In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure ...During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.展开更多
Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment ar...Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.展开更多
Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (C...Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.展开更多
Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on pas...Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.展开更多
Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Probl...Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.展开更多
Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-r...Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.展开更多
In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, su...In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.展开更多
The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a ...The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.展开更多
Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly...Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly hundreds of billions of devices will be linked together.These smart devices will be able to gather data,process it,and even come to decisions on their own.Security is the most essential thing in these situations.In IoT infrastructure,authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit(e.g.,via client identification and provision of secure communication).It is still challenging to create secure,authenticated key exchange techniques.The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing,hashing,or modular exponentiation processes.The focus of this paper is to propose an efficient three-party authenticated key exchange procedure(AKEP)using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above.The proposed three-party AKEP is protected from several attacks.The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications,according to statistical experiments and low processing costs.To protect client identification when transferring data over an insecure public network,our three-party AKEP may also offer client anonymity.Finally,the presented procedure offers better security features than the procedures currently available in the literature.展开更多
In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are describ...In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.展开更多
Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,bio...Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.展开更多
Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor f...Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.展开更多
An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-e...An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.展开更多
Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secu...Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.展开更多
The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to requi...The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy--perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.展开更多
This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated sy...This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.展开更多
Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network e...Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi- domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.展开更多
Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-b...Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-based healthcare system,Jia et al.proposed an authenticated key agreement scheme.Moreover,in view of the high computation cost existing in Jia et al.’s scheme,Ma et al.presented an efficient one using elliptic curve cryptography.In this paper,we observe that both the two schemes may potentially risk ephemeral key compromise attacks and need improving.Therefore,to overcome this potential risk,we propose a new authenticated scheme based on Jia et al.’s scheme using elliptic curve computational Diffie-Hellman hypothesis and hash functions.Additionally,we provide provable security under the adopted adversarial model and ProVerif simulation,and also analyze the performance in terms of computation and communication costs by comparisons.The analysis results show that the improved scheme resists the common attacks,reduces computation overhead,and has a certain significance.展开更多
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
文摘During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.
基金This work is supported by the Sichuan education department research project(No.16226483)Sichuan Science and Technology Program(No.2018GZDZX0008)+1 种基金Chengdu Science and Technology Program(No.2018-YF08-00007-GX)the National Natural Science Foundation of China(No.61872087).
文摘Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.
基金Supported by the National Natural Science Founda-tion of China (60225007, 60572155) and the Science and Technology Research Project of Shanghai (04DZ07067)
文摘Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.
基金the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)
文摘Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.
基金Supported by "973" Program of China (No.G1999035805), "863" Program of China(No.2002AA143041), and RGC Project (No.HKU/7144/03E) of the Hong Kong SpecialAdministrative Region, China.
文摘Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication, key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.
基金the National Natural Science Foundation of China (2007AA01Z431)
文摘Because cross-realm C2C-PAKE (client-to-client password authenticated key exchange) protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client (only 2-rounds between a client and a server). Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.
基金supported by the Natural Science Foundation of Zhejiang Province,China(Grant No.LZ12F02005)the Major State Basic Research Development Program of China(Grant No.2013CB834205)the National Natural Science Foundation of China(Grant No.61070153)
文摘In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.
基金The authors extend their gratitude to the Deanship of Scientific Research at King Khalid University for funding this work through the research group program under grant number R.G.P.1/72/42The work of Agbotiname Lucky Imoize is supported by the Nigerian Petroleum Technology Development Fund(PTDF)and the German Academic Exchange Service(DAAD)through the Nigerian-German Postgraduate Program under grant 57473408.
