The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’...Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.展开更多
The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system....The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. ...A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.展开更多
A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit tw...A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.展开更多
With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's ...With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.展开更多
From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence...From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathologic...Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathological changes in blood cell morphology.In the biology and medicine automation trend,blood smears'automated management and analysis is very necessary.An online blood smear automatic microscopic image detection system has been constructed.It includes an online blood smear automatic producing part and a blood smear automatic micro-scopic image detection part.Online identity authentication is at the core of the system.The identifiers printed online always present dot matrix digit code(DMDC)whose stroke is not continuous.Considering the particularities of DMDC and the complexities of online application environment,an online identity authentication method for blood smear with heterological theory is proposed.By synthesizing the certain regional features according to the heterological theory,high identification accuracy and high speed have been guaranteed with few features required.In the experiment,the suficient correct matches bet ween the tube barcode and the identification result verified its feasibility and validity.展开更多
As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality....As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality.The existing public key infrastructure(PKI)-based security authentication scheme is currently difficult to apply in many terminals in IoT.Its key distribution and management costs are high,which hinders the development of power IoT security construction.Combined Public Key(CPK)technology uses a small number of seeds to generate unlimited public keys.It is very suitable for identity authentication in the power Internet of Things.In this paper,we propose a novel identity authentication scheme for power IoT.The scheme combines the physical unclonable function(PUF)with improved CPK technology to achieve mutual identity authentication between power IoT terminals and servers.The proposed scheme does not require third-party authentication and improves the security of identity authentication for power IoT.Moreover,the scheme reduces the resource consumption of power IoT devices.The improved CPK algorithm solves the key collision problem,and the third party only needs to save the private key and the public key matrix.Experimental results show that the amount of storage resources occupied in our scheme is small.The proposed scheme is more suitable for the power IoT.展开更多
The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to...The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to illegal users who cannot access legal users’ privacy information. This paper studies identity authentication using user action. This scheme does not rely on the password or biometric identification. It checks user identity just by user action features. We utilize sensors installed in smartphones and collect their data when the user waves the phone. We collect these data, process them and feed them into neural networks to realize identity recognition. We invited 13 participants and collected about 350 samples for each person. The sampling frequency is set at 200 Hz, and DenseNet is chosen as the neural network to validate system performance. The result shows that the neural network can effectively recognize user identity and achieve an authentication accuracy of 96.69 percent.展开更多
Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements...Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.展开更多
To address identity forgery and privacy leakage in Internet of vehicles(loV)within intelligent transportation systems,we propose an efficient cross-domain identity authentication(IA)scheme based on blockchain and cert...To address identity forgery and privacy leakage in Internet of vehicles(loV)within intelligent transportation systems,we propose an efficient cross-domain identity authentication(IA)scheme based on blockchain and certificateless cryptography.However,existing IA schemes often suffer from high computational overhead,limited scalability,or inadequate support for cross-domain scenarios.First,a distributed authentication architecture is designed,and an offchain storage mechanism combining blockchain and distributed hash table(DHT)to reduce storage costs.Second,a key generation scheme based on certificateless cryptography is designed to address key escrow problem.Third,a conditional privacy protection mechanism is proposed to achieve both anonymity and traceability of vehicle identities.A formal privacy evaluation is provided based on k-anonymity quantifies anonymity level under realistic adversary models.Finally,performance evaluations are conducted in terms of authentication delay,throughput,and success rate,demonstrating that the proposed scheme improves authentication efficiency while enhancing the system security and privacy.展开更多
In the Internet of Things(IoT),a large number of devices are connected using a variety of communication technologies to ensure that they can communicate both physically and over the network.However,devices face the ch...In the Internet of Things(IoT),a large number of devices are connected using a variety of communication technologies to ensure that they can communicate both physically and over the network.However,devices face the challenge of a single point of failure,a malicious user may forge device identity to gain access and jeopardize system security.In addition,devices collect and transmit sensitive data,and the data can be accessed or stolen by unauthorized user,leading to privacy breaches,which posed a significant risk to both the confidentiality of user information and the protection of device integrity.Therefore,in order to solve the above problems and realize the secure transmission of data,this paper proposed EBIAS,a secure and efficient blockchain-based identity authentication scheme designed for IoT devices.First,EBIAS combined the Elliptic Curve Cryptography(ECC)algorithm and the SHA-256 algorithm to achieve encrypted communication of the sensitive data.Second,EBIAS integrated blockchain to tackle the single point of failure and ensure the integrity of the sensitive data.Finally,we performed security analysis and conducted sufficient experiment.The analysis and experimental results demonstrate that EBIAS has certain improvements on security and performance compared with the previous schemes,which further proves the feasibility and effectiveness of EBIAS.展开更多
To solve the privacy leakage and identity island problems in cross-chain interaction,we propose an anti-quantum cross-chain identity authentication approach based on dynamic group signature(DGS-AQCCIDAA)for smart educ...To solve the privacy leakage and identity island problems in cross-chain interaction,we propose an anti-quantum cross-chain identity authentication approach based on dynamic group signature(DGS-AQCCIDAA)for smart education.The relay-based cross-chain model promotes interconnection in heterogeneous consortium blockchains.DGS is used as the endorsement strategy for cross-chain identity authentication.Our approach can ensure quantum security under the learning with error(LWE)and inhomogeneous small integer solution(ISIS)assumptions,and it uses non-interactive zero-knowledge proof(NIZKP)to protect user identity privacy.Our scheme has low calculation overhead and provides anonymous cross-chain identity authentication in the smart education system.展开更多
As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents p...As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents problems of information leakage and single point of failure,and those related to key escrow.Therefore,herein,an effective IA model based on multiattribute centers is designed.First,a private key of each attribute of a data requester is generated by the attribute authorization center.After obtaining the private key of attribute,the data requester generates a personal private key.Second,a dynamic key generation algorithm is proposed,which combines blockchain and smart contracts to periodically update the key of a data requester to prevent theft by external attackers,ensure the traceability of IA,and reduce the risk of privacy leakage.Third,the combination of blockchain and interplanetary file systems is used to store attribute field information of the data requester to further reduce the cost of blockchain information storage and improve the effectiveness of information storage.Experimental results show that the proposed model ensures the privacy and security of identity information and outperforms similar authentication models in terms of computational and communication costs.展开更多
The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are ...The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.展开更多
In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leaka...In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金supported by the National Natural Science Foundation of China(Grant Nos.12175106 and 92365110)the Postgraduate Research and Practice Innovation Program of Jiangsu Province,China(Grant No.KYCX23-0987).
