This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the fi...This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.展开更多
Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier ap...Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.展开更多
In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be t...In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be transmitted over the network. Instead of direct embedding a message or image within the source image, choosing a window of size 2 x 2 of the source image in sliding window manner and then con-vert it from spatial domain to frequency domain using Discrete Fourier Transform (DFT). The bits of the authenticating message or image are then embedded at LSB within the real part of the transformed image. Inverse DFT is performed for the transformation from frequency domain to spatial domain as final step of encoding. Decoding is done through the reverse procedure. The experimental results have been discussed and compared with the existing steganography algorithm S-Tools. Histogram analysis and Chi-Square test of source image with embedded image shows the better results in comparison with the S-Tools.展开更多
In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authe...In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.展开更多
Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like s...Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.展开更多
Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own...Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own properties. Insuring digital image integrity has therefore become a major issue. Over the past few years, watermarking has emerged as the leading candidate to solve problems of ownership and content authentications for digital multimedia documents. To protect authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in multimedia content authentication. The aim of this paper is to present a survey and a comparison of emerging techniques for image authentication using semifragile watermarking. In present paper comprehensive overview of insertion and extraction methods used in different semi fragile water marking algorithm are studied using image parameters, potential application, different algorithms are described and focus is on their comparison according to the properties cited above and future directions for developing a better image authentication algorithm are suggested.展开更多
We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation,...We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.展开更多
Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identit...Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.展开更多
The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario....The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.展开更多
Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backb...Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.展开更多
The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are ...The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.展开更多
We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful atta...We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code,it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.展开更多
Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote...Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote collaborative sharing for vehicles.Blockchain,which can provide secure authentication and protected privacy,is a crucial technology.However,traditional cloud computing performs poorly in supplying low-latency and fast-response services for moving vehicles.In this situation,edge computing enabled Blockchain network appeals to be a promising method,where moving vehicles can access storage or computing resource and get authenticated from Blockchain edge nodes directly.In this paper,a hierarchical architecture is proposed consist of vehicular network layer,Blockchain edge layer and Blockchain network layer.Through a authentication mechanism adopting digital signature algorithm,it achieves trusted authentication and ensures valid verification.Moreover,a caching scheme based on many-to-many matching is proposed to minimize average delivery delay of vehicles.Simulation results prove that the proposed caching scheme has a better performance than existing schemes based on central-ized model or edge caching strategy in terms of hit ratio and average delay.展开更多
Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet...Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.展开更多
In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when th...In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when the fingerprint authentication is conducted. Moreover, the misalignment correction by the numerical calculation is indispensable for the fingerprint authentication devices to achieve the high accuracy. In this study, we investigated the effects of misalignment of the scanned genuine fingerprint image with the one used for generating the template on the accuracy in our fingerprint authentication method using the fractional Fourier transform (FRT). As a result, it was found that our method can achieve high authentication accuracy under the condition that the position-misalignment ratio is 17.6% or less and the rotation misalignment (rotation angle) is 28 degrees or less, even if the misalignment correction is not conducted.展开更多
Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted thi...Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.展开更多
As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with ...How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.展开更多
Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.An...Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.Anonymous authentication is crucial in ensuring secure communication and privacy protection in VANET.However,existing anonymous authentication schemes are prone to single points of failure and often overlook the efficient tracking of the true identities of malicious vehicles after pseudonym changes.To address these challenges,we propose an efficient anonymous authentication scheme for blockchain-based VANET.By leveraging blockchain technology,our approach addresses the challenges of single points of failure and high latency,thereby enhancing the service stability and scalability of VANET.The scheme integrates homomorphic encryption and elliptic curve cryptography,allowing vehicles to independently generate new pseudonyms when entering a new domain without third-party assistance.Security analyses and simulation results demonstrate that our scheme achieves effective anonymous authentication in VANET.Moreover,the roadside unit can process 500 messages per 19 ms.As the number of vehicles in the communication domain grows,our scheme exhibits superior messageprocessing capabilities.展开更多
As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in...As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.展开更多
基金This work is part of the‘Intelligent and Cyber-Secure Platform for Adaptive Optimization in the Simultaneous Operation of Heterogeneous Autonomous Robots(PICRAH4.0)’with reference MIG-20232082,funded by MCIN/AEI/10.13039/501100011033supported by the Universidad Internacional de La Rioja(UNIR)through the Precompetitive Research Project entitled“Nuevos Horizontes en Internet de las Cosas y NewSpace(NEWIOT)”,reference PP-2024-13,funded under the 2024 Call for Research Projects.
文摘This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.
基金supported by Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2022-II221200)Convergence Security Core Talent Training Business(Chungnam National University).
文摘Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.
文摘In this paper a novel technique, Authentication and Secret Message Transmission using Discrete Fourier Transformation (ASMTDFT) has been proposed to authenticate an image and also some secret message or image can be transmitted over the network. Instead of direct embedding a message or image within the source image, choosing a window of size 2 x 2 of the source image in sliding window manner and then con-vert it from spatial domain to frequency domain using Discrete Fourier Transform (DFT). The bits of the authenticating message or image are then embedded at LSB within the real part of the transformed image. Inverse DFT is performed for the transformation from frequency domain to spatial domain as final step of encoding. Decoding is done through the reverse procedure. The experimental results have been discussed and compared with the existing steganography algorithm S-Tools. Histogram analysis and Chi-Square test of source image with embedded image shows the better results in comparison with the S-Tools.
