With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric ...With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric based user authentication scheme in wireless sensor networks using smart cards in 2019.But we found that Banerjee et al's authentication scheme is vulnerable to impersonation attacks.In order to overcome the weaknesses of Banerjee et al's scheme,we propose a new authentication scheme.In our proposed scheme,we only use the exclusive-or operation and one-way Hash function for the efficiency,which can reduce the computation burden for the IoT devices.In the authentication and session key agreement phase,the secret registration parameter is not used for the authentication,and the session key is given for the all entities.In the Devol-Yao threat model,the security analysis demonstrates that our proposed authentication scheme can resist well-known attacks.展开更多
In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an i...In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et aL's scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.展开更多
With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devic...With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.展开更多
Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem th...Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.展开更多
Fog computing utilizes devices in the edge network to transmit data with very low latency and supports high mobility. However, fog computing inherits security and privacy problems from cloud computing. Therefore, vari...Fog computing utilizes devices in the edge network to transmit data with very low latency and supports high mobility. However, fog computing inherits security and privacy problems from cloud computing. Therefore, various privacy schemes for fog computing have been proposed to prevent different types of attacks. Recently, Weng et al proposed a fog computing authentication scheme;after analyzing, we found that Weng et al's scheme cannot resist user tracking attack and user impersonation attack. Then, we propose an improved scheme through adding a password, modifying the calculation method of Ei, and adding timestamps. In addition, we also compare the improved scheme with existing authentication schemes in terms of security and computational efficiency. The results show that the improved scheme is more secure and has less computation.展开更多
Telecare Medical Information System(TMIS) can provide various telemedicine services to patients. However, information is communicated over an open channel. An attacker may intercept, replay, or modify this information...Telecare Medical Information System(TMIS) can provide various telemedicine services to patients. However, information is communicated over an open channel. An attacker may intercept, replay, or modify this information. Therefore, many authentication schemes are proposed to provide secure communication for TMIS. Recently, Yu et al proposed a privacy-preserving authentication scheme in the Internet of Medical Things(IoMT)-enabled TMIS environments. They emphasize that their scheme is resistant to various attacks and ensures anonymity. Unfortunately, this paper demonstrates that Yu et al's scheme is vulnerable to impersonation attacks, replay attacks, and tracking attacks and cannot mutually authenticate. To overcome the shortcomings of Yu et al's scheme, we mainly improve the authentication and key agreement process and propose a corresponding improved scheme. We also compare the improved scheme with several existing authentication schemes in terms of security and computational efficiency.展开更多
Wireless sensor networks (WSNs) are used to monitor various environmental conditions including movement, pollution level, temperature, humidity, and etc. Secure authentication is very important for the success of WSNs...Wireless sensor networks (WSNs) are used to monitor various environmental conditions including movement, pollution level, temperature, humidity, and etc. Secure authentication is very important for the success of WSNs. Li <i>et al</i>. proposed a three-factor anonymous authentication scheme in WSNs over Internet of things (IoT). They argued that their authentication scheme achieves more security and functional features, which are required for WSNs over IoT. Especially, they insisted that their user authentication scheme provides security against sensor node impersonation attack, and resists session-specific temporary information attack and various other attacks. However, this paper shows some security weaknesses in Li <i>et al</i>.’s scheme, especially focused on sensor node masquerading attack, known session-specific temporary information attack and deficiency of perfect forward secrecy. Especially, security considerations are very important to the modern IoT based applications. Thereby, the result of this paper could be very helpful for the IoT security researches.展开更多
Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifi...Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifier. However, existing authentication schemes are impractical because they neglect to provide an exclusive verification of the blacklist. In addition, the schemes are unaware of malicious members who are involved in privilege transferring. In this paper, a novel membership authentication scheme providing detection of membership transfer and proof of membership exclusiveness to the blacklist is proposed.展开更多
