The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement proto...The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.展开更多
The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a ri...The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.展开更多
Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic to...Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.展开更多
This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the fi...This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.展开更多
Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share ...Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.展开更多
Current identity-based (ID) cryptosystem lacks the mechanisms of two-party authentication and user's private key distribution. Some ID-based signcryption schemes and ID-based authenticated key agreement protocols h...Current identity-based (ID) cryptosystem lacks the mechanisms of two-party authentication and user's private key distribution. Some ID-based signcryption schemes and ID-based authenticated key agreement protocols have been presented, but they cannot solve the problem completely. A novel ID-based authentication scheme based on ID-based encrypfion (IBE) and fingerprint hashing method is proposed to solve the difficulties in the IBE scheme, which includes message receiver authenticating the sender, the trusted authority (TA) authenticating the users and transmitting the private key to them. Furthermore, the scheme extends the application of fingerprint authentication from terminal to network and protects against fingerprint data fabrication. The fingerprint authentication method consists of two factors. This method combines a token key, for example, the USB key, with the user's fingerprint hash by mixing a pseudo-random number with the fingerprint feature. The security and experimental efficiency meet the requirements of practical applications.展开更多
In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an i...In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et aL's scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.展开更多
Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a pu...Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.展开更多
The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful ...The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful for providing secure negotiation over the Internet. The ID-based deniable authentication protocol based on elliptic Diffie-Hellman key agreement protocol cannot defend the sender spoofing attack and message modification attack. In this paper, we present an improved protocol based on double elliptic Diffie- Hellman scheme. According to the comparison result, the proposed protocol performs better.展开更多
In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,w...In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,we cryptanalyze Hwang,et al.'s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.'s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.展开更多
In the literature,several dynamic ID-based remote user mutual authentication schemes are implemented using password,smartcard and Elliptic Curve Cryptography(ECC),however,none of them provides resilience against diffe...In the literature,several dynamic ID-based remote user mutual authentication schemes are implemented using password,smartcard and Elliptic Curve Cryptography(ECC),however,none of them provides resilience against different attacks.Therefore,there is a great need to design an efficient scheme for practical applications.In this paper,we proposed such a scheme in order to provide desired security attributes and computation efficiencies.Compared with other existing techniques,our scheme is more efficient and secured.In addition,our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.展开更多
The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography ...The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography can eliminate much of the overhead associated with the deployment and management of certificate.However,exposure of private keys can be the most devastating attack on a public key based cryptosystem since such that all security guarantees are lost.In this paper,an ID-based authenticated key agreement protocol was presented.For solving the problem of key exposure of the basic scheme,the technique of key insulation was applied and a key insulated version is developed.展开更多
Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more s...Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.展开更多
To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the ...To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.展开更多
Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD ...Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD protocol , which is fully authenticated by a proven-secure ID-based signature scheme. T he protocol can res ist the impersonation attack, and other security attributes are also satisfied. Compared with Choi et al and Du et al schemes, the proposed one is mor e efficient and applicable for dynamic groups.展开更多
With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehi...With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.展开更多
Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor f...Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.展开更多
As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in...As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.展开更多
How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with ...How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.展开更多
基金supported by the Key Project of Science and Technology Research by Chongqing Education Commission under Grant KJZD-K202400610the Chongqing Natural Science Foundation General Project Grant CSTB2025NSCQ-GPX1263.
文摘The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.
基金supported by National Natural Science Foundation of China:Space-based occultation detection with ground-based GNSS atmospheric horizontal gradient model(41904033).
文摘The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.
基金supported in part by National Natural Science Foundation of China(under Grant 61902163)the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.
基金This work is part of the‘Intelligent and Cyber-Secure Platform for Adaptive Optimization in the Simultaneous Operation of Heterogeneous Autonomous Robots(PICRAH4.0)’with reference MIG-20232082,funded by MCIN/AEI/10.13039/501100011033supported by the Universidad Internacional de La Rioja(UNIR)through the Precompetitive Research Project entitled“Nuevos Horizontes en Internet de las Cosas y NewSpace(NEWIOT)”,reference PP-2024-13,funded under the 2024 Call for Research Projects.
文摘This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.
基金Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.
基金China Post-Doctor Science Fund (20060390414)the National Natural Science Foundation of China (90604022)+2 种基金the Natural Science Foundation of Beijing (4062025)the National Basic Research Program of China (2007CB311203)the 111 Project (B08004)
文摘Current identity-based (ID) cryptosystem lacks the mechanisms of two-party authentication and user's private key distribution. Some ID-based signcryption schemes and ID-based authenticated key agreement protocols have been presented, but they cannot solve the problem completely. A novel ID-based authentication scheme based on ID-based encrypfion (IBE) and fingerprint hashing method is proposed to solve the difficulties in the IBE scheme, which includes message receiver authenticating the sender, the trusted authority (TA) authenticating the users and transmitting the private key to them. Furthermore, the scheme extends the application of fingerprint authentication from terminal to network and protects against fingerprint data fabrication. The fingerprint authentication method consists of two factors. This method combines a token key, for example, the USB key, with the user's fingerprint hash by mixing a pseudo-random number with the fingerprint feature. The security and experimental efficiency meet the requirements of practical applications.
文摘In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et aL's scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)the National Natural Science Foundation of China(51378350)
文摘Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.
文摘The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful for providing secure negotiation over the Internet. The ID-based deniable authentication protocol based on elliptic Diffie-Hellman key agreement protocol cannot defend the sender spoofing attack and message modification attack. In this paper, we present an improved protocol based on double elliptic Diffie- Hellman scheme. According to the comparison result, the proposed protocol performs better.
基金Supported by the Natural Science Foundation of Shandong Province (No. Y2008A29)the Science and Technique Foundation of Shandong Province (No. 2008GG30009008)
文摘In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,we cryptanalyze Hwang,et al.'s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.'s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.
文摘In the literature,several dynamic ID-based remote user mutual authentication schemes are implemented using password,smartcard and Elliptic Curve Cryptography(ECC),however,none of them provides resilience against different attacks.Therefore,there is a great need to design an efficient scheme for practical applications.In this paper,we proposed such a scheme in order to provide desired security attributes and computation efficiencies.Compared with other existing techniques,our scheme is more efficient and secured.In addition,our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.
文摘The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography can eliminate much of the overhead associated with the deployment and management of certificate.However,exposure of private keys can be the most devastating attack on a public key based cryptosystem since such that all security guarantees are lost.In this paper,an ID-based authenticated key agreement protocol was presented.For solving the problem of key exposure of the basic scheme,the technique of key insulation was applied and a key insulated version is developed.
文摘Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.
文摘To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.
文摘Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD protocol , which is fully authenticated by a proven-secure ID-based signature scheme. T he protocol can res ist the impersonation attack, and other security attributes are also satisfied. Compared with Choi et al and Du et al schemes, the proposed one is mor e efficient and applicable for dynamic groups.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.
文摘Peer-to-peer computing has recently started to gain significant acceptance, since it can greatly increase the performance and reliability of overall system. However, the security issue is still a major gating factor for its full adoption. In order to guarantee the security of data exchanged between two peers in Peer-to-Peer system, this paper comes up with an ID-based authenticated key agreement from bilinear pairings and uses BAN logic to prove the protocol’s security. Compared with other existing protocols, the proposed protocol seems more secure and efficient, since it adopts the static shared Diffie-Hellman key.
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.
基金supported by National Natural Science Foundation of China(No.61931020,No.U19B2024 and No.62371462).
文摘How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.
