Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backb...Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.展开更多
Wireless network is the basis of the Internet of things and theintelligent vehicle Internet. Due to the complexity of the Internet of things andintelligent vehicle Internet environment, the nodes of the Internet of th...Wireless network is the basis of the Internet of things and theintelligent vehicle Internet. Due to the complexity of the Internet of things andintelligent vehicle Internet environment, the nodes of the Internet of thingsand the intelligent vehicle Internet are more vulnerable to malicious destructionand attacks. Most of the proposed authentication and key agreementprotocols for wireless networks are based on traditional cryptosystems such aslarge integer decomposition and elliptic curves. With the rapid developmentof quantum computing, these authentication protocols based on traditionalcryptography will be more and more threatened, so it is necessary to designsome authentication and key agreement protocols that can resist quantumattacks. In this paper, an anti-quantum authentication scheme for wirelessnetworks based on lattice cryptosystem is constructed. In the attribute-basedauthentication scheme, the length of the authenticated public-private keypair depends on the maximum order and complexity of the formula in thealgorithm. In the attribute-based authentication scheme, there is a certaincorrelation between the authenticated data and the attribute value of theuser in the scheme. We show that the attribute-based authentication schemegives an attribute-based with smaller public-private key pairs. The securityof the attribute-based authentication scheme is based on the sub-exponentialhard problem of the LWE (Learning With Errors). The Q-poly made bythe adversary in the scheme, and our attribute-based authentication schemeguarantees that private data about user attributes and ciphertext cannot beobtained by malicious attackers.展开更多
Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restric...Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restricted processing abilities,storage,and energy constraints of the sensors.Therefore,it leads to infeasibility of developing traditional cryptographic solutions to the IoMT sensors.In order to ensure security on sensitive medical data,effective encryption and authentication techniques need to be designed to assure security of the patients and healthcare service providers.In this view,this study designs an effective metaheuristic optimization based encryption with user authentication(EMOE-UA)technique for IoMT environment.This work proposes an EMOE-UA technique aims to accomplish mutual authentication for addressing the security issues and reducing the computational complexity.Moreover,the EMOE-UA technique employs optimal multikey homomorphic encryption(OMKHE)technique to encrypt the IoMT data.Furthermore,the improved social spider optimization algorithm(ISSOA)was employed for the optimal multikey generation of the MKHE technique.The experimental result analysis of the EMOE-UA technique takes place using benchmark data and the results are examined under various aspects.The simulation results reported the considerably better performance of the EMOE-UA technique over the existing techniques.展开更多
In the current era, transmission and storing of medical data in the digital form is of great concern and thus the requirement for content authentication has aroused. As a solution to these, digital watermarking techni...In the current era, transmission and storing of medical data in the digital form is of great concern and thus the requirement for content authentication has aroused. As a solution to these, digital watermarking techniques and encryption schemes have been used to secure medical data like medical images. In this paper a combination of two algorithms to provide image authentication for medical images in the compressed format is proposed. In the proposed method, the watermark image is encrypted using the Enhanced modified RC6 block cipher (EMRC6) algorithm and the encrypted watermark image is watermarked using the simple Least significant Bit (LSB) watermarking technique. The watermarked output image shows no visual imparity and the watermark which has been extracted has no visual difference. The test results show that the watermarked image has high quality and the watermark is very secure. Also the PSNR value of proposed method is 44.966 on an average and 43.0633 for the existing system where LSB technique is integrated with MRC6 for security of watermark. Hence the work is aimed to increase the embedding volume and make the watermark more secure which is the basic requirement of medical image security.展开更多
Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imagin...Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.展开更多
Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To ...Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To address these problems,this paper proposes an enhanced Fully Homomorphic Encryption(FHE)algorithm based on an improved DGHV algorithm,coupled with an optimized ciphertext retrieval scheme.Our specific contributions are outlined as follows:First,we employ an authorization code to verify the user’s retrieval authority and perform hierarchical access control on cloud storage data.Second,a triple-key encryption mechanism,which separates the data encryption key,retrieval authorization key,and retrieval key,is designed.Different keys are provided to different entities to run corresponding system functions.The key separation architecture proves particularly advantageous in multi-verifier coexistence scenarios,environments involving untrusted third-party retrieval services.Finally,the enhanced DGHV-based retrieval mechanism extends conventional functionality by enabling multi-keyword queries with similarity-ranked results,thereby significantly improving both the functionality and usability of the FHE system.展开更多
The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario....The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.展开更多
Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Security information has become so significant in transmission due to the rapid advancement in digital data exchange. Thus, it is necessary to protect the confidentiality and licensing of video content from illegal ac...Security information has become so significant in transmission due to the rapid advancement in digital data exchange. Thus, it is necessary to protect the confidentiality and licensing of video content from illegal access. Currently, High-bandwidth Digital Content Protection (HDCP) provides the confidentiality and licensing of digital content for High Digital Multimedia Interface (HDMI). In this paper, we have been able to show how cryptanalysts have conducted attacks on the HDCP protocol showing its vulnerability in protecting digital contents. Therefore, the HDCP scheme is seriously flawed and compromised. Encryption and decryption of audio/video files were implemented in both Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms by means of Python Cryptography Toolkit (Pycrypto). Security analysis such as key space analysis and statistical analysis were carried out on the encrypted image. The result of the analysis indicates that AES algorithm is secure and robust;hence the authentication and licensing of HDMI can be improved by implementing HDCP design with AES algorithm.展开更多
