The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’...Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.展开更多
This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the fi...This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.展开更多
A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. ...A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.展开更多
A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit tw...A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.展开更多
In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authe...In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.展开更多
An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is propo...An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.展开更多
In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like st...In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like states. Unlike existing unidirectional quantum entity authentication, our protocol enables mutual quantum entity authentication utilizing entanglement swapping; moreover, it allows the managing trusted center(TC) or trusted third party(TTP) to effectively control the certification of two users using the nature of the GHZ-like state. We will also analyze the security of the protocol and quantum channel.展开更多
From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence...From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.展开更多
Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the ...Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.展开更多
Security is a critical issue in cloud computing(CC)because attackers can fabricate data by creating,copying,or deleting data with no user authorization.Most of the existing techniques make use of password-based authen...Security is a critical issue in cloud computing(CC)because attackers can fabricate data by creating,copying,or deleting data with no user authorization.Most of the existing techniques make use of password-based authentication for encrypting data.Password-based schemes suffer from several issues and can be easily compromised.This paper presents a new concept of hybrid metaheuristic optimization as an identity-based secure and optimal authentication(HMO-ISOA)scheme for CC environments.The HMOISOA technique makes use of iris and fingerprint biometrics.Initially,the HMO-ISOA technique involves a directional local ternary quantized extrema pattern–based feature extraction process to extract features from the iris and fingerprint.Next,the features are fed into the hybrid social spider using the dragon fly algorithm to determine the optimal solution.This optimal solution acts as a key for an advanced encryption standard to encrypt and decrypt the data.A central benefit of determining the optimal value in this way is that the intruder cannot determine this value.The attacker also cannot work out which specific part of the fingerprint and iris feature values are acted upon as a key for the AES technique.Finally,the encrypted data can be saved in the cloud using a cloud simulator.Experimental analysis was performed on five fingerprint and iris images for a man-in-the-middle attack.The simulation outcome validated that the presented HMO-ISOA model achieved better results compared with other existing methods.展开更多
With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's ...With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.展开更多
By using GHZ-like states and entanglement swapping, Kang et al. [Chin. Phys. B 24(2015) 090306]proposed a controlled mutual quantum entity authentication protocol. We find that the proposed protocol is not secure,that...By using GHZ-like states and entanglement swapping, Kang et al. [Chin. Phys. B 24(2015) 090306]proposed a controlled mutual quantum entity authentication protocol. We find that the proposed protocol is not secure,that is, the center, Charlie can eavesdrop the secret keys shared between Alice and Bob without being detected.展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded poi...Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid (IBAG) and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.展开更多
Smart meters provide a lot of convenience for both power supply and consumption. Due to the frequent transmission of information, it brings great challenges to the privacy preservation of the user’s household power c...Smart meters provide a lot of convenience for both power supply and consumption. Due to the frequent transmission of information, it brings great challenges to the privacy preservation of the user’s household power consumption data in the smart grid. In order to achieve the anonymity of smart meters. A smart meter privacy preservation scheme based on identity authentication is proposed. The third-party certification authority is introduced in this scheme;it issues pseudonym certificates to realize the identity privacy preservation of smart meters. The masking technology with the Advanced Encryption Standard algorithm is used for data aggregation. The results show that our scheme reduces the computational cost and the communication overhead.展开更多
The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system....The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.展开更多
With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing ...With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.展开更多
A two-factor identity authentication method on the basis of two-beam interference was presented. While verifying a user’s identity, a specific “phase key” as well as a corresponding “phase lock” are both mandator...A two-factor identity authentication method on the basis of two-beam interference was presented. While verifying a user’s identity, a specific “phase key” as well as a corresponding “phase lock” are both mandatory required for a successful authentication. Note that this scheme can not only check the legality of the users, but also verify their identity levels so as to grant them hierarchical access permissions to various resources of the protected systems or organizations. The authentication process is straightforward and could be implemented by a hybrid optic-electrical system. However, the system designing procedure involves an iterative Modified Phase Retrieval Algorithm (MPRA) and can only be achieved by digital means. Theoretical analysis and simulations both validate the effectiveness of our method.展开更多
Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identit...Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.展开更多
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金supported by the National Natural Science Foundation of China(Grant Nos.12175106 and 92365110)the Postgraduate Research and Practice Innovation Program of Jiangsu Province,China(Grant No.KYCX23-0987).
文摘Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.
基金This work is part of the‘Intelligent and Cyber-Secure Platform for Adaptive Optimization in the Simultaneous Operation of Heterogeneous Autonomous Robots(PICRAH4.0)’with reference MIG-20232082,funded by MCIN/AEI/10.13039/501100011033supported by the Universidad Internacional de La Rioja(UNIR)through the Precompetitive Research Project entitled“Nuevos Horizontes en Internet de las Cosas y NewSpace(NEWIOT)”,reference PP-2024-13,funded under the 2024 Call for Research Projects.
文摘This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.
基金supported by the National High-Tech Research,Development Plan of China (Grant Nos 2006AA01Z440,2009AA012441 and 2009AA012437)National Basic Research Program of China (973 Program) (Grant No 2007CB311100)+5 种基金the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Scientific Research Common Program of Beijing Municipal Commission of Education (Grant No KM200810005004)Beijing Natural Science Foundation (Grant No 1093015)the Open Research Fund of National Mobile Communications Research Laboratory,Southeast Universitythe ISN Open FoundationScience and Technology Program of Beijing (Grant No Z07000100720706)
文摘A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 60572071 and 60873101)Natural Science Foundation of Jiangsu Province (Grant Nos BM2006504, BK2007104 and BK2008209)College Natural Science Foundation of Jiangsu Province (Grant No 06KJB520137)
文摘A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.
