From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence...From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.展开更多
The low-cost RFID tags have very limited computing and storage resources and this makes it difficult to completely solve their security and privacy problems. Lightweight authentication is considered as one of the most...The low-cost RFID tags have very limited computing and storage resources and this makes it difficult to completely solve their security and privacy problems. Lightweight authentication is considered as one of the most effective methods to ensure the security in the RFID system. Many light-weight authentication protocols use Hash function and pseudorandom generator to ensure the anonymity and confidential communication of the RFID system. But these protocols do not provide such security as they claimed. By analyzing some typical Hash-based RFID authentication protocols, it is found that they are vulnerable to some common attacks. Many protocols cannot resist tracing attack and de-synchronization attack. Some protocols cannot provide forward security. Gy?z? Gódor and Sándor Imre proposed a Hash-based authentication protocol and they claimed their protocol could resist the well-known attacks. But by constructing some different attack scenarios, their protocol is shown to be vulnerable to tracing attack and de-synchronization attack. Based on the analysis for the Hash-based authentication protocols, some feasible suggestions are proposed to improve the security of the RFID authentication protocols.展开更多
A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for...A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.展开更多
This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses...This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations: separating a principal executing a run of protocol from the role in the protocol, and inferring a principal's knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability (SAT) problem and efficiently implemented by a modern SAT solver.展开更多
Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a s...Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.展开更多
With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risk...With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.展开更多
The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information le...The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.展开更多
This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devo...This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.展开更多
Vehicular ad hoc networks (VANETs) have attracted growing interest in both academia and industry because they can provide a viable solutionthat improves road safety and comfort for travelers on roads. However, wireles...Vehicular ad hoc networks (VANETs) have attracted growing interest in both academia and industry because they can provide a viable solutionthat improves road safety and comfort for travelers on roads. However, wireless communications over open-access environments face many security andprivacy issues that may affect deployment of large-scale VANETs. Researchershave proposed different protocols to address security and privacy issues in aVANET, and in this study we cryptanalyze some of the privacy preservingprotocols to show that all existing protocols are vulnerable to the Sybilattack. The Sybil attack can be used by malicious actors to create fakeidentities that impair existing protocols, which allows them to imitate trafficcongestion or at worse cause an accident that may result in the loss of humanlife. This vulnerability exists because those protocols store vehicle identitiesin an encrypted form, and it is not possible to search over the encryptedidentities to find fake vehicles. This attack is serious in nature and veryprevalent for privacy-preserving protocols. To cope with this kind of attack,we propose a novel and practical protocol that uses Public key encryptionwith an equality test (PKEET) to search over the encrypted identities withoutleaking any information, and eventually eliminate the Sybil attack. Theproposed approach improves security and at the same time maintains privacyin VANET. Our performance analysis indicates that the proposed protocoloutperforms state-of-the-art protocols: The proposed beacon generation timeis constant compared to a linear increase in existing protocols, with beaconverification shown to be faster by 7.908%. Our communicational analysisshows that the proposed protocol with a beacon size of 322 bytes has the leastcommunicational overhead compared to other state-of-the-art protocols.展开更多
Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and w...Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and widespread connections.Wireless sensor networks(WSNs),which comprise various sensors,are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection,and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol forWSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSNis proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable forWSN environments.展开更多
The radio frequency identification(RFID)technology has been widely used so far in industrial and commercial applications.To develop the RFID tags that support elliptic curve cryptography(ECC),we propose a scalable and...The radio frequency identification(RFID)technology has been widely used so far in industrial and commercial applications.To develop the RFID tags that support elliptic curve cryptography(ECC),we propose a scalable and mutual authentication protocol based on ECC.We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy.We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements.Compared with other recent ECCbased RFID authentication protocols,our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy,tag computation cost,and communications cost.展开更多
A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol dist...A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol distributing a hierarchi- cal key after the proactive authentication from key holder to base station has been proposed. The proposed hybrid authenti- cation framework not only performs proaetive authentication with credentials based on Chameleon hashing, which removes the authentication procedures that exchanges messages with a authentication server, but also performs re-authentication with EAP re-authentication protocol(ERP) that distributes the hierarchical key on the basis of the root key generated by the pro- active authentication.展开更多
Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free...Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.展开更多
Cookies are considered a fundamental means of web application services for authenticating various Hypertext Transfer Protocol(HTTP)requests andmaintains the states of clients’information over the Internet.HTTP cookie...Cookies are considered a fundamental means of web application services for authenticating various Hypertext Transfer Protocol(HTTP)requests andmaintains the states of clients’information over the Internet.HTTP cookies are exploited to carry client patterns observed by a website.These client patterns facilitate the particular client’s future visit to the corresponding website.However,security and privacy are the primary concerns owing to the value of information over public channels and the storage of client information on the browser.Several protocols have been introduced that maintain HTTP cookies,but many of those fail to achieve the required security,or require a lot of resource overheads.In this article,we have introduced a lightweight Elliptic Curve Cryptographic(ECC)based protocol for authenticating client and server transactions to maintain the privacy and security of HTTP cookies.Our proposed protocol uses a secret key embedded within a cookie.The proposed protocol ismore efficient and lightweight than related protocols because of its reduced computation,storage,and communication costs.Moreover,the analysis presented in this paper confirms that proposed protocol resists various known attacks.展开更多
Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unn...Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-relatedprocesses to attain more profits. However, such IoT based smart industriesneed internet connectivity and interoperability which makes them susceptibleto numerous cyber-attacks due to the scarcity of computational resourcesof IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoTenvironment. In this paper, we propose a hyperelliptic curve cryptography(HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with theaim of improving security while lowering computational and communicationoverhead in IIoT environment. HECC with 80-bit smaller key and parameterssizes offers similar security as elliptic curve cryptography (ECC) with 160-bitlong key and parameters sizes. We assessed the IIoT-CS scheme security byapplying formal and informal security evaluation techniques. We used Realor Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formalsecurity analysis and proved that the IIoT-CS scheme provides resistance tovarious attacks. Our proposed IIoT-CS scheme is relatively less expensivecompared to the current state-of-the-art in terms of computational cost andcommunication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively, compared to the most recent protocol.展开更多
The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’healt...The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK sc...Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.展开更多
Martínez et al.have proposed a secure RFID protocol recently which relies exclusively on the use of Elliptic Curve Cryptography(ECC)combined with a zero knowledge-based authentication scheme.In this paper,we show...Martínez et al.have proposed a secure RFID protocol recently which relies exclusively on the use of Elliptic Curve Cryptography(ECC)combined with a zero knowledge-based authentication scheme.In this paper,we show that this proposed protocol is not secure against the tracking attack.To make the attack successful,the adversary needs to execute three phases.Firstly,the attacker just eavesdrops on the messages exchanged between Reader and Tag.Secondly,the attacker impersonates the Reader to replay the message which is obtained from the first phase.Finally,the adversary acts as a man in the middle to tamper the messages exchanged between Reader and Tag.Then we propose an enhancement and prove that the revision is secure against the tracking attack while keeping other security properties.展开更多
HB-MAP (HB-mutual authentication protocol) is a mutual ultra-light-weight authentication protocol we have pro- posed before. In this paper, we present an HB-MAP simulation model. This model is based on the OPNET mod...HB-MAP (HB-mutual authentication protocol) is a mutual ultra-light-weight authentication protocol we have pro- posed before. In this paper, we present an HB-MAP simulation model. This model is based on the OPNET modeler and includes three parts, namely, the network model, the node model, and the process model. The simulation results are obtained mainly in the aspects of running time, queuing delay, throughput, and channel utilization. To show the performance of HB-MAP, simulation of two other protocols HB and LCAP (load-based concurrent access protocol) is also executed, and comparative analysis is carried out on the results. At the end of the paper, we show a simple process of the attacks and identify that the HB-MAP can defend against some attacks.展开更多
文摘From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.
文摘The low-cost RFID tags have very limited computing and storage resources and this makes it difficult to completely solve their security and privacy problems. Lightweight authentication is considered as one of the most effective methods to ensure the security in the RFID system. Many light-weight authentication protocols use Hash function and pseudorandom generator to ensure the anonymity and confidential communication of the RFID system. But these protocols do not provide such security as they claimed. By analyzing some typical Hash-based RFID authentication protocols, it is found that they are vulnerable to some common attacks. Many protocols cannot resist tracing attack and de-synchronization attack. Some protocols cannot provide forward security. Gy?z? Gódor and Sándor Imre proposed a Hash-based authentication protocol and they claimed their protocol could resist the well-known attacks. But by constructing some different attack scenarios, their protocol is shown to be vulnerable to tracing attack and de-synchronization attack. Based on the analysis for the Hash-based authentication protocols, some feasible suggestions are proposed to improve the security of the RFID authentication protocols.