With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large ...With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.展开更多
With the rising popularity of the Internet and the development of big data technology,an increasing number of organizations are opting to cooperate across domains to maximize their benefits.Most organizations use publ...With the rising popularity of the Internet and the development of big data technology,an increasing number of organizations are opting to cooperate across domains to maximize their benefits.Most organizations use public key infrastructure to ensure security in accessing their data and applications.However,with the continuous development of identity-based encryption(IBE)technology,small-and medium-sized enterprises are increasingly using IBE to deploy internal authentication systems.To solve the problems that arise when crossing heterogeneous authentication domains and to guarantee the security of the certification process,we propose using blockchain technology to establish a reliable cross-domain authentication scheme.Using the distributed and tamper-resistant characteristics of the blockchain,we design a cross-domain authentication model based on blockchain to guarantee the security of the heterogeneous authentication process and present a cross-domain authentication protocol based on blockchain.This model does not change the internal trust structure of each authentication domain and is highly scalable.Furthermore,on the premise of ensuring security,the process of verifying the signature of the root certificate in the traditional cross-domain authentication protocol is improved to verify the hash value of the root certificate,thereby improving the authentication efficiency.The developed prototype exhibits generality and simplicity compared to previous methods.展开更多
The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic cu...The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic curve cryptosystem to design a source authentication scheme for real-time applications. The proposed scheme uses the message recovery signature to reduce the computation cost. Thus, the proposed source authentication scheme is more suitable for real-time applications, such as online meeting, online movie, and online music.展开更多
Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like s...Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.展开更多
With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protecti...With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.展开更多
To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication sch...To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.展开更多
A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our s...A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our scheme can be instantiated with any computational secure key derivation and message authentication functions. Thus it extends the applicability of the Kurosawa-Desmedt scheme and improves its efficiency.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs....Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.展开更多
Kerberos is one of the solutions for network security problems since it provides strong secret key cryptography over the insecure networks. Through the Kerberos authentication protocol, a client can prove its identity...Kerberos is one of the solutions for network security problems since it provides strong secret key cryptography over the insecure networks. Through the Kerberos authentication protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection such as on Internet. In this comparative research paper, the Kerberos authentication protocol is extended and strengthened using x.509 with the integration of newer authentication system which is compared with previous authentication systems. In addition to this, RSA encryption mechanism used to provide authentication and security for the most communication systems replaced with Elliptic Curve Cryptography (ECC) encryption in Kerberos during authentication progress through simulation to expose possible efficient alternatives for key generation and to enhance security.展开更多
A new dynamic encryption application in ad-hoc networks is proposed. The advantages of this method are its being able to use the previous ciphertext as a seed of a new encryption process, rendering the encryption proc...A new dynamic encryption application in ad-hoc networks is proposed. The advantages of this method are its being able to use the previous ciphertext as a seed of a new encryption process, rendering the encryption process effective in all communication process by continuous dynamic key generation together with synchronization, and its capability to cut back on system bandages to a greater extent, which is valuable for the ad-hoc circumstance. In addition, the rationality and effectiveness of this novel encryption method have been verified by the test results.展开更多
文摘Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.
基金supported by the Special Project for Scientific and Technological Cooperation of Jiangxi Province[no.20212BDH80021].
文摘Wireless network is the basis of the Internet of things and theintelligent vehicle Internet. Due to the complexity of the Internet of things andintelligent vehicle Internet environment, the nodes of the Internet of thingsand the intelligent vehicle Internet are more vulnerable to malicious destructionand attacks. Most of the proposed authentication and key agreementprotocols for wireless networks are based on traditional cryptosystems such aslarge integer decomposition and elliptic curves. With the rapid developmentof quantum computing, these authentication protocols based on traditionalcryptography will be more and more threatened, so it is necessary to designsome authentication and key agreement protocols that can resist quantumattacks. In this paper, an anti-quantum authentication scheme for wirelessnetworks based on lattice cryptosystem is constructed. In the attribute-basedauthentication scheme, the length of the authenticated public-private keypair depends on the maximum order and complexity of the formula in thealgorithm. In the attribute-based authentication scheme, there is a certaincorrelation between the authenticated data and the attribute value of theuser in the scheme. We show that the attribute-based authentication schemegives an attribute-based with smaller public-private key pairs. The securityof the attribute-based authentication scheme is based on the sub-exponentialhard problem of the LWE (Learning With Errors). The Q-poly made bythe adversary in the scheme, and our attribute-based authentication schemeguarantees that private data about user attributes and ciphertext cannot beobtained by malicious attackers.
