Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones.These devices and mobile applications are now increasingly used a...Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones.These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things(mIoT).mIoT is an important part of the digital transformation of healthcare,because it can introduce new business models and allow efficiency improvements,cost control and improve patient experience.In the mIoT system,when migrating from traditional medical services to electronic medical services,patient protection and privacy are the priorities of each stakeholder.Therefore,it is recommended to use different user authentication and authorization methods to improve security and privacy.In this paper,our prosed model involves a shared identity verification process with different situations in the e-health system.We aim to reduce the strict and formal specification of the joint key authentication model.We use the AVISPA tool to verify through the wellknown HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment.Our model has economic and strategic advantages for healthcare organizations and healthcare workers.The medical staff can increase their knowledge and ability to analyze medical data more easily.Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time.Further,it can help customers prevent chronic diseases with the enhanced cognitive functions support.The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.展开更多
This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder genera...This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly...Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly hundreds of billions of devices will be linked together.These smart devices will be able to gather data,process it,and even come to decisions on their own.Security is the most essential thing in these situations.In IoT infrastructure,authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit(e.g.,via client identification and provision of secure communication).It is still challenging to create secure,authenticated key exchange techniques.The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing,hashing,or modular exponentiation processes.The focus of this paper is to propose an efficient three-party authenticated key exchange procedure(AKEP)using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above.The proposed three-party AKEP is protected from several attacks.The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications,according to statistical experiments and low processing costs.To protect client identification when transferring data over an insecure public network,our three-party AKEP may also offer client anonymity.Finally,the presented procedure offers better security features than the procedures currently available in the literature.展开更多
An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-e...An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated sy...This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.展开更多
During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure ...During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.展开更多
Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment ar...Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.展开更多
In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first sc...In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first scheme,the third party, called Trent is introduced to authenticate the users that participate in the communication.He sends thepolarized photons in blocks to authenticate communication parties Alice and Bob using the authentication keys.In thecommunication process, polarized single photons are used to serve as the carriers, which transmit the secret messagesdirectly.The second QSDC process with authentication between two parties is also discussed.展开更多
Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,bio...Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.展开更多
Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (C...Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.展开更多
Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Probl...Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.展开更多
Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-r...Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.展开更多
In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, su...In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.展开更多
Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor f...Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.展开更多
The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a ...The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.展开更多
In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are describ...In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.展开更多
基金This work was supported by Taif University(in Taif,Saudi Arabia)through the Researchers Supporting Project Number(TURSP-2020/150).
文摘Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones.These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things(mIoT).mIoT is an important part of the digital transformation of healthcare,because it can introduce new business models and allow efficiency improvements,cost control and improve patient experience.In the mIoT system,when migrating from traditional medical services to electronic medical services,patient protection and privacy are the priorities of each stakeholder.Therefore,it is recommended to use different user authentication and authorization methods to improve security and privacy.In this paper,our prosed model involves a shared identity verification process with different situations in the e-health system.We aim to reduce the strict and formal specification of the joint key authentication model.We use the AVISPA tool to verify through the wellknown HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment.Our model has economic and strategic advantages for healthcare organizations and healthcare workers.The medical staff can increase their knowledge and ability to analyze medical data more easily.Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time.Further,it can help customers prevent chronic diseases with the enhanced cognitive functions support.The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.
文摘This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
文摘Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly hundreds of billions of devices will be linked together.These smart devices will be able to gather data,process it,and even come to decisions on their own.Security is the most essential thing in these situations.In IoT infrastructure,authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit(e.g.,via client identification and provision of secure communication).It is still challenging to create secure,authenticated key exchange techniques.The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing,hashing,or modular exponentiation processes.The focus of this paper is to propose an efficient three-party authenticated key exchange procedure(AKEP)using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above.The proposed three-party AKEP is protected from several attacks.The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications,according to statistical experiments and low processing costs.To protect client identification when transferring data over an insecure public network,our three-party AKEP may also offer client anonymity.Finally,the presented procedure offers better security features than the procedures currently available in the literature.
基金Sponsored bythe National Natural Science Foundation of China(60203012)
文摘An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
基金the High Technology Research and Development Program of Jiangsu Province (No.BG2005001)Hong Kong Innovation and Technology Fund (No.ITS/99/02).
文摘This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.
文摘During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.
基金This work is supported by the Sichuan education department research project(No.16226483)Sichuan Science and Technology Program(No.2018GZDZX0008)+1 种基金Chengdu Science and Technology Program(No.2018-YF08-00007-GX)the National Natural Science Foundation of China(No.61872087).
文摘Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.
基金Supported by the National Fundamental Research Program under Grant No.2010CB923202Specialized Research Fund for the Doctoral Program of Education Ministry of China under Grant No.20090005120008+1 种基金 the Fundamental Research Funds for the Central Universities under Grant No.BUPT2009RC0710 China National Natural Science Foundation under Grant Nos.60871082,60937003 and 10947151
文摘In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication.The authentication key expansion method is introduced to improve the life of the keys with security.In the first scheme,the third party, called Trent is introduced to authenticate the users that participate in the communication.He sends thepolarized photons in blocks to authenticate communication parties Alice and Bob using the authentication keys.In thecommunication process, polarized single photons are used to serve as the carriers, which transmit the secret messagesdirectly.The second QSDC process with authentication between two parties is also discussed.
基金This work was supported by the National Natural Science Foundation of China(No.61802214)the Natural Science Foundation of Shandong Province(Nos.ZR2019BF009,ZR2018LF007,ZR2017MF0,ZR2016YL011)+2 种基金the Shandong Provincial Key Research and Development Program of China(2018GGX1010052017,CXGC07012016,GGX109001)the Project of Shandong Province Higher Educational Science and Technology Program(No.J17KA049)the Global Infrastructure Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(NRF-2018K1A3A1A20026485).
文摘Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.
基金Supported by the National Natural Science Founda-tion of China (60225007, 60572155) and the Science and Technology Research Project of Shanghai (04DZ07067)
文摘Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.
基金Supported by "973" Program of China (No.G1999035805), "863" Program of China(No.2002AA143041), and RGC Project (No.HKU/7144/03E) of the Hong Kong SpecialAdministrative Region, China.
文摘Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.
基金the National Natural Science Foundation of China (2007AA01Z431)
文摘Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.
基金supported by the Natural Science Foundation of Zhejiang Province,China(Grant No.LZ12F02005)the Major State Basic Research Development Program of China(Grant No.2013CB834205)the National Natural Science Foundation of China(Grant No.61070153)
文摘In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.
文摘Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.
基金The authors extend their gratitude to the Deanship of Scientific Research at King Khalid University for funding this work through the research group program under grant number R.G.P.1/72/42The work of Agbotiname Lucky Imoize is supported by the Nigerian Petroleum Technology Development Fund(PTDF)and the German Academic Exchange Service(DAAD)through the Nigerian-German Postgraduate Program under grant 57473408.
文摘The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.
基金Supported by the National Natural Science Foundation of China (No.60203004) Post-doctor Foundation of China (No.2003033155).
文摘In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.
