Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present ...Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.展开更多
Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-r...Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.展开更多
To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnera...To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.展开更多
Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challe...Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.展开更多
Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at le...Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at least 0(log n) communication rounds.We formally present a constant -round Identity-based protocol with forward secrecy for group key exchange,which is provably secure in the security model introduced by Bresson et al.Our protocol focuses on round efficiency and the number of communication round is only one greater than the lower bound presented by Becker and Wille.And,the protocol provides a batch verification technique,which simultaneously verifies the validity of messages from other group participants and greatly improves computational efficiency.Moreover,in our protocol,it is no necessary of always-online key generation center during the execution of the protocol compared to other Identity-based protocols.展开更多
Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem th...Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.展开更多
Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dicti...Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dictionary attack, but a new research has proved its vulnerability to off-line dictionary attack and proving step was applied by using “Patched Protocol” which was based on public key validation. Unfortunately, this step caused a raise in the computation cost, which made this protocol less appealing than its competitors. We proposed an alternate enhancement to keep this protocol secure without any extra computation cost that was known as “Enhanced Dragonfly”. This solution based on two-pre-shared secret passwords instead of one and the rounds between parties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly protocol is secure against off-line dictionary attacks by analyzing its security properties using the Scyther tool. A simulation was developed to measure the execution time of the enhanced protocol, which was found to be much less than the execution time of patched Dragonfly. The off-line dictionary attack time is consumed for few days if the dictionary size is 10,000. According to this, the use of the enhanced Dragonfly is more efficient than the patched Dragonfly.展开更多
Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network e...Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi- domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.展开更多
Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK sc...Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.展开更多
Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on pas...Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.展开更多
Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable n...Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable network with a secure session key.In this paper,we propose a simple,efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function.Our protocol is secure against dictionary attacks.Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.展开更多
With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware ...With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.展开更多
Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a tree-based grou...Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a tree-based group PAKE protocol - nPAKE^+ protocol under the setting where each party shares an independent password with a trusted server. The nPAKE^+ protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(log n). Additionally, the hierarchical feature of nPAKE^+ enables every subgroup to obtain its own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.展开更多
Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secu...Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.展开更多
The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round ...The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.展开更多
In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offl...In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.展开更多
Internet of Things(IoT)has become widely used nowadays and tremendous increase in the number of users raises its security requirements as well.The constraints on resources such as low computational capabilities and po...Internet of Things(IoT)has become widely used nowadays and tremendous increase in the number of users raises its security requirements as well.The constraints on resources such as low computational capabilities and power requirements demand lightweight cryptosystems.Conventional algorithms are not applicable in IoT network communications because of the constraints mentioned above.In this work,a novel and efficient scheme for providing security in IoT applications is introduced.The scheme proposes how security can be enhanced in a distributed IoT application by providing multilevel protection and dynamic key generation in the data uploading and transfer phases.Existing works rely on a single key for communication between sensing device and the attached gateway node.In proposed scheme,this session key is updated after each session and this is done by applying principles of cellular automata.The proposed system provides multilevel security by using incomparable benefits of blockchain,dynamic key and random number generation based on cellular automata.The same was implemented and tested with the widely known security protocol verification tool called Automated Validation of Internet Security Protocols and Applications(AVISPA).Results show that the scheme is secure against various attacks.The proposed scheme has been compared with related schemes and the result analysis shows that the new scheme is fast and efficient also.展开更多
基金Supported by the National Natural Science Foundation of China (90204012, 60573035, 60573036) and the University IT Research Center Project of Korea
文摘Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.
基金the National Natural Science Foundation of China (2007AA01Z431)
文摘Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.
基金Acknowledgements This work was supported by the National Natural ScienceFoundation of China under Grants No. 60873191, No. 60903152, No. 60821001, and the Beijing Natural Science Foundation under Grant No. 4072020.
文摘To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.
基金supported by the Researchers Supporting Project(No.RSP-2021/395)King Saud University,Riyadh,Saudi Arabia.
文摘Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.
基金supported by the National Natural Science Foundation of China(Grant No.90204012)the National "863" High-tech Project of China(Grant No.2002AA143021)
文摘Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at least 0(log n) communication rounds.We formally present a constant -round Identity-based protocol with forward secrecy for group key exchange,which is provably secure in the security model introduced by Bresson et al.Our protocol focuses on round efficiency and the number of communication round is only one greater than the lower bound presented by Becker and Wille.And,the protocol provides a batch verification technique,which simultaneously verifies the validity of messages from other group participants and greatly improves computational efficiency.Moreover,in our protocol,it is no necessary of always-online key generation center during the execution of the protocol compared to other Identity-based protocols.