基金funded by Dirección General de Investigaciones of Universidad Santiago de Cali under call No.01-2021.
文摘Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restricted processing abilities,storage,and energy constraints of the sensors.Therefore,it leads to infeasibility of developing traditional cryptographic solutions to the IoMT sensors.In order to ensure security on sensitive medical data,effective encryption and authentication techniques need to be designed to assure security of the patients and healthcare service providers.In this view,this study designs an effective metaheuristic optimization based encryption with user authentication(EMOE-UA)technique for IoMT environment.This work proposes an EMOE-UA technique aims to accomplish mutual authentication for addressing the security issues and reducing the computational complexity.Moreover,the EMOE-UA technique employs optimal multikey homomorphic encryption(OMKHE)technique to encrypt the IoMT data.Furthermore,the improved social spider optimization algorithm(ISSOA)was employed for the optimal multikey generation of the MKHE technique.The experimental result analysis of the EMOE-UA technique takes place using benchmark data and the results are examined under various aspects.The simulation results reported the considerably better performance of the EMOE-UA technique over the existing techniques.
文摘In the current era, transmission and storing of medical data in the digital form is of great concern and thus the requirement for content authentication has aroused. As a solution to these, digital watermarking techniques and encryption schemes have been used to secure medical data like medical images. In this paper a combination of two algorithms to provide image authentication for medical images in the compressed format is proposed. In the proposed method, the watermark image is encrypted using the Enhanced modified RC6 block cipher (EMRC6) algorithm and the encrypted watermark image is watermarked using the simple Least significant Bit (LSB) watermarking technique. The watermarked output image shows no visual imparity and the watermark which has been extracted has no visual difference. The test results show that the watermarked image has high quality and the watermark is very secure. Also the PSNR value of proposed method is 44.966 on an average and 43.0633 for the existing system where LSB technique is integrated with MRC6 for security of watermark. Hence the work is aimed to increase the embedding volume and make the watermark more secure which is the basic requirement of medical image security.
基金supported by the National Key R&D Program of China(Grant No.2021YFB3900300)National Natural Science Foundation of China(Grant Nos.61860206007,62275177,and 62371321)+4 种基金Ministry of Education Science and Technology Chunhui Project(Grant No.HZKY20220559)International S and T Cooperation Program of Sichuan Province(Grant No.2023YFH0030)Sichuan Science and Technology Innovation Seeding Project(Grant No.23-YCG034)Sichuan Science and Technology Program(Grant No.2023YFG0334)Chengdu Science and Technology Program(Grant No.2022-GH02-00001-HZ).
文摘Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.
基金supported by the Innovation Program for Quantum Science and technology(2021ZD0301300)supported by the Fundamental Research Funds for the Central Universities(Nos.3282024046,3282024052,3282024058,3282023017).
文摘Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To address these problems,this paper proposes an enhanced Fully Homomorphic Encryption(FHE)algorithm based on an improved DGHV algorithm,coupled with an optimized ciphertext retrieval scheme.Our specific contributions are outlined as follows:First,we employ an authorization code to verify the user’s retrieval authority and perform hierarchical access control on cloud storage data.Second,a triple-key encryption mechanism,which separates the data encryption key,retrieval authorization key,and retrieval key,is designed.Different keys are provided to different entities to run corresponding system functions.The key separation architecture proves particularly advantageous in multi-verifier coexistence scenarios,environments involving untrusted third-party retrieval services.Finally,the enhanced DGHV-based retrieval mechanism extends conventional functionality by enabling multi-keyword queries with similarity-ranked results,thereby significantly improving both the functionality and usability of the FHE system.
文摘The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
文摘Security information has become so significant in transmission due to the rapid advancement in digital data exchange. Thus, it is necessary to protect the confidentiality and licensing of video content from illegal access. Currently, High-bandwidth Digital Content Protection (HDCP) provides the confidentiality and licensing of digital content for High Digital Multimedia Interface (HDMI). In this paper, we have been able to show how cryptanalysts have conducted attacks on the HDCP protocol showing its vulnerability in protecting digital contents. Therefore, the HDCP scheme is seriously flawed and compromised. Encryption and decryption of audio/video files were implemented in both Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms by means of Python Cryptography Toolkit (Pycrypto). Security analysis such as key space analysis and statistical analysis were carried out on the encrypted image. The result of the analysis indicates that AES algorithm is secure and robust;hence the authentication and licensing of HDMI can be improved by implementing HDCP design with AES algorithm.
