Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements...Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.展开更多
The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’...Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.展开更多
A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit tw...A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.展开更多
A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. ...A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.展开更多
With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's ...With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.展开更多
From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence...From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathologic...Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathological changes in blood cell morphology.In the biology and medicine automation trend,blood smears'automated management and analysis is very necessary.An online blood smear automatic microscopic image detection system has been constructed.It includes an online blood smear automatic producing part and a blood smear automatic micro-scopic image detection part.Online identity authentication is at the core of the system.The identifiers printed online always present dot matrix digit code(DMDC)whose stroke is not continuous.Considering the particularities of DMDC and the complexities of online application environment,an online identity authentication method for blood smear with heterological theory is proposed.By synthesizing the certain regional features according to the heterological theory,high identification accuracy and high speed have been guaranteed with few features required.In the experiment,the suficient correct matches bet ween the tube barcode and the identification result verified its feasibility and validity.展开更多
The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system....The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.展开更多
As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality....As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality.The existing public key infrastructure(PKI)-based security authentication scheme is currently difficult to apply in many terminals in IoT.Its key distribution and management costs are high,which hinders the development of power IoT security construction.Combined Public Key(CPK)technology uses a small number of seeds to generate unlimited public keys.It is very suitable for identity authentication in the power Internet of Things.In this paper,we propose a novel identity authentication scheme for power IoT.The scheme combines the physical unclonable function(PUF)with improved CPK technology to achieve mutual identity authentication between power IoT terminals and servers.The proposed scheme does not require third-party authentication and improves the security of identity authentication for power IoT.Moreover,the scheme reduces the resource consumption of power IoT devices.The improved CPK algorithm solves the key collision problem,and the third party only needs to save the private key and the public key matrix.Experimental results show that the amount of storage resources occupied in our scheme is small.The proposed scheme is more suitable for the power IoT.展开更多
With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing ...With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to...The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to illegal users who cannot access legal users’ privacy information. This paper studies identity authentication using user action. This scheme does not rely on the password or biometric identification. It checks user identity just by user action features. We utilize sensors installed in smartphones and collect their data when the user waves the phone. We collect these data, process them and feed them into neural networks to realize identity recognition. We invited 13 participants and collected about 350 samples for each person. The sampling frequency is set at 200 Hz, and DenseNet is chosen as the neural network to validate system performance. The result shows that the neural network can effectively recognize user identity and achieve an authentication accuracy of 96.69 percent.展开更多
The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are ...The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.展开更多
The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication an...The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication and the access control modules are designed according to those analyses. Finally, the unified identity authentication and the access control on the business level are implemented separately. In the unified identity authentication module, based on an improved Kerberos-based authentication approach, a new control transfer method is proposed to solve the sharing problem of tickets among different servers of different departments. In the access control module, the functions of access controls are divided into different granularities to make the access control management more flexible. Moreover, the access control module has significant reference value for user management in similar systems.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed ...Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.展开更多
The publish/subscribe (pub/sub) paradigm has asynchronous, loosely-coupled and many-to-many communication properties and is widely used in the application of large-scale distributed computing environment. There is t...The publish/subscribe (pub/sub) paradigm has asynchronous, loosely-coupled and many-to-many communication properties and is widely used in the application of large-scale distributed computing environment. There is the problem that is mutual trustable between network proxies in terms of pub/sub systems and the problem which is hardly to distinguish accident responsibility while the accident happens in Kerberos based on symmetrical encryption algorithm. A proxy identity authentication algorithm based on RSA encryption is proposed to solve the problem of mutual trust between proxies, and the security of the messages is guaranteed through certificate delegation. The algorithm can distinguish accident responsibility. The feasibility analysis, security analysis and efficiency analysis of the algorithm are carried out.展开更多
The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen,...The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen, and can be easily cracked. Nowadays, authentication systems using biometric technology have become more prevalent because of the advantages over password-based authentication systems. In this article, several biometfic authentication models are presented, upon which most biometric authentication systems are based. Biometric authentication systems based-on these models provide high security for access control in non-face-to-face environment such as e-commerce, over open network.展开更多
文摘Unified identity authentication has become the basic information service provided by colleges and universities for teachers and students. Security, stability, high concurrency and easy maintenance are our requirements for a unified identity authentication system. Based on the practical work experience of China University of Geosciences (Beijing), this paper proposes a high availability scheme of unified identity authentication system based on CAS, which is composed of multiple CAS Servers, Nginx for load balancing, and Redis as a cache database. The scheme has been practiced in China University of Geosciences (Beijing), and the application effect is good, which has practical reference significance for other universities.
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金supported by the National Natural Science Foundation of China(Grant Nos.12175106 and 92365110)the Postgraduate Research and Practice Innovation Program of Jiangsu Province,China(Grant No.KYCX23-0987).