基金国家自然科学基金,国家高技术研究发展计划(863计划),国家重点基础研究发展计划(973计划),the Foundation for Extraordinary Young Researchers under
文摘A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.
基金This work is supported by the National Grand Fundamental Research 973 Program of China under Grant No 2005CB321902, the National Natural Science Foundation of China under Grant Nos. 60496327, 10410638 and 60473004, German Research Foundation under Grant No. 446 CHV113/240/0-1, Guangdong Provincial Natural Science Foundation under Grant No. 04205407, and KAISI Fund in Sun Yat-Sen University.
文摘This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations: separating a principal executing a run of protocol from the role in the protocol, and inferring a principal's knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability (SAT) problem and efficiently implemented by a modern SAT solver.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)the joint funds of National Natural Science Foundation of China and Civil Aviation Administration of China(No.U2133203).
文摘Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.
文摘With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.
文摘The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.
文摘This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.
基金This work was supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00540,Development of Fast Design and Implementation of Cryptographic Algorithms based on GPU/ASIC).
文摘Vehicular ad hoc networks (VANETs) have attracted growing interest in both academia and industry because they can provide a viable solutionthat improves road safety and comfort for travelers on roads. However, wireless communications over open-access environments face many security andprivacy issues that may affect deployment of large-scale VANETs. Researchershave proposed different protocols to address security and privacy issues in aVANET, and in this study we cryptanalyze some of the privacy preservingprotocols to show that all existing protocols are vulnerable to the Sybilattack. The Sybil attack can be used by malicious actors to create fakeidentities that impair existing protocols, which allows them to imitate trafficcongestion or at worse cause an accident that may result in the loss of humanlife. This vulnerability exists because those protocols store vehicle identitiesin an encrypted form, and it is not possible to search over the encryptedidentities to find fake vehicles. This attack is serious in nature and veryprevalent for privacy-preserving protocols. To cope with this kind of attack,we propose a novel and practical protocol that uses Public key encryptionwith an equality test (PKEET) to search over the encrypted identities withoutleaking any information, and eventually eliminate the Sybil attack. Theproposed approach improves security and at the same time maintains privacyin VANET. Our performance analysis indicates that the proposed protocoloutperforms state-of-the-art protocols: The proposed beacon generation timeis constant compared to a linear increase in existing protocols, with beaconverification shown to be faster by 7.908%. Our communicational analysisshows that the proposed protocol with a beacon size of 322 bytes has the leastcommunicational overhead compared to other state-of-the-art protocols.
文摘Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and widespread connections.Wireless sensor networks(WSNs),which comprise various sensors,are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection,and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol forWSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSNis proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable forWSN environments.
基金partially supported by the National Natural Science Foundation of China under Grant No.61370203the China Postdoctoral Science Foundation under Grant No.2016M602675the Foundation of the Central Universities in China under Grant No.ZYGX2016J123。
文摘The radio frequency identification(RFID)technology has been widely used so far in industrial and commercial applications.To develop the RFID tags that support elliptic curve cryptography(ECC),we propose a scalable and mutual authentication protocol based on ECC.We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy.We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements.Compared with other recent ECCbased RFID authentication protocols,our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy,tag computation cost,and communications cost.
基金The KCC(Korea Communications Commission),Korea,under the R&D program supervised by the KCA(Korea Communi-cations Agency)(KCA-2012-08-911-05-001)
文摘A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol distributing a hierarchi- cal key after the proactive authentication from key holder to base station has been proposed. The proposed hybrid authenti- cation framework not only performs proaetive authentication with credentials based on Chameleon hashing, which removes the authentication procedures that exchanges messages with a authentication server, but also performs re-authentication with EAP re-authentication protocol(ERP) that distributes the hierarchical key on the basis of the root key generated by the pro- active authentication.
基金Supported by the Foundation and Frontier Research Program of Chongqing Science and Technology Commission of China under Grant No cstc2016jcyjA0571
文摘Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.
基金support from Abu Dhabi University’s Office of Research and Sponsored Programs Grant Number:19300810.
