To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortc...To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.展开更多
The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario....The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.展开更多
According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth a...According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth ad hoc network with the Ethernet is introduced first in detail. Then we propose a Bluetooth badge for storing the user's identification information. Finally, the authentication system based on Bluetooth badge and authentication network is introduced. It is demonstrated experimentally that the Bluetooth-based authentication technique can authenticate the user automatically.展开更多
A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-i...A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-in-the-Middle Attack. The biometric-PKI authentication system consists of current PKI authentication and biometric authentication, which employs biometric data and a public key from a digital certificate. In the proposed biometric-PKI authentication system, an au- thentication process performs that it extracts consistent features of fingerprint images, encrypts consistent features, and matches features with prepared templates. The simulation results of the proposed authentication system prove that our system achieves low false acceptance rate and high accuracy rate.展开更多
The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which co...The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which consists of two groups of metal counter-meshing gears, two pawl/ratchet mechanisms, two driving micromotors and two resetting micromotors. The energy-coupling element is a photoelectric sensor with a circular and notched plate. It is fabricated using the UV-LiGA process and precision mechanical engineering. The PC startup authentication system is controlled by BIOS program, which is written into the chip according with special format. The program in BIOS output signals controls the running of stronglink to finish the process of authentication. The device can run more than 10000 times before a stop. The driving voltage is 12 V, and the normal decoding time is 3 s.展开更多
Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet...Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.展开更多
Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range ...Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range of applications, from financial services and supply chain management to voting systems and identity verification. An organization must verify its candidates before selecting them. Choosing an unqualified candidate can ruin an organization’s reputation. In this paper, a blockchain-based academic certificate authentication system will be used to ensure authenticity and make the assertion of the decentralized system secure. However, the system will generate, authenticate and make corrections on academic certificates. Ultimately, some blockchain-based authentication systems already exist, they can’t correct any errors that occur during generation. A blockchain-based certificate authentication system was built using blockchain technology. Where admin could generate, authenticate and correct the certificate if necessary. The admin can also check how many times a certificate has been modified. Other users can only check the authenticity of the certificates. We’re using two blockchains to enable corrections. Blockchain technology can successfully implement a certificate authentication system. This system will eliminate doubts about the authenticity of certificates, provide fast responses, and ensure reliable and secure storage. The proposed system will help in many ways, such as providing a user-friendly university admission, and smooth job hiring process, etc. In conclusion, our proposed system can permanently eradicate certificate forgeries and create and promote trust in society.展开更多
Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements...Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.展开更多
Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more s...Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.展开更多
The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware ...With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.展开更多
With the proliferation of online services and applications,adopting Single Sign-On(SSO)mechanisms has become increasingly prevalent.SSO enables users to authenticate once and gain access to multiple services,eliminati...With the proliferation of online services and applications,adopting Single Sign-On(SSO)mechanisms has become increasingly prevalent.SSO enables users to authenticate once and gain access to multiple services,eliminating the need to provide their credentials repeatedly.However,this convenience raises concerns about user security and privacy.The increasing reliance on SSO and its potential risks make it imperative to comprehensively review the various SSO security and privacy threats,identify gaps in existing systems,and explore effective mitigation solutions.This need motivated the first systematic literature review(SLR)of SSO security and privacy,conducted in this paper.The SLR is performed based on rigorous structured research methodology with specific inclusion/exclusion criteria and focuses specifically on the Web environment.Furthermore,it encompasses a meticulous examination and thematic synthesis of 88 relevant publications selected out of 2315 journal articles and conference/proceeding papers published between 2017 and 2024 from reputable academic databases.The SLR highlights critical security and privacy threats relating to SSO systems,reveals significant gaps in existing countermeasures,and emphasizes the need for more comprehensive protection mechanisms.The findings of this SLR will serve as an invaluable resource for scientists and developers interested in enhancing the security and privacy preservation of SSO and designing more efficient and robust SSO systems,thus contributing to the development of the authentication technologies field.展开更多