Existing commitment schemes were addressed under the classic two-party scenario, However, popularity of the secure multi-party computation in today's lush network communication is motivating us to adopt more sophisti...Existing commitment schemes were addressed under the classic two-party scenario, However, popularity of the secure multi-party computation in today's lush network communication is motivating us to adopt more sophisticate commitment schemes. In this paper, we study for the first time multireceiver commitment in unconditionally secure setting, i.e., one committer promises a group of verifiers a common secret value (in computational setting it is trivial). We extend the Rivest model for this purpose and present a provably secure generic construction using multireceiver authentication codes (without secrecy) as building blocks. Two concrete schemes are proposed as its immediate implementations, which are almost as efficient as an optimal MRA-code. We believe using other primitives to construct variants of this concept will open doors for more interesting research.展开更多
A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our s...A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our scheme can be instantiated with any computational secure key derivation and message authentication functions. Thus it extends the applicability of the Kurosawa-Desmedt scheme and improves its efficiency.展开更多
The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countri...The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.展开更多
以提供安全、可靠的保密通信为目标的组密钥管理方案是移动自组网安全研究领域中的一个热点.然而,固有的动态性、资源受限和无固定基础设施等特点使得目前已有组密钥管理方案不能很好地适用于MANET.针对MANET组密钥管理面临的诸多挑战,...以提供安全、可靠的保密通信为目标的组密钥管理方案是移动自组网安全研究领域中的一个热点.然而,固有的动态性、资源受限和无固定基础设施等特点使得目前已有组密钥管理方案不能很好地适用于MANET.针对MANET组密钥管理面临的诸多挑战,提出一种高效的安全组密钥管理方案(an efficient and secure group key management,ESGKM).ESGKM无需控制中心,所有成员通过协商共同生成组共享秘密密钥,提高了方案的安全性,并能很好地适应拓扑频繁变化的MANET环境.基于ECC和双线性对的密码体制提高了组密钥生成的效率,同时组成员能够对接收的子密钥份额和组密钥份额进行验证,进一步增加了方案的安全性.该方案还提出基于组密钥服务中心(group key ervice center,GKSC)的组密钥更新和一致性管理算法,有效减少了ESGKM通信开销和计算量,避免了组密钥不一致造成节点孤立.使用串空间模型对ESGKM方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD,A-GDH和TGDH协议比较,表明ESGKM能有效减少节点和网络资源消耗,很好地适用于动态的MANET环境,具有更为明显的性能优势.展开更多
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)。
文摘With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric based user authentication scheme in wireless sensor networks using smart cards in 2019.But we found that Banerjee et al's authentication scheme is vulnerable to impersonation attacks.In order to overcome the weaknesses of Banerjee et al's scheme,we propose a new authentication scheme.In our proposed scheme,we only use the exclusive-or operation and one-way Hash function for the efficiency,which can reduce the computation burden for the IoT devices.In the authentication and session key agreement phase,the secret registration parameter is not used for the authentication,and the session key is given for the all entities.In the Devol-Yao threat model,the security analysis demonstrates that our proposed authentication scheme can resist well-known attacks.
文摘In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et aL's scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.
基金Supported by Research Project of Undergraduate Teaching Reform and Quality Construction in Tianjin Colleges and Universities in 2023(B231005806)。
文摘With the rapid development of Internet of Things(IoT)technology,smart home users can access and control smart devices remotely to enjoy convenient and efficient services.However,sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels.At the same time,the security of resource-constrained smart devices is low,and attackers may use the controlled devices to carry out malicious operations further.To address the aforementioned existing security issues,this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments.At the same time,the security analysis is carried out to further prove the proposed scheme's security.Finally,the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.
基金This research is funded by UKM under Grant No.GUP-2020-029.
文摘Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.
文摘Fog computing utilizes devices in the edge network to transmit data with very low latency and supports high mobility. However, fog computing inherits security and privacy problems from cloud computing. Therefore, various privacy schemes for fog computing have been proposed to prevent different types of attacks. Recently, Weng et al proposed a fog computing authentication scheme;after analyzing, we found that Weng et al's scheme cannot resist user tracking attack and user impersonation attack. Then, we propose an improved scheme through adding a password, modifying the calculation method of Ei, and adding timestamps. In addition, we also compare the improved scheme with existing authentication schemes in terms of security and computational efficiency. The results show that the improved scheme is more secure and has less computation.