基金Supported by the National Natural Science Foundation of China(U1304614,U1204703)the Construct Program of the Key Discipline in Zhengzhou Normal UniversityAid Program for Science and Technology Innovative Research Team of Zhengzhou Normal University,Henan Province Education Science Plan General Topic((2018)-JKGHYB-0279)
文摘In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.
文摘Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.
文摘Technology has no limits today;we have lots of software available in the market by which we can alter any image. People usually copies image from the internet and after some changes they claim that these are their own properties. Insuring digital image integrity has therefore become a major issue. Over the past few years, watermarking has emerged as the leading candidate to solve problems of ownership and content authentications for digital multimedia documents. To protect authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in multimedia content authentication. The aim of this paper is to present a survey and a comparison of emerging techniques for image authentication using semifragile watermarking. In present paper comprehensive overview of insertion and extraction methods used in different semi fragile water marking algorithm are studied using image parameters, potential application, different algorithms are described and focus is on their comparison according to the properties cited above and future directions for developing a better image authentication algorithm are suggested.
文摘We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.
文摘Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.
文摘The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.
文摘Machine-to-machine (M2M) communication networks consist of resource-constrained autonomous devices, also known as autonomous Internet of things (IoTs) or machine-type communication devices (MTCDs) which act as a backbone for Industrial IoT, smart cities, and other autonomous systems. Due to the limited computing and memory capacity, these devices cannot maintain strong security if conventional security methods are applied such as heavy encryption. This article proposed a novel lightweight mutual authentication scheme including elliptic curve cryptography (ECC) driven end-to-end encryption through curve25519 such as (i): efficient end-to-end encrypted communication with pre-calculation strategy using curve25519;and (ii): elliptic curve Diffie-Hellman (ECDH) based mutual authentication technique through a novel lightweight hash function. The proposed scheme attempts to efficiently counter all known perception layer security threats. Moreover, the pre-calculated key generation strategy resulted in cost-effective encryption with 192-bit curve security. It showed comparative efficiency in key strength, and curve strength compared with similar authentication schemes in terms of computational and memory cost, communication performance and encryption robustness.
文摘The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61179026)the Fundamental Research of the Central Universities of China Civil Aviation University of Science Special(Grant No.3122016L005)
文摘We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code,it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.
基金support by Research on Key Technologies of Dynamically Secure Identity Authentication and Risk Control of Power Business in the Science and Technology Project of State Grid Electric Power Company(No.5204XA19003F)National Natural Science Foundation of China(Grant No.601702048)
文摘Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote collaborative sharing for vehicles.Blockchain,which can provide secure authentication and protected privacy,is a crucial technology.However,traditional cloud computing performs poorly in supplying low-latency and fast-response services for moving vehicles.In this situation,edge computing enabled Blockchain network appeals to be a promising method,where moving vehicles can access storage or computing resource and get authenticated from Blockchain edge nodes directly.In this paper,a hierarchical architecture is proposed consist of vehicular network layer,Blockchain edge layer and Blockchain network layer.Through a authentication mechanism adopting digital signature algorithm,it achieves trusted authentication and ensures valid verification.Moreover,a caching scheme based on many-to-many matching is proposed to minimize average delivery delay of vehicles.Simulation results prove that the proposed caching scheme has a better performance than existing schemes based on central-ized model or edge caching strategy in terms of hit ratio and average delay.
文摘Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.
文摘In many fingerprint authentication devices, a frame to insert the fingertip or a hollow to put the fingertip is used to avoid the position or rotation misalignment of a newly scanned genuine fingerprint image, when the fingerprint authentication is conducted. Moreover, the misalignment correction by the numerical calculation is indispensable for the fingerprint authentication devices to achieve the high accuracy. In this study, we investigated the effects of misalignment of the scanned genuine fingerprint image with the one used for generating the template on the accuracy in our fingerprint authentication method using the fractional Fourier transform (FRT). As a result, it was found that our method can achieve high authentication accuracy under the condition that the position-misalignment ratio is 17.6% or less and the rotation misalignment (rotation angle) is 28 degrees or less, even if the misalignment correction is not conducted.
文摘Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
基金supported by National Natural Science Foundation of China(No.61931020,No.U19B2024 and No.62371462).
文摘How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.
基金supported by the National Natural Science Foundation of China under Grant U2001213.
文摘Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.Anonymous authentication is crucial in ensuring secure communication and privacy protection in VANET.However,existing anonymous authentication schemes are prone to single points of failure and often overlook the efficient tracking of the true identities of malicious vehicles after pseudonym changes.To address these challenges,we propose an efficient anonymous authentication scheme for blockchain-based VANET.By leveraging blockchain technology,our approach addresses the challenges of single points of failure and high latency,thereby enhancing the service stability and scalability of VANET.The scheme integrates homomorphic encryption and elliptic curve cryptography,allowing vehicles to independently generate new pseudonyms when entering a new domain without third-party assistance.Security analyses and simulation results demonstrate that our scheme achieves effective anonymous authentication in VANET.Moreover,the roadside unit can process 500 messages per 19 ms.As the number of vehicles in the communication domain grows,our scheme exhibits superior messageprocessing capabilities.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.