基金Supported by the National Natural Science Foundation of China(U1304614,U1204703)the Construct Program of the Key Discipline in Zhengzhou Normal UniversityAid Program for Science and Technology Innovative Research Team of Zhengzhou Normal University,Henan Province Education Science Plan General Topic((2018)-JKGHYB-0279)
文摘In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.
基金supported by a grant from the National Natural Science Foundation of China (10961013)
文摘An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.
基金Project supported by the Research Foundation of Korea University
文摘In this paper, we suggest a controlled mutual quantum entity authentication protocol by which two users mutually certify each other on a quantum network using a sequence of Greenberger–Horne–Zeilinger(GHZ)-like states. Unlike existing unidirectional quantum entity authentication, our protocol enables mutual quantum entity authentication utilizing entanglement swapping; moreover, it allows the managing trusted center(TC) or trusted third party(TTP) to effectively control the certification of two users using the nature of the GHZ-like state. We will also analyze the security of the protocol and quantum channel.
文摘From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.
基金supported by the National Key Research and Development Program of China (No. 2017YFC0820603)
文摘Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.
文摘Security is a critical issue in cloud computing(CC)because attackers can fabricate data by creating,copying,or deleting data with no user authorization.Most of the existing techniques make use of password-based authentication for encrypting data.Password-based schemes suffer from several issues and can be easily compromised.This paper presents a new concept of hybrid metaheuristic optimization as an identity-based secure and optimal authentication(HMO-ISOA)scheme for CC environments.The HMOISOA technique makes use of iris and fingerprint biometrics.Initially,the HMO-ISOA technique involves a directional local ternary quantized extrema pattern–based feature extraction process to extract features from the iris and fingerprint.Next,the features are fed into the hybrid social spider using the dragon fly algorithm to determine the optimal solution.This optimal solution acts as a key for an advanced encryption standard to encrypt and decrypt the data.A central benefit of determining the optimal value in this way is that the intruder cannot determine this value.The attacker also cannot work out which specific part of the fingerprint and iris feature values are acted upon as a key for the AES technique.Finally,the encrypted data can be saved in the cloud using a cloud simulator.Experimental analysis was performed on five fingerprint and iris images for a man-in-the-middle attack.The simulation outcome validated that the presented HMO-ISOA model achieved better results compared with other existing methods.
基金supported by the Natural Science Foundation of Shanghai(20ZR1419700 and 22ZR1481000)Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(HNTS2022011)。
文摘With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.
基金Supported by the 2014-year Program for Excellent Youth Talents in University of Anhui Provincethe Talent Scientific Research Fundation of Tongling University under Grant No.2015tlxyrc01the Program for Academic Leader Reserve Candidates in Tongling University under Grant No.2014tlxyxs30
文摘By using GHZ-like states and entanglement swapping, Kang et al. [Chin. Phys. B 24(2015) 090306]proposed a controlled mutual quantum entity authentication protocol. We find that the proposed protocol is not secure,that is, the center, Charlie can eavesdrop the secret keys shared between Alice and Bob without being detected.
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金the Sichuan Provincial Youth Software Innovation Foundation (2004AA03692005AA0827).
文摘Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid (IBAG) and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.
文摘Smart meters provide a lot of convenience for both power supply and consumption. Due to the frequent transmission of information, it brings great challenges to the privacy preservation of the user’s household power consumption data in the smart grid. In order to achieve the anonymity of smart meters. A smart meter privacy preservation scheme based on identity authentication is proposed. The third-party certification authority is introduced in this scheme;it issues pseudonym certificates to realize the identity privacy preservation of smart meters. The masking technology with the Advanced Encryption Standard algorithm is used for data aggregation. The results show that our scheme reduces the computational cost and the communication overhead.
基金This work was supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418).
文摘The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.
基金Beijing Postdoctoral Research Foundation(No.2021-ZZ-077,No.2020-YJ-006)Chongqing Industrial Control System Security Situational Awareness Platform,2019 Industrial Internet Innovation and Development Project-Provincial Industrial Control System Security Situational Awareness Platform,Center for Research and Innovation in Software Engineering,School of Computer and Information Science(Southwest University,Chongqing 400175,China)Chongqing Graduate Education Teaching Reform Research Project(yjg203032).
文摘With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.
文摘A two-factor identity authentication method on the basis of two-beam interference was presented. While verifying a user’s identity, a specific “phase key” as well as a corresponding “phase lock” are both mandatory required for a successful authentication. Note that this scheme can not only check the legality of the users, but also verify their identity levels so as to grant them hierarchical access permissions to various resources of the protected systems or organizations. The authentication process is straightforward and could be implemented by a hybrid optic-electrical system. However, the system designing procedure involves an iterative Modified Phase Retrieval Algorithm (MPRA) and can only be achieved by digital means. Theoretical analysis and simulations both validate the effectiveness of our method.
文摘Keystroke rhythm identification, which extracts biometric characteristics through keyboards without addi-tional expensive devices, is a kind of biometric identification technology. The paper proposes a dynamic identity authentication model based on the improved keystroke rhythm algorithm in Rick Joyce model and implement this model in a mobile phone system. The experimental results show that comparing with the original model, the false alarm rate (FAR) of the improved model decreases a lot in the mobile phone system, and its growth of imposter pass rate (IPR) is slower than the Rick Joyce model’s. The improved model is more suitable for small memory systems, and it has better performance in security and dynamic adaptation. This improved model has good application value.