基金This research is funded by UKM under Grant No.GUP-2020-029.
文摘Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.
文摘Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dictionary attack, but a new research has proved its vulnerability to off-line dictionary attack and proving step was applied by using “Patched Protocol” which was based on public key validation. Unfortunately, this step caused a raise in the computation cost, which made this protocol less appealing than its competitors. We proposed an alternate enhancement to keep this protocol secure without any extra computation cost that was known as “Enhanced Dragonfly”. This solution based on two-pre-shared secret passwords instead of one and the rounds between parties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly protocol is secure against off-line dictionary attacks by analyzing its security properties using the Scyther tool. A simulation was developed to measure the execution time of the enhanced protocol, which was found to be much less than the execution time of patched Dragonfly. The off-line dictionary attack time is consumed for few days if the dictionary size is 10,000. According to this, the use of the enhanced Dragonfly is more efficient than the patched Dragonfly.
基金This paper was supported by National 863 Program (2013AA01A212), the National Natural Science Foundation of China (Grant Nos. 61370063, 61272512 and 61300177). Beijing Municipal Natural Science Foundation (4121001), Basic Research Foundation of Beijing Institute of Technology (20120742010 and 2013074200).
文摘Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi- domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.
基金Supported by the Key Laboratory Foundation of Communication Technology of China (9140C1103040902)
文摘Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.
基金the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)
文摘Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.
基金the National Natural Science Foundation of China(Nos.60703094 and 61070217)
文摘Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable network with a secure session key.In this paper,we propose a simple,efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function.Our protocol is secure against dictionary attacks.Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.
基金funded by the College-level Characteristic Teaching Material Project(Project No.20220119Z0221)The College Teaching Incubation Project(Project No.20220120Z0220)+3 种基金The Ministry of Education Industry-University Cooperation Collaborative Education Project(Project No.20220163H0211)The Central Universities Basic Scientific Research Fund(Project No.3282024009,20230051Z0114,and 20230050Z0114)The Beijing Higher Education“Undergraduate Teaching Reform and Innovation Project”(Project No.20220121Z0208 and 202110018002)The College Discipline Construction Project(Project No.20230007Z0452 and 20230010Z0452)。
文摘With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.
基金supported in part by the Concerted Research Action(GOA)Ambiorics 2005/11 of the Flemish Government and by the IAP Programme P6/26 BCRYPT of the Belgian State(Belgian Science Policy)Zhiguo Wan is supported in part by a research grant of the IBBT(Interdisciplinary institute for BroadBand Technology)of the Flemish Government.
文摘Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a tree-based group PAKE protocol - nPAKE^+ protocol under the setting where each party shares an independent password with a trusted server. The nPAKE^+ protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(log n). Additionally, the hierarchical feature of nPAKE^+ enables every subgroup to obtain its own subgroup key in the end. We also prove the security of our protocol under the random oracle model and the ideal cipher model.
文摘Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.
基金Supported by the National High Technology Research and Development Program of China (863 Program)(2006AA01Z405)
文摘The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.
基金Supported by the Natural Science Foundation of Jiangsu Province (Key Program) (BK2011023)
文摘In 2010,Lee et al proposed two simple and efficient three-party password-authenticated key exchange protocols that had been proven secure in the random oracle model.They argued that the two protocols could resist offline dictionary attacks.Indeed,the provable approach did not provide protection against off-line dictionary attacks.This paper shows that the two protocols are vulnerable to off-line dictionary attacks in the presence of an inside attacker because of an authentication flaw.This study conducts a detailed analysis on the flaw in the protocols and also shows how to eliminate the security flaw.
文摘Internet of Things(IoT)has become widely used nowadays and tremendous increase in the number of users raises its security requirements as well.The constraints on resources such as low computational capabilities and power requirements demand lightweight cryptosystems.Conventional algorithms are not applicable in IoT network communications because of the constraints mentioned above.In this work,a novel and efficient scheme for providing security in IoT applications is introduced.The scheme proposes how security can be enhanced in a distributed IoT application by providing multilevel protection and dynamic key generation in the data uploading and transfer phases.Existing works rely on a single key for communication between sensing device and the attached gateway node.In proposed scheme,this session key is updated after each session and this is done by applying principles of cellular automata.The proposed system provides multilevel security by using incomparable benefits of blockchain,dynamic key and random number generation based on cellular automata.The same was implemented and tested with the widely known security protocol verification tool called Automated Validation of Internet Security Protocols and Applications(AVISPA).Results show that the scheme is secure against various attacks.The proposed scheme has been compared with related schemes and the result analysis shows that the new scheme is fast and efficient also.