基金This work is supported by the National Natural Science Foundation of China(No.62072240)the National Key Research and Development Program of China(No.2020YFB1804604).
文摘With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.
基金This work was supported in part by Beijing Municipal Natural Science Foundation(19L2020)Foundation of Science and Technology on Information Assurance Laboratory(614211204031117)Industrial Internet Innovation and Development Project(Typical Application and Promotion Project of the Security Technology for the Electronics Industry)of the Ministry of Industry and Information Technology of China in 2018,Foundation of Shanxi Key Laboratory of Network and System Security(NSSOF1900105).
文摘With the rising popularity of the Internet and the development of big data technology,an increasing number of organizations are opting to cooperate across domains to maximize their benefits.Most organizations use public key infrastructure to ensure security in accessing their data and applications.However,with the continuous development of identity-based encryption(IBE)technology,small-and medium-sized enterprises are increasingly using IBE to deploy internal authentication systems.To solve the problems that arise when crossing heterogeneous authentication domains and to guarantee the security of the certification process,we propose using blockchain technology to establish a reliable cross-domain authentication scheme.Using the distributed and tamper-resistant characteristics of the blockchain,we design a cross-domain authentication model based on blockchain to guarantee the security of the heterogeneous authentication process and present a cross-domain authentication protocol based on blockchain.This model does not change the internal trust structure of each authentication domain and is highly scalable.Furthermore,on the premise of ensuring security,the process of verifying the signature of the root certificate in the traditional cross-domain authentication protocol is improved to verify the hash value of the root certificate,thereby improving the authentication efficiency.The developed prototype exhibits generality and simplicity compared to previous methods.
文摘The overload of traditional cryptosystems is too high for real-time applications so there is a need to design a new encryption and signature scheme for the multicast applications. In this paper, we use the elliptic curve cryptosystem to design a source authentication scheme for real-time applications. The proposed scheme uses the message recovery signature to reduce the computation cost. Thus, the proposed source authentication scheme is more suitable for real-time applications, such as online meeting, online movie, and online music.
文摘Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.
基金Wenzhou Key Scientific and Technological Projects(No.ZG2020031)Wenzhou Polytechnic Research Projects(No.WZY2021002)+3 种基金Key R&D Projects in Zhejiang Province(No.2021C01117)Major Program of Natural Science Foundation of Zhejiang Province(LD22F020002)the Cloud Security Key Technology Research Laboratorythe Researchers Supporting Project Number(RSP2023R509),King Saud University,Riyadh,Saudi Arabia.
文摘With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.
基金Project supported by NSFC(Grant Nos.U1836205,61702040)the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)+2 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(Grant No.2018BDKFJJ016)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)Beijing Natural Science Foundation(Grant No.4174089).
文摘To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.
基金the National Basic Research Program(973) of China (No 2007CB807903)the National Natural Science Foundation of China (No. 60743006)+1 种基金the Natural Science Foundation of Shandong Province(No. Y2007G15)the Shandong Grant program for Post PH.D (No. 200601002)
文摘A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our scheme can be instantiated with any computational secure key derivation and message authentication functions. Thus it extends the applicability of the Kurosawa-Desmedt scheme and improves its efficiency.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
文摘Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.
文摘Kerberos is one of the solutions for network security problems since it provides strong secret key cryptography over the insecure networks. Through the Kerberos authentication protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection such as on Internet. In this comparative research paper, the Kerberos authentication protocol is extended and strengthened using x.509 with the integration of newer authentication system which is compared with previous authentication systems. In addition to this, RSA encryption mechanism used to provide authentication and security for the most communication systems replaced with Elliptic Curve Cryptography (ECC) encryption in Kerberos during authentication progress through simulation to expose possible efficient alternatives for key generation and to enhance security.
基金Sponsored byNational Nature Science Foundation of China(60236010)Teaching and Research Awardfor Outstanding Teachersin Higher Education Insitutions of Ministry of Education of China
文摘A new dynamic encryption application in ad-hoc networks is proposed. The advantages of this method are its being able to use the previous ciphertext as a seed of a new encryption process, rendering the encryption process effective in all communication process by continuous dynamic key generation together with synchronization, and its capability to cut back on system bandages to a greater extent, which is valuable for the ad-hoc circumstance. In addition, the rationality and effectiveness of this novel encryption method have been verified by the test results.
