The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement proto...The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.展开更多
The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a ri...The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.展开更多
Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic to...Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.展开更多
This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the fi...This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.展开更多
Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share ...Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.展开更多
Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier ap...Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.展开更多
In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be t...In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be transmitted over the network. Instead of direct embedding a message or image within the source image, choosing a window of size 2 x 2 of the source image in sliding window manner and then con-vert it from spatial domain to frequency domain using Discrete Fourier Transform (DFT). The bits of the authenticating message or image are then embedded at LSB within the real part of the transformed image. Inverse DFT is performed for the transformation from frequency domain to spatial domain as final step of encoding. Decoding is done through the reverse procedure. The experimental results have been discussed and compared with the existing steganography algorithm S-Tools. Histogram analysis and Chi-Square test of source image with embedded image shows the better results in comparison with the S-Tools.展开更多
In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authe...In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.展开更多
Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like s...Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.展开更多
Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own...Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own properties. Insuring digital image integrity has therefore become a major issue. Over the past few years, watermarking has emerged as the leading candidate to solve problems of ownership and content authentications for digital multimedia documents. To protect authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in multimedia content authentication. The aim of this paper is to present a survey and a comparison of emerging techniques for image authentication using semifragile watermarking. In present paper comprehensive overview of insertion and extraction methods used in different semi fragile water marking algorithm are studied using image parameters, potential application, different algorithms are described and focus is on their comparison according to the properties cited above and future directions for developing a better image authentication algorithm are suggested.展开更多
We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation,...We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.展开更多
Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identit...Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.展开更多
The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario....The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.展开更多
Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backb...Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.展开更多
The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are ...The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.展开更多
We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful atta...We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code,it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.展开更多
Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote...Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote collaborative sharing for vehicles.Blockchain,which can provide secure authentication and protected privacy,is a crucial technology.However,traditional cloud computing performs poorly in supplying low-latency and fast-response services for moving vehicles.In this situation,edge computing enabled Blockchain network appeals to be a promising method,where moving vehicles can access storage or computing resource and get authenticated from Blockchain edge nodes directly.In this paper,a hierarchical architecture is proposed consist of vehicular network layer,Blockchain edge layer and Blockchain network layer.Through a authentication mechanism adopting digital signature algorithm,it achieves trusted authentication and ensures valid verification.Moreover,a caching scheme based on many-to-many matching is proposed to minimize average delivery delay of vehicles.Simulation results prove that the proposed caching scheme has a better performance than existing schemes based on central-ized model or edge caching strategy in terms of hit ratio and average delay.展开更多
Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet...Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.展开更多
In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when th...In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when the fingerprint authentication is conducted. Moreover, the misalignment correction by the numerical calculation is indispensable for the fingerprint authentication devices to achieve the high accuracy. In this study, we investigated the effects of misalignment of the scanned genuine fingerprint image with the one used for generating the template on the accuracy in our fingerprint authentication method using the fractional Fourier transform (FRT). As a result, it was found that our method can achieve high authentication accuracy under the condition that the position-misalignment ratio is 17.6% or less and the rotation misalignment (rotation angle) is 28 degrees or less, even if the misalignment correction is not conducted.展开更多
Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted thi...Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.展开更多
基金supported by the Key Project of Science and Technology Research by Chongqing Education Commission under Grant KJZD-K202400610the Chongqing Natural Science Foundation General Project Grant CSTB2025NSCQ-GPX1263.
文摘The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.
基金supported by National Natural Science Foundation of China:Space-based occultation detection with ground-based GNSS atmospheric horizontal gradient model(41904033).
文摘The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.
基金supported in part by National Natural Science Foundation of China(under Grant 61902163)the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.
