To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortc...To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.展开更多
The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario....The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.展开更多
According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth a...According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth ad hoc network with the Ethernet is introduced first in detail. Then we propose a Bluetooth badge for storing the user's identification information. Finally, the authentication system based on Bluetooth badge and authentication network is introduced. It is demonstrated experimentally that the Bluetooth-based authentication technique can authenticate the user automatically.展开更多
A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-i...A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-in-the-Middle Attack. The biometric-PKI authentication system consists of current PKI authentication and biometric authentication, which employs biometric data and a public key from a digital certificate. In the proposed biometric-PKI authentication system, an au- thentication process performs that it extracts consistent features of fingerprint images, encrypts consistent features, and matches features with prepared templates. The simulation results of the proposed authentication system prove that our system achieves low false acceptance rate and high accuracy rate.展开更多
The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which co...The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which consists of two groups of metal counter-meshing gears, two pawl/ratchet mechanisms, two driving micromotors and two resetting micromotors. The energy-coupling element is a photoelectric sensor with a circular and notched plate. It is fabricated using the UV-LiGA process and precision mechanical engineering. The PC startup authentication system is controlled by BIOS program, which is written into the chip according with special format. The program in BIOS output signals controls the running of stronglink to finish the process of authentication. The device can run more than 10000 times before a stop. The driving voltage is 12 V, and the normal decoding time is 3 s.展开更多
Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet...Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.展开更多
Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range ...Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range of applications, from financial services and supply chain management to voting systems and identity verification. An organization must verify its candidates before selecting them. Choosing an unqualified candidate can ruin an organization’s reputation. In this paper, a blockchain-based academic certificate authentication system will be used to ensure authenticity and make the assertion of the decentralized system secure. However, the system will generate, authenticate and make corrections on academic certificates. Ultimately, some blockchain-based authentication systems already exist, they can’t correct any errors that occur during generation. A blockchain-based certificate authentication system was built using blockchain technology. Where admin could generate, authenticate and correct the certificate if necessary. The admin can also check how many times a certificate has been modified. Other users can only check the authenticity of the certificates. We’re using two blockchains to enable corrections. Blockchain technology can successfully implement a certificate authentication system. This system will eliminate doubts about the authenticity of certificates, provide fast responses, and ensure reliable and secure storage. The proposed system will help in many ways, such as providing a user-friendly university admission, and smooth job hiring process, etc. In conclusion, our proposed system can permanently eradicate certificate forgeries and create and promote trust in society.展开更多
Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements...Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.展开更多
The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a ri...The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.展开更多
Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more s...Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.展开更多
The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement proto...The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.展开更多
Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic to...Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.展开更多
Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share ...Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.展开更多
This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the fi...This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.展开更多
With the availability of low-cost radio frequency identification (RFID) tags,security becomes an increasing concern. However,such tags do not permit complex cryptographic functions due to their computational,communica...With the availability of low-cost radio frequency identification (RFID) tags,security becomes an increasing concern. However,such tags do not permit complex cryptographic functions due to their computational,communications,and storage limitations. In this paper,we investigate the security issues and requirements of RFID systems,and propose ultra-light weight and light weight protocols for low-cost RFID tags.The proposed protocols has been applied to a supply chain management system.展开更多
In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anony...In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.展开更多
Security threats to smart and autonomous vehicles cause potential consequences such as traffic accidents,economically damaging traffic jams,hijacking,motivating to wrong routes,and financial losses for businesses and ...Security threats to smart and autonomous vehicles cause potential consequences such as traffic accidents,economically damaging traffic jams,hijacking,motivating to wrong routes,and financial losses for businesses and governments.Smart and autonomous vehicles are connected wirelessly,which are more attracted for attackers due to the open nature of wireless communication.One of the problems is the rogue attack,in which the attacker pretends to be a legitimate user or access point by utilizing fake identity.To figure out the problem of a rogue attack,we propose a reinforcement learning algorithm to identify rogue nodes by exploiting the channel state information of the communication link.We consider the communication link between vehicle-to-vehicle,and vehicle-to-infrastructure.We evaluate the performance of our proposed technique by measuring the rogue attack probability,false alarm rate(FAR),mis-detection rate(MDR),and utility function of a receiver based on the test threshold values of reinforcement learning algorithm.The results show that the FAR and MDR are decreased significantly by selecting an appropriate threshold value in order to improve the receiver’s utility.展开更多
The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen,...The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen, and can be easily cracked. Nowadays, authentication systems using biometric technology have become more prevalent because of the advantages over password-based authentication systems. In this article, several biometfic authentication models are presented, upon which most biometric authentication systems are based. Biometric authentication systems based-on these models provide high security for access control in non-face-to-face environment such as e-commerce, over open network.展开更多
System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation ai...System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.展开更多
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(1ITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.
