence,this paper draws a path for the new direction of the authentication technologies,the authentication schemes open issues,and the potential future evolution in this area.
文摘会话初始化协议(SIP)提供了认证和协商会话密钥,能保证后续会话的安全。2010年,Yoon等(YOONE-J,YOO K-Y.A three-factor authenticated key agreement scheme for SIP on elliptic curves.NSS'10:4th InternationalConference on Network and System Security.Piscataway:IEEE,2010:334-339)提出一种新的三要素SIP认证密钥协商协议TAKASIP。但TAKASIP协议不能抵抗内部攻击、服务器伪装攻击、离线口令猜测攻击、身份冒充攻击和丢失标记攻击,并且没有提供双向认证。在TAKASIP协议基础上提出一种基于椭圆曲线密码三要素SIP认证协议ETAKASIP以解决上述问题。ETAKASIP基于椭圆曲线离散对数难题和椭圆曲线密码系统,提供了高安全性。该协议只需7次椭圆曲线点乘运算、1次椭圆曲线加法运算和最高6次哈希运算,有较高的运算效率。