文摘Telecare Medical Information System(TMIS) can provide various telemedicine services to patients. However, information is communicated over an open channel. An attacker may intercept, replay, or modify this information. Therefore, many authentication schemes are proposed to provide secure communication for TMIS. Recently, Yu et al proposed a privacy-preserving authentication scheme in the Internet of Medical Things(IoMT)-enabled TMIS environments. They emphasize that their scheme is resistant to various attacks and ensures anonymity. Unfortunately, this paper demonstrates that Yu et al's scheme is vulnerable to impersonation attacks, replay attacks, and tracking attacks and cannot mutually authenticate. To overcome the shortcomings of Yu et al's scheme, we mainly improve the authentication and key agreement process and propose a corresponding improved scheme. We also compare the improved scheme with several existing authentication schemes in terms of security and computational efficiency.
文摘Wireless sensor networks (WSNs) are used to monitor various environmental conditions including movement, pollution level, temperature, humidity, and etc. Secure authentication is very important for the success of WSNs. Li <i>et al</i>. proposed a three-factor anonymous authentication scheme in WSNs over Internet of things (IoT). They argued that their authentication scheme achieves more security and functional features, which are required for WSNs over IoT. Especially, they insisted that their user authentication scheme provides security against sensor node impersonation attack, and resists session-specific temporary information attack and various other attacks. However, this paper shows some security weaknesses in Li <i>et al</i>.’s scheme, especially focused on sensor node masquerading attack, known session-specific temporary information attack and deficiency of perfect forward secrecy. Especially, security considerations are very important to the modern IoT based applications. Thereby, the result of this paper could be very helpful for the IoT security researches.
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
文摘Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifier. However, existing authentication schemes are impractical because they neglect to provide an exclusive verification of the blacklist. In addition, the schemes are unaware of malicious members who are involved in privilege transferring. In this paper, a novel membership authentication scheme providing detection of membership transfer and proof of membership exclusiveness to the blacklist is proposed.
基金Supported by the Foundation of Development and Reform Commission of China under Grant High-Tech ([2007] 2367)
文摘Existing commitment schemes were addressed under the classic two-party scenario, However, popularity of the secure multi-party computation in today's lush network communication is motivating us to adopt more sophisticate commitment schemes. In this paper, we study for the first time multireceiver commitment in unconditionally secure setting, i.e., one committer promises a group of verifiers a common secret value (in computational setting it is trivial). We extend the Rivest model for this purpose and present a provably secure generic construction using multireceiver authentication codes (without secrecy) as building blocks. Two concrete schemes are proposed as its immediate implementations, which are almost as efficient as an optimal MRA-code. We believe using other primitives to construct variants of this concept will open doors for more interesting research.
基金the National Basic Research Program(973) of China (No 2007CB807903)the National Natural Science Foundation of China (No. 60743006)+1 种基金the Natural Science Foundation of Shandong Province(No. Y2007G15)the Shandong Grant program for Post PH.D (No. 200601002)
文摘A Cramer-Shoup scheme was modified in a variant way. The major advantage with respect to Kurosawa-Desmedt scheme is that it saves a key parameter and produces shorter ciphertext. The proof of security shows that our scheme can be instantiated with any computational secure key derivation and message authentication functions. Thus it extends the applicability of the Kurosawa-Desmedt scheme and improves its efficiency.
文摘The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.
文摘以提供安全、可靠的保密通信为目标的组密钥管理方案是移动自组网安全研究领域中的一个热点.然而,固有的动态性、资源受限和无固定基础设施等特点使得目前已有组密钥管理方案不能很好地适用于MANET.针对MANET组密钥管理面临的诸多挑战,提出一种高效的安全组密钥管理方案(an efficient and secure group key management,ESGKM).ESGKM无需控制中心,所有成员通过协商共同生成组共享秘密密钥,提高了方案的安全性,并能很好地适应拓扑频繁变化的MANET环境.基于ECC和双线性对的密码体制提高了组密钥生成的效率,同时组成员能够对接收的子密钥份额和组密钥份额进行验证,进一步增加了方案的安全性.该方案还提出基于组密钥服务中心(group key ervice center,GKSC)的组密钥更新和一致性管理算法,有效减少了ESGKM通信开销和计算量,避免了组密钥不一致造成节点孤立.使用串空间模型对ESGKM方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD,A-GDH和TGDH协议比较,表明ESGKM能有效减少节点和网络资源消耗,很好地适用于动态的MANET环境,具有更为明显的性能优势.