文摘The prodigious advancements in contemporary technologies have also brought in the situation of unprecedented cyber-attacks.Further,the pin-based security system is an inadequate mechanism for handling such a scenario.The reason is that hackers use multiple strategies for evading security systems and thereby gaining access to private data.This research proposes to deploy diverse approaches for authenticating and securing a connection amongst two devices/gadgets via sound,thereby disregarding the pins’manual verification.Further,the results demonstrate that the proposed approaches outperform conventional pin-based authentication or QR authentication approaches.Firstly,a random signal is encrypted,and then it is transformed into a wave file,after which it gets transmitted in a short burst via the device’s speakers.Subsequently,the other device/gadget captures these audio bursts through its microphone and decrypts the audio signal for getting the essential data for pairing.Besides,this model requires two devices/gadgets with speakers and a microphone,and no extra hardware such as a camera,for reading the QR code is required.The first module is tested with realtime data and generates high scores for the widely accepted accuracy metrics,including precision,Recall,F1 score,entropy,and mutual information(MI).Additionally,this work also proposes a module helps in a secured transmission of sensitive data by encrypting it over images and other files.This steganographic module includes two-stage encryption with two different encryption algorithms to transmit data by embedding inside a file.Several encryption algorithms and their combinations are taken for this system to compare the resultant file size.Both these systems engender high accuracies and provide secure connectivity,leading to a sustainable communication ecosystem.
基金the National Natural Science Foundation of China (No. 60773186)the Science and Technology Research Foundation of the Beijing Municipal Education Commission of China (No. KM200710005018)
文摘According to the requirement of natural human-computer interaction for Ambient Intelligence (Aml), a Bluetoothbased authentication technique is provided. An authentication network combining advantages of Bluetooth ad hoc network with the Ethernet is introduced first in detail. Then we propose a Bluetooth badge for storing the user's identification information. Finally, the authentication system based on Bluetooth badge and authentication network is introduced. It is demonstrated experimentally that the Bluetooth-based authentication technique can authenticate the user automatically.
文摘A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-in-the-Middle Attack. The biometric-PKI authentication system consists of current PKI authentication and biometric authentication, which employs biometric data and a public key from a digital certificate. In the proposed biometric-PKI authentication system, an au- thentication process performs that it extracts consistent features of fingerprint images, encrypts consistent features, and matches features with prepared templates. The simulation results of the proposed authentication system prove that our system achieves low false acceptance rate and high accuracy rate.
基金Sponsored by the National High Technology Research and Development Program (863 ) of China (Grant No.2003AA404210, 2005AA404250,2003AA404210, 2006AA01Z443)
文摘The stronglink with muhi-try function based on MEMS technology and the PC startup in authentication system have been designed and fabricated. The generation principle and structure of UQS code are introduced, which consists of two groups of metal counter-meshing gears, two pawl/ratchet mechanisms, two driving micromotors and two resetting micromotors. The energy-coupling element is a photoelectric sensor with a circular and notched plate. It is fabricated using the UV-LiGA process and precision mechanical engineering. The PC startup authentication system is controlled by BIOS program, which is written into the chip according with special format. The program in BIOS output signals controls the running of stronglink to finish the process of authentication. The device can run more than 10000 times before a stop. The driving voltage is 12 V, and the normal decoding time is 3 s.