Cyber-Physical System (CPS) devices are increasing exponentially. Lacking confidentiality creates a vulnerable network. Thus, demanding the overall system with the latest and robust solutions for the defence mechanism...Cyber-Physical System (CPS) devices are increasing exponentially. Lacking confidentiality creates a vulnerable network. Thus, demanding the overall system with the latest and robust solutions for the defence mechanisms with low computation cost, increased integrity, and surveillance. The proposal of a mechanism that utilizes the features of authenticity measures using the Destination Sequence Distance Vector (DSDV) routing protocol which applies to the multi-WSN (Wireless Sensor Network) of IoT devices in CPS which is developed for the Device-to-Device (D2D) authentication developed from the local-chain and public chain respectively combined with the Software Defined Networking (SDN) control and monitoring system using switches and controllers that will route the packets through the network, identify any false nodes, take preventive measures against them and preventing them for any future problems. Next, the system is powered by Blockchain cryptographic features by utilizing the TrustChain features to create a private, secure, and temper-free ledger of the transactions performed inside the network. Results are achieved in the legitimate devices connecting to the network, transferring their packets to their destination under supervision, reporting whenever a false node is causing hurdles, and recording the transactions for temper-proof records. Evaluation results based on 1000+ transactions illustrate that the proposed mechanism not only outshines most aspects of Cyber-Physical systems but also consumes less computation power with a low latency of 0.1 seconds only.展开更多
Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier ap...Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.展开更多
As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the ...To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.展开更多
As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in...As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.展开更多
How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with ...How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.展开更多
With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehi...With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.展开更多
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(1ITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.
文摘The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.
基金the National Natural Science Foundation of China (No. 60773186)the Science and Technology Research Foundation of the Beijing Municipal Education Commission of China (No. KM200710005018)
文摘According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth ad hoc network with the Ethernet is introduced first in detail. Then we propose a Bluetooth badge for storing the user's identification information. Finally, the authentication system based on Bluetooth badge and authentication network is introduced. It is demonstrated experimentally that the Bluetooth-based authentication technique can authenticate the user automatically.
文摘A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-in-the-Middle Attack. The biometric-PKI authentication system consists of current PKI authentication and biometric authentication, which employs biometric data and a public key from a digital certificate. In the proposed biometric-PKI authentication system, an au- thentication process performs that it extracts consistent features of fingerprint images, encrypts consistent features, and matches features with prepared templates. The simulation results of the proposed authentication system prove that our system achieves low false acceptance rate and high accuracy rate.
基金Sponsored by the National High Technology Research and Development Program (863 ) of China (Grant No.2003AA404210, 2005AA404250,2003AA404210, 2006AA01Z443)
文摘The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which consists of two groups of metal counter-meshing gears, two pawl/ratchet mechanisms, two driving micromotors and two resetting micromotors. The energy-coupling element is a photoelectric sensor with a circular and notched plate. It is fabricated using the UV-LiGA process and precision mechanical engineering. The PC startup authentication system is controlled by BIOS program, which is written into the chip according with special format. The program in BIOS output signals controls the running of stronglink to finish the process of authentication. The device can run more than 10000 times before a stop. The driving voltage is 12 V, and the normal decoding time is 3 s.
文摘Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.
文摘Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range of applications, from financial services and supply chain management to voting systems and identity verification. An organization must verify its candidates before selecting them. Choosing an unqualified candidate can ruin an organization’s reputation. In this paper, a blockchain-based academic certificate authentication system will be used to ensure authenticity and make the assertion of the decentralized system secure. However, the system will generate, authenticate and make corrections on academic certificates. Ultimately, some blockchain-based authentication systems already exist, they can’t correct any errors that occur during generation. A blockchain-based certificate authentication system was built using blockchain technology. Where admin could generate, authenticate and correct the certificate if necessary. The admin can also check how many times a certificate has been modified. Other users can only check the authenticity of the certificates. We’re using two blockchains to enable corrections. Blockchain technology can successfully implement a certificate authentication system. This system will eliminate doubts about the authenticity of certificates, provide fast responses, and ensure reliable and secure storage. The proposed system will help in many ways, such as providing a user-friendly university admission, and smooth job hiring process, etc. In conclusion, our proposed system can permanently eradicate certificate forgeries and create and promote trust in society.