文摘The Human-Centered Internet of Things(HC-IoT)is fast becoming a hotbed of security and privacy concerns.Two users can establish a common session key through a trusted server over an open communication channel using a three-party authenticated key agreement.Most of the early authenticated key agreement systems relied on pairing,hashing,or modular exponentiation processes that are computationally intensive and cost-prohibitive.In order to address this problem,this paper offers a new three-party authenticated key agreement technique based on fractional chaotic maps.The new scheme uses fractional chaotic maps and supports the dynamic sensing of HC-IoT devices in the network architecture without a password table.The projected security scheme utilized a hash function,which works well for the resource-limited HC-IoT architectures.Test results show that our new technique is resistant to password guessing attacks since it does not use a password.Furthermore,our approach provides users with comprehensive privacy protection,ensuring that a user forgery attack causes no harm.Finally,our new technique offers better security features than the techniques currently available in the literature.
文摘Internet of Things(IoT)applications can be found in various industry areas,including critical infrastructure and healthcare,and IoT is one of several technological developments.As a result,tens of billions or possibly hundreds of billions of devices will be linked together.These smart devices will be able to gather data,process it,and even come to decisions on their own.Security is the most essential thing in these situations.In IoT infrastructure,authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit(e.g.,via client identification and provision of secure communication).It is still challenging to create secure,authenticated key exchange techniques.The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing,hashing,or modular exponentiation processes.The focus of this paper is to propose an efficient three-party authenticated key exchange procedure(AKEP)using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above.The proposed three-party AKEP is protected from several attacks.The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications,according to statistical experiments and low processing costs.To protect client identification when transferring data over an insecure public network,our three-party AKEP may also offer client anonymity.Finally,the presented procedure offers better security features than the procedures currently available in the literature.
基金Supported by the National Natural Science Foundation of China (No.60203004) Post-doctor Foundation of China (No.2003033155).
文摘In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.
基金This work was supported by the National Natural Science Foundation of China(No.61802214)the Natural Science Foundation of Shandong Province(Nos.ZR2019BF009,ZR2018LF007,ZR2017MF0,ZR2016YL011)+2 种基金the Shandong Provincial Key Research and Development Program of China(2018GGX1010052017,CXGC07012016,GGX109001)the Project of Shandong Province Higher Educational Science and Technology Program(No.J17KA049)the Global Infrastructure Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(NRF-2018K1A3A1A20026485).
文摘Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.
文摘Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.
基金Sponsored bythe National Natural Science Foundation of China(60203012)
文摘An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.
文摘Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.
基金Supported in part by the National High-Tech Research & Development Program of China (Grant No. 2006AA01Z424)the National NaturalScience Foundation of China (Grant Nos. 60673079, 60773086)the National Basic Research Program of China (Grant No. 2007CB311201)
文摘The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy--perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.
基金the High Technology Research and Development Program of Jiangsu Province (No.BG2005001)Hong Kong Innovation and Technology Fund (No.ITS/99/02).
文摘This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.
基金This paper was supported by National 863 Program (2013AA01A212), the National Natural Science Foundation of China (Grant Nos. 61370063, 61272512 and 61300177). Beijing Municipal Natural Science Foundation (4121001), Basic Research Foundation of Beijing Institute of Technology (20120742010 and 2013074200).
文摘Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi- domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.
基金supported by the National Natural Science Foundation of China(Grant Nos.Ui708262,U1736203,61872449).
文摘Because of its closeness to users,fog computing responds faster than cloud computing.Thus,it has been deployed to various applications,such as healthcare system.Recently,to ensure the secure communication of the fog-based healthcare system,Jia et al.proposed an authenticated key agreement scheme.Moreover,in view of the high computation cost existing in Jia et al.’s scheme,Ma et al.presented an efficient one using elliptic curve cryptography.In this paper,we observe that both the two schemes may potentially risk ephemeral key compromise attacks and need improving.Therefore,to overcome this potential risk,we propose a new authenticated scheme based on Jia et al.’s scheme using elliptic curve computational Diffie-Hellman hypothesis and hash functions.Additionally,we provide provable security under the adopted adversarial model and ProVerif simulation,and also analyze the performance in terms of computation and communication costs by comparisons.The analysis results show that the improved scheme resists the common attacks,reduces computation overhead,and has a certain significance.