文摘Faultless authentication of individuals by fingerprints results in high false rejections rate for rigorously built systems. Indeed, the authors prefer that the system erroneously reject a pattern when it does not meet a number of predetermined correspondence criteria. In this work, after discussing existing techniques, we propose a new algorithm to reduce the false rejection rate during the authentication-using fingerprint. This algorithm extracts the minutiae of the fingerprint with their relative orientations and classifies them according to the different classes already established;then, make the correspondence between two templates by simple probabilities calculations from a deep neural network. The merging of these operations provides very promising results both on the NIST4 international data reference and on the SOCFing database.
文摘Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range of applications, from financial services and supply chain management to voting systems and identity verification. An organization must verify its candidates before selecting them. Choosing an unqualified candidate can ruin an organization’s reputation. In this paper, a blockchain-based academic certificate authentication system will be used to ensure authenticity and make the assertion of the decentralized system secure. However, the system will generate, authenticate and make corrections on academic certificates. Ultimately, some blockchain-based authentication systems already exist, they can’t correct any errors that occur during generation. A blockchain-based certificate authentication system was built using blockchain technology. Where admin could generate, authenticate and correct the certificate if necessary. The admin can also check how many times a certificate has been modified. Other users can only check the authenticity of the certificates. We’re using two blockchains to enable corrections. Blockchain technology can successfully implement a certificate authentication system. This system will eliminate doubts about the authenticity of certificates, provide fast responses, and ensure reliable and secure storage. The proposed system will help in many ways, such as providing a user-friendly university admission, and smooth job hiring process, etc. In conclusion, our proposed system can permanently eradicate certificate forgeries and create and promote trust in society.
文摘Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.
基金supported by National Natural Science Foundation of China:Space-based occultation detection with ground-based GNSS atmospheric horizontal gradient model(41904033).
文摘The satellite-based augmentation system(SBAS)provides differential and integrity augmentation services for life safety fields of aviation and navigation.However,the signal structure of SBAS is public,which incurs a risk of spoofing attacks.To improve the anti-spoofing capability of the SBAS,European Union and the United States conduct research on navigation message authentication,and promote the standardization of SBAS message authentication.For the development of Beidou satellite-based augmentation system(BDSBAS),this paper proposes navigation message authentication based on the Chinese commercial cryptographic standards.Firstly,this paper expounds the architecture and principles of the SBAS message authentication,and then carries out the design of timed efficient streaming losstolerant authentication scheme(TESLA)and elliptic curve digital signature algorithm(ECDSA)authentication schemes based on Chinese commercial cryptographic standards,message arrangement and the design of over-the-air rekeying(OTAR)message.Finally,this paper conducts a theoretical analysis of the time between authentications(TBA)and maximum authentication latency(MAL)for L5 TESLA-I and L5 ECDSA-Q,and further simulates the reception time of OTAR message,TBA and MAL from the aspects of OTAR message weight and demodulation error rate.The simulation results can provide theoretical supports for the standardization of BDSBAS message authentication.
文摘Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金supported by the Key Project of Science and Technology Research by Chongqing Education Commission under Grant KJZD-K202400610the Chongqing Natural Science Foundation General Project Grant CSTB2025NSCQ-GPX1263.
文摘The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.
基金supported in part by National Natural Science Foundation of China(under Grant 61902163)the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.
基金Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.
基金This work is part of the‘Intelligent and Cyber-Secure Platform for Adaptive Optimization in the Simultaneous Operation of Heterogeneous Autonomous Robots(PICRAH4.0)’with reference MIG-20232082,funded by MCIN/AEI/10.13039/501100011033supported by the Universidad Internacional de La Rioja(UNIR)through the Precompetitive Research Project entitled“Nuevos Horizontes en Internet de las Cosas y NewSpace(NEWIOT)”,reference PP-2024-13,funded under the 2024 Call for Research Projects.