文摘Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.
基金This work was supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418).
文摘The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
基金supported by the National High-Tech Research,Development Plan of China (Grant Nos 2006AA01Z440,2009AA012441 and 2009AA012437)National Basic Research Program of China (973 Program) (Grant No 2007CB311100)+5 种基金the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Scientific Research Common Program of Beijing Municipal Commission of Education (Grant No KM200810005004)Beijing Natural Science Foundation (Grant No 1093015)the Open Research Fund of National Mobile Communications Research Laboratory,Southeast Universitythe ISN Open FoundationScience and Technology Program of Beijing (Grant No Z07000100720706)
文摘A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 60572071 and 60873101)Natural Science Foundation of Jiangsu Province (Grant Nos BM2006504, BK2007104 and BK2008209)College Natural Science Foundation of Jiangsu Province (Grant No 06KJB520137)
文摘A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.
基金supported by the Natural Science Foundation of Shanghai(20ZR1419700 and 22ZR1481000)Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(HNTS2022011)。
文摘With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.
文摘From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金supported by the 863 National Plan Foundation of China under Grant No.2007AA01Z333 and Special Grand National Project of China under Grant No.2009ZX02204-008.
文摘Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathological changes in blood cell morphology.In the biology and medicine automation trend,blood smears'automated management and analysis is very necessary.An online blood smear automatic microscopic image detection system has been constructed.It includes an online blood smear automatic producing part and a blood smear automatic micro-scopic image detection part.Online identity authentication is at the core of the system.The identifiers printed online always present dot matrix digit code(DMDC)whose stroke is not continuous.Considering the particularities of DMDC and the complexities of online application environment,an online identity authentication method for blood smear with heterological theory is proposed.By synthesizing the certain regional features according to the heterological theory,high identification accuracy and high speed have been guaranteed with few features required.In the experiment,the suficient correct matches bet ween the tube barcode and the identification result verified its feasibility and validity.
基金the Science and Technology Project of State Grid Jiangsu Electric Power Co.,Ltd.under Grant No.J2020068.
文摘As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality.The existing public key infrastructure(PKI)-based security authentication scheme is currently difficult to apply in many terminals in IoT.Its key distribution and management costs are high,which hinders the development of power IoT security construction.Combined Public Key(CPK)technology uses a small number of seeds to generate unlimited public keys.It is very suitable for identity authentication in the power Internet of Things.In this paper,we propose a novel identity authentication scheme for power IoT.The scheme combines the physical unclonable function(PUF)with improved CPK technology to achieve mutual identity authentication between power IoT terminals and servers.The proposed scheme does not require third-party authentication and improves the security of identity authentication for power IoT.Moreover,the scheme reduces the resource consumption of power IoT devices.The improved CPK algorithm solves the key collision problem,and the third party only needs to save the private key and the public key matrix.Experimental results show that the amount of storage resources occupied in our scheme is small.The proposed scheme is more suitable for the power IoT.
文摘The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to illegal users who cannot access legal users’ privacy information. This paper studies identity authentication using user action. This scheme does not rely on the password or biometric identification. It checks user identity just by user action features. We utilize sensors installed in smartphones and collect their data when the user waves the phone. We collect these data, process them and feed them into neural networks to realize identity recognition. We invited 13 participants and collected about 350 samples for each person. The sampling frequency is set at 200 Hz, and DenseNet is chosen as the neural network to validate system performance. The result shows that the neural network can effectively recognize user identity and achieve an authentication accuracy of 96.69 percent.
文摘Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.
基金supported by the National Natural Science Foundation of China under Grand 62471121.