文摘Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.
文摘Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金funded by the College-level Characteristic Teaching Material Project(Project No.20220119Z0221)The College Teaching Incubation Project(Project No.20220120Z0220)+3 种基金The Ministry of Education Industry-University Cooperation Collaborative Education Project(Project No.20220163H0211)The Central Universities Basic Scientific Research Fund(Project No.3282024009,20230051Z0114,and 20230050Z0114)The Beijing Higher Education“Undergraduate Teaching Reform and Innovation Project”(Project No.20220121Z0208 and 202110018002)The College Discipline Construction Project(Project No.20230007Z0452 and 20230010Z0452)。
文摘With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.
文摘With the proliferation of online services and applications,adopting Single Sign-On(SSO)mechanisms has become increasingly prevalent.SSO enables users to authenticate once and gain access to multiple services,eliminating the need to provide their credentials repeatedly.However,this convenience raises concerns about user security and privacy.The increasing reliance on SSO and its potential risks make it imperative to comprehensively review the various SSO security and privacy threats,identify gaps in existing systems,and explore effective mitigation solutions.This need motivated the first systematic literature review(SLR)of SSO security and privacy,conducted in this paper.The SLR is performed based on rigorous structured research methodology with specific inclusion/exclusion criteria and focuses specifically on the Web environment.Furthermore,it encompasses a meticulous examination and thematic synthesis of 88 relevant publications selected out of 2315 journal articles and conference/proceeding papers published between 2017 and 2024 from reputable academic databases.The SLR highlights critical security and privacy threats relating to SSO systems,reveals significant gaps in existing countermeasures,and emphasizes the need for more comprehensive protection mechanisms.The findings of this SLR will serve as an invaluable resource for scientists and developers interested in enhancing the security and privacy preservation of SSO and designing more efficient and robust SSO systems,thus contributing to the development of the authentication technologies field.
基金funded by Ajman University,AU-Funded Research Grant 2023-IRG-ENIT-22.
文摘Cyber-Physical System (CPS) devices are increasing exponentially. Lacking confidentiality creates a vulnerable network. Thus, demanding the overall system with the latest and robust solutions for the defence mechanisms with low computation cost, increased integrity, and surveillance. The proposal of a mechanism that utilizes the features of authenticity measures using the Destination Sequence Distance Vector (DSDV) routing protocol which applies to the multi-WSN (Wireless Sensor Network) of IoT devices in CPS which is developed for the Device-to-Device (D2D) authentication developed from the local-chain and public chain respectively combined with the Software Defined Networking (SDN) control and monitoring system using switches and controllers that will route the packets through the network, identify any false nodes, take preventive measures against them and preventing them for any future problems. Next, the system is powered by Blockchain cryptographic features by utilizing the TrustChain features to create a private, secure, and temper-free ledger of the transactions performed inside the network. Results are achieved in the legitimate devices connecting to the network, transferring their packets to their destination under supervision, reporting whenever a false node is causing hurdles, and recording the transactions for temper-proof records. Evaluation results based on 1000+ transactions illustrate that the proposed mechanism not only outshines most aspects of Cyber-Physical systems but also consumes less computation power with a low latency of 0.1 seconds only.
基金supported by Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2022-II221200)Convergence Security Core Talent Training Business(Chungnam National University).
文摘Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
文摘To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.
基金supported by National Natural Science Foundation of China(No.61931020,No.U19B2024 and No.62371462).
文摘How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.