文摘This work evaluates an architecture for decentralized authentication of Internet of Things(IoT)devices in Low Earth Orbit(LEO)satellite networks using IOTA Identity technology.To the best of our knowledge,it is the first proposal to integrate IOTA’s Directed Acyclic Graph(DAG)-based identity framework into satellite IoT environments,enabling lightweight and distributed authentication under intermittent connectivity.The system leverages Decentralized Identifiers(DIDs)and Verifiable Credentials(VCs)over the Tangle,eliminating the need for mining and sequential blocks.An identity management workflow is implemented that supports the creation,validation,deactivation,and reactivation of IoT devices,and is experimentally validated on the Shimmer Testnet.Three metrics are defined and measured:resolution time,deactivation time,and reactivation time.To improve robustness,an algorithmic optimization is introduced that minimizes communication overhead and reduces latency during deactivation.The experimental results are compared with orbital simulations of satellite revisit times to assess operational feasibility.Unlike blockchain-based approaches,which typically suffer from high confirmation delays and scalability constraints,the proposed DAG architecture provides fast,cost-free operations suitable for resource-constrained IoT devices.The results show that authentication can be efficiently performed within satellite connectivity windows,positioning IOTA Identity as a viable solution for secure and scalable IoT authentication in LEO satellite networks.
文摘With the availability of low-cost radio frequency identification (RFID) tags,security becomes an increasing concern. However,such tags do not permit complex cryptographic functions due to their computational,communications,and storage limitations. In this paper,we investigate the security issues and requirements of RFID systems,and propose ultra-light weight and light weight protocols for low-cost RFID tags.The proposed protocols has been applied to a supply chain management system.
基金supported in part by the European Commission Marie Curie IRSES project "AdvIOT"the National Natural Science Foundation of China (NSFC) under grant No.61372103
文摘In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.
基金This work was partially supported by The China’s National Key R&D Program(No.2018YFB0803600)Natural Science Foundation of China(No.61801008)+2 种基金Beijing Natural Science Foundation National(No.L172049)Scientific Research Common Program of Beijing Municipal Commission of Education(No.KM201910005025)Defense Industrial Technology Development Program(No.JCKY2016204A102)sponsored this research in parts.
文摘Security threats to smart and autonomous vehicles cause potential consequences such as traffic accidents,economically damaging traffic jams,hijacking,motivating to wrong routes,and financial losses for businesses and governments.Smart and autonomous vehicles are connected wirelessly,which are more attracted for attackers due to the open nature of wireless communication.One of the problems is the rogue attack,in which the attacker pretends to be a legitimate user or access point by utilizing fake identity.To figure out the problem of a rogue attack,we propose a reinforcement learning algorithm to identify rogue nodes by exploiting the channel state information of the communication link.We consider the communication link between vehicle-to-vehicle,and vehicle-to-infrastructure.We evaluate the performance of our proposed technique by measuring the rogue attack probability,false alarm rate(FAR),mis-detection rate(MDR),and utility function of a receiver based on the test threshold values of reinforcement learning algorithm.The results show that the FAR and MDR are decreased significantly by selecting an appropriate threshold value in order to improve the receiver’s utility.
基金National Natural Science Foundation of China (60372094) Beijing Natural Science Foundation (4062025).
文摘The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen, and can be easily cracked. Nowadays, authentication systems using biometric technology have become more prevalent because of the advantages over password-based authentication systems. In this article, several biometfic authentication models are presented, upon which most biometric authentication systems are based. Biometric authentication systems based-on these models provide high security for access control in non-face-to-face environment such as e-commerce, over open network.
基金funded by the National Natural Science Foundation of China(62172418)the Joint Funds of the National Natural Science Foundation of China and the Civil Aviation Administration of China(U2133203)+1 种基金the Education Commission Scientific Research Project of Tianjin China(2022KJ081)the Open Fund of Key Laboratory of Civil Aircraft Airworthiness Technology(SH2021111907).
文摘System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.