文摘To address identity forgery and privacy leakage in Internet of vehicles(loV)within intelligent transportation systems,we propose an efficient cross-domain identity authentication(IA)scheme based on blockchain and certificateless cryptography.However,existing IA schemes often suffer from high computational overhead,limited scalability,or inadequate support for cross-domain scenarios.First,a distributed authentication architecture is designed,and an offchain storage mechanism combining blockchain and distributed hash table(DHT)to reduce storage costs.Second,a key generation scheme based on certificateless cryptography is designed to address key escrow problem.Third,a conditional privacy protection mechanism is proposed to achieve both anonymity and traceability of vehicle identities.A formal privacy evaluation is provided based on k-anonymity quantifies anonymity level under realistic adversary models.Finally,performance evaluations are conducted in terms of authentication delay,throughput,and success rate,demonstrating that the proposed scheme improves authentication efficiency while enhancing the system security and privacy.
基金supported by the National Science Foundation of China(62272256,62202250)the Major Program of Shandong Provincial Natural Science Foundation for the Fundamental Research(ZR2022ZD03)+3 种基金the National Science Foundation of Shandong Province(ZR2021QF079)the Talent Cultivation Promotion Program of Computer Science and Technology in Qilu University of Technology(Shandong Academy of Sciences)(2023PY059)the Pilot Project for Integrated Innovation of Science,Education and Industry of Qilu University of Technology(Shandong Academy of Sciences)(2022XD001)the Colleges and Universities 20 Terms Foundation of Jinan City(202228093).
文摘In the Internet of Things(IoT),a large number of devices are connected using a variety of communication technologies to ensure that they can communicate both physically and over the network.However,devices face the challenge of a single point of failure,a malicious user may forge device identity to gain access and jeopardize system security.In addition,devices collect and transmit sensitive data,and the data can be accessed or stolen by unauthorized user,leading to privacy breaches,which posed a significant risk to both the confidentiality of user information and the protection of device integrity.Therefore,in order to solve the above problems and realize the secure transmission of data,this paper proposed EBIAS,a secure and efficient blockchain-based identity authentication scheme designed for IoT devices.First,EBIAS combined the Elliptic Curve Cryptography(ECC)algorithm and the SHA-256 algorithm to achieve encrypted communication of the sensitive data.Second,EBIAS integrated blockchain to tackle the single point of failure and ensure the integrity of the sensitive data.Finally,we performed security analysis and conducted sufficient experiment.The analysis and experimental results demonstrate that EBIAS has certain improvements on security and performance compared with the previous schemes,which further proves the feasibility and effectiveness of EBIAS.
基金Project supported by the Horizontal Project(No.HX2024-002)the Open Foundation of Key Laboratory of Cyberspace Security of the Ministry of Education of China(No.KLCS20240102)the Natural Science Basis Research Program of Shaanxi Province(Nos.2025JC-YBMS-652 and 2025JC-YBMS-676)。
文摘To solve the privacy leakage and identity island problems in cross-chain interaction,we propose an anti-quantum cross-chain identity authentication approach based on dynamic group signature(DGS-AQCCIDAA)for smart education.The relay-based cross-chain model promotes interconnection in heterogeneous consortium blockchains.DGS is used as the endorsement strategy for cross-chain identity authentication.Our approach can ensure quantum security under the learning with error(LWE)and inhomogeneous small integer solution(ISIS)assumptions,and it uses non-interactive zero-knowledge proof(NIZKP)to protect user identity privacy.Our scheme has low calculation overhead and provides anonymous cross-chain identity authentication in the smart education system.
基金supported by the National Natural Science Foundation of China(Nos.61771289 and 61832012)the Natural Science Foundation of Shandong Province(Nos.ZR2021QF050 and ZR2021MF075)+2 种基金the Shandong Natural Science Foundation Major Basic Research(No.ZR2019ZD10)the Shandong Key Research and Development Program(No.2019GGX1050)the Shandong Major Agricultural Application Technology Innovation Project(No.SD2019NJ007).
文摘As one of the essential steps to secure government data sharing,Identity Authentication(IA)plays a vital role in the processing of large data.However,the centralized IA scheme based on a trusted third party presents problems of information leakage and single point of failure,and those related to key escrow.Therefore,herein,an effective IA model based on multiattribute centers is designed.First,a private key of each attribute of a data requester is generated by the attribute authorization center.After obtaining the private key of attribute,the data requester generates a personal private key.Second,a dynamic key generation algorithm is proposed,which combines blockchain and smart contracts to periodically update the key of a data requester to prevent theft by external attackers,ensure the traceability of IA,and reduce the risk of privacy leakage.Third,the combination of blockchain and interplanetary file systems is used to store attribute field information of the data requester to further reduce the cost of blockchain information storage and improve the effectiveness of information storage.Experimental results show that the proposed model ensures the privacy and security of identity information and outperforms similar authentication models in terms of computational and communication costs.
文摘The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.
基金supported by the National HighTech Research and Development (863) Program (No. 2015AA016002)the National Key Basic Research Program of China (No. 2014CB340600)+1 种基金the National Natural Science Foundation of China (Nos. 61303024 and 61272452)the Natural Science Foundation of Jiangsu Province (Nos. BK20130372)
文摘In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