基金This work is part of the‘Intelligent and Cyber-Secure Platform for Adaptive Optimization in the Simultaneous Operation of Heterogeneous Autonomous Robots(PICRAH4.0)’with reference MIG-20232082,funded by MCIN/AEI/10.13039/501100011033supported by the Universidad Internacional de La Rioja(UNIR)through the Precompetitive Research Project entitled“Nuevos Horizontes en Internet de las Cosas y NewSpace(NEWIOT)”,reference PP-2024-13,funded under the 2024 Call for Research Projects.
文摘This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.
基金Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.
基金supported by Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2022-II221200)Convergence Security Core Talent Training Business(Chungnam National University).
文摘Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.
文摘In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be transmitted over the network. Instead of direct embedding a message or image within the source image, choosing a window of size 2 x 2 of the source image in sliding window manner and then con-vert it from spatial domain to frequency domain using Discrete Fourier Transform (DFT). The bits of the authenticating message or image are then embedded at LSB within the real part of the transformed image. Inverse DFT is performed for the transformation from frequency domain to spatial domain as final step of encoding. Decoding is done through the reverse procedure. The experimental results have been discussed and compared with the existing steganography algorithm S-Tools. Histogram analysis and Chi-Square test of source image with embedded image shows the better results in comparison with the S-Tools.
基金Supported by the National Natural Science Foundation of China(U1304614,U1204703)the Construct Program of the Key Discipline in Zhengzhou Normal UniversityAid Program for Science and Technology Innovative Research Team of Zhengzhou Normal University,Henan Province Education Science Plan General Topic((2018)-JKGHYB-0279)
文摘In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.
文摘Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.
文摘Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own properties. Insuring digital image integrity has therefore become a major issue. Over the past few years, watermarking has emerged as the leading candidate to solve problems of ownership and content authentications for digital multimedia documents. To protect authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in multimedia content authentication. The aim of this paper is to present a survey and a comparison of emerging techniques for image authentication using semifragile watermarking. In present paper comprehensive overview of insertion and extraction methods used in different semi fragile water marking algorithm are studied using image parameters, potential application, different algorithms are described and focus is on their comparison according to the properties cited above and future directions for developing a better image authentication algorithm are suggested.
文摘We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.
文摘Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.
文摘The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.
文摘Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.
文摘The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61179026)the Fundamental Research of the Central Universities of China Civil Aviation University of Science Special(Grant No.3122016L005)
文摘We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code,it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.
基金support by Research on Key Technologies of Dynamically Secure Identity Authentication and Risk Control of Power Business in the Science and Technology Project of State Grid Electric Power Company(No.5204XA19003F)National Natural Science Foundation of China(Grant No.601702048)
文摘Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote collaborative sharing for vehicles.Blockchain,which can provide secure authentication and protected privacy,is a crucial technology.However,traditional cloud computing performs poorly in supplying low-latency and fast-response services for moving vehicles.In this situation,edge computing enabled Blockchain network appeals to be a promising method,where moving vehicles can access storage or computing resource and get authenticated from Blockchain edge nodes directly.In this paper,a hierarchical architecture is proposed consist of vehicular network layer,Blockchain edge layer and Blockchain network layer.Through a authentication mechanism adopting digital signature algorithm,it achieves trusted authentication and ensures valid verification.Moreover,a caching scheme based on many-to-many matching is proposed to minimize average delivery delay of vehicles.Simulation results prove that the proposed caching scheme has a better performance than existing schemes based on central-ized model or edge caching strategy in terms of hit ratio and average delay.
文摘Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.
文摘In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when the fingerprint authentication is conducted. Moreover, the misalignment correction by the numerical calculation is indispensable for the fingerprint authentication devices to achieve the high accuracy. In this study, we investigated the effects of misalignment of the scanned genuine fingerprint image with the one used for generating the template on the accuracy in our fingerprint authentication method using the fractional Fourier transform (FRT). As a result, it was found that our method can achieve high authentication accuracy under the condition that the position-misalignment ratio is 17.6% or less and the rotation misalignment (rotation angle) is 28 degrees or less, even if the misalignment correction is not conducted.
文摘Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.