文摘Cookies are considered a fundamental means of web application services for authenticating various Hypertext Transfer Protocol(HTTP)requests andmaintains the states of clients’information over the Internet.HTTP cookies are exploited to carry client patterns observed by a website.These client patterns facilitate the particular client’s future visit to the corresponding website.However,security and privacy are the primary concerns owing to the value of information over public channels and the storage of client information on the browser.Several protocols have been introduced that maintain HTTP cookies,but many of those fail to achieve the required security,or require a lot of resource overheads.In this article,we have introduced a lightweight Elliptic Curve Cryptographic(ECC)based protocol for authenticating client and server transactions to maintain the privacy and security of HTTP cookies.Our proposed protocol uses a secret key embedded within a cookie.The proposed protocol ismore efficient and lightweight than related protocols because of its reduced computation,storage,and communication costs.Moreover,the analysis presented in this paper confirms that proposed protocol resists various known attacks.
基金This work is supported by the University of Malaya IIRG Grant(IIRG008A-19IISSN),Ministry of Education FRGS Grant(FP055-2019A)This work was also supported by Grant System of University of Zilina No.1/2020.(Project No.7962)partially supported by the Slovak Grant Agency for Science(VEGA)under Grant Number 1/0157/21.The authors are grateful to the Taif University Researchers Supporting Project(Number TURSP-2020/36),Taif University,Taif,Saudi Arabia.
文摘Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-relatedprocesses to attain more profits. However, such IoT based smart industriesneed internet connectivity and interoperability which makes them susceptibleto numerous cyber-attacks due to the scarcity of computational resourcesof IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoTenvironment. In this paper, we propose a hyperelliptic curve cryptography(HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with theaim of improving security while lowering computational and communicationoverhead in IIoT environment. HECC with 80-bit smaller key and parameterssizes offers similar security as elliptic curve cryptography (ECC) with 160-bitlong key and parameters sizes. We assessed the IIoT-CS scheme security byapplying formal and informal security evaluation techniques. We used Realor Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formalsecurity analysis and proved that the IIoT-CS scheme provides resistance tovarious attacks. Our proposed IIoT-CS scheme is relatively less expensivecompared to the current state-of-the-art in terms of computational cost andcommunication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively, compared to the most recent protocol.
文摘The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
基金Supported by the Key Laboratory Foundation of Communication Technology of China (9140C1103040902)
文摘Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.
基金National Natural Science Foundation of China under Grant No. 60772136,No. 61003300the 111 Development Program of China under Grant No. B08038+1 种基金the Doctoral Fund of Ministry of Education of China under Grant No. 20100203110002the Fundamental Research Funds for the Central Universities under Grant No. JY10000901018, No. JY10000901021, No. JY10000901032, No. JY10000901034,No. 72004985
文摘Martínez et al.have proposed a secure RFID protocol recently which relies exclusively on the use of Elliptic Curve Cryptography(ECC)combined with a zero knowledge-based authentication scheme.In this paper,we show that this proposed protocol is not secure against the tracking attack.To make the attack successful,the adversary needs to execute three phases.Firstly,the attacker just eavesdrops on the messages exchanged between Reader and Tag.Secondly,the attacker impersonates the Reader to replay the message which is obtained from the first phase.Finally,the adversary acts as a man in the middle to tamper the messages exchanged between Reader and Tag.Then we propose an enhancement and prove that the revision is secure against the tracking attack while keeping other security properties.
基金Supported by the National Nature Science Foundation of China(60902061)the National Key Technology R&D Program (2008BAH28B06-05,2012BAH17F01)+1 种基金the National Culture S&T Promotion Program (WHB1002)the National High Iechnology Research and Development Drogram of China(863 Program) (2012AA011702)
文摘HB-MAP (HB-mutual authentication protocol) is a mutual ultra-light-weight authentication protocol we have pro- posed before. In this paper, we present an HB-MAP simulation model. This model is based on the OPNET modeler and includes three parts, namely, the network model, the node model, and the process model. The simulation results are obtained mainly in the aspects of running time, queuing delay, throughput, and channel utilization. To show the performance of HB-MAP, simulation of two other protocols HB and LCAP (load-based concurrent access protocol) is also executed, and comparative analysis is carried out on the results. At the end of the paper, we show a simple process of the attacks and identify that the HB-MAP can defend against some attacks.