文摘Quantum dialogue(QD)realizes the real-time secure bidirectional quantum communication.Measurement-deviceindependent(MDI)QD can resist all possible attacks focusing on the imperfect measurement devices and enhance QD’s practical security.However,in practical applications,any secure communication requires identity authentication as a prerequisite.In this paper,we propose an MDI QD protocol with bidirectional identity authentication.The practical communication parties can first authenticate the identity of each other simultaneously before the message exchange.In theory,our MDI QD protocol has unconditional security and the communication parties can exchange 1.5 bits of messages in each communication round with linear optical Bell state measurement.We numerically simulate the secrecy message capacity of our MDI QD protocol.Our protocol has two advantages.First,it can effectively resist the impersonation attack and enhance MDI QD’s practical security.Second,it does not require keys to assist the message exchange and has relatively high efficiency.Our protocol has application potential in the future quantum communication field.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 60572071 and 60873101)Natural Science Foundation of Jiangsu Province (Grant Nos BM2006504, BK2007104 and BK2008209)College Natural Science Foundation of Jiangsu Province (Grant No 06KJB520137)
文摘A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.
基金supported by the National High-Tech Research,Development Plan of China (Grant Nos 2006AA01Z440,2009AA012441 and 2009AA012437)National Basic Research Program of China (973 Program) (Grant No 2007CB311100)+5 种基金the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Scientific Research Common Program of Beijing Municipal Commission of Education (Grant No KM200810005004)Beijing Natural Science Foundation (Grant No 1093015)the Open Research Fund of National Mobile Communications Research Laboratory,Southeast Universitythe ISN Open FoundationScience and Technology Program of Beijing (Grant No Z07000100720706)
文摘A multiparty simultaneous quantum identity authentication protocol based on Creenberger-Horne-Zeilinger (GHZ) states is proposed. The multi-user can be authenticated by a trusted third party (TTP) simultaneously. Compared with the scheme proposed recently (Wang et al 2006 Chin. Phys. Lett. 23(9) 2360), the proposed scheme has the advantages of consuming fewer quantum and classical resources and lessening the difficulty and intensity of necessary operations.
基金supported by the Natural Science Foundation of Shanghai(20ZR1419700 and 22ZR1481000)Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(HNTS2022011)。
文摘With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.
文摘From the viewpoint of protocol sequence, analyses are made of the sequence patterns of possible identity authentication protocol under two cases: with or without the trusted third party (TFP). Ten feasible sequence patterns of authentication protocol with TIP and 5 sequence patterns without TFP are gained. These gained sequence patterns meet the requirements for identity authentication, and basically cover almost all the authentication protocols with TFP and without TFP at present. All of the sequence patterns gained are classified into unilateral or bilateral authentication. Then, according to the sequence symmetry, several good sequence patterns with TFP are evaluated. The accompolished results can provide a reference to design of new identity authentication protocols.
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金supported by the 863 National Plan Foundation of China under Grant No.2007AA01Z333 and Special Grand National Project of China under Grant No.2009ZX02204-008.
文摘Blood smear test is the basic method of blood cytology and is also a standard medical test that can help diagnose various conditions and diseases.Morphological examination is the gold stan-dard to determine pathological changes in blood cell morphology.In the biology and medicine automation trend,blood smears'automated management and analysis is very necessary.An online blood smear automatic microscopic image detection system has been constructed.It includes an online blood smear automatic producing part and a blood smear automatic micro-scopic image detection part.Online identity authentication is at the core of the system.The identifiers printed online always present dot matrix digit code(DMDC)whose stroke is not continuous.Considering the particularities of DMDC and the complexities of online application environment,an online identity authentication method for blood smear with heterological theory is proposed.By synthesizing the certain regional features according to the heterological theory,high identification accuracy and high speed have been guaranteed with few features required.In the experiment,the suficient correct matches bet ween the tube barcode and the identification result verified its feasibility and validity.
基金This work was supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418).
文摘The air traffic management(ATM)system is an intelligent system,which integrates the ground computer network,airborne network and space satellite(communication and navigation)network by the ground-air data link system.Due to the openness and widely distribution of ATM system,the trust relationship of all parties in the system is pretty complex.At present,public key infrastructure(PKI)based identity authentication method is more and more difficult to meet the growing demand of ATM service.First,through the analysis of the organizational structure and operation mode of ATM system,this paper points out the existing identity authentication security threats in ATM system,and discusses the advantages of adopting blockchain technology in ATM system.Further,we briefly analyze some shortcomings of the current PKI-based authentication system in ATM.Particularly,to address the authentication problem,this paper proposes and presents a trusted ATM Security Authentication Model and authentication protocol based on blockchain.Finally,this paper makes a comprehensive analysis and simulation of the proposed security authentication scheme,and gets the expected effect.
基金the Science and Technology Project of State Grid Jiangsu Electric Power Co.,Ltd.under Grant No.J2020068.
文摘As the power Internet of Things(IoT)enters the security construction stage,the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality.The existing public key infrastructure(PKI)-based security authentication scheme is currently difficult to apply in many terminals in IoT.Its key distribution and management costs are high,which hinders the development of power IoT security construction.Combined Public Key(CPK)technology uses a small number of seeds to generate unlimited public keys.It is very suitable for identity authentication in the power Internet of Things.In this paper,we propose a novel identity authentication scheme for power IoT.The scheme combines the physical unclonable function(PUF)with improved CPK technology to achieve mutual identity authentication between power IoT terminals and servers.The proposed scheme does not require third-party authentication and improves the security of identity authentication for power IoT.Moreover,the scheme reduces the resource consumption of power IoT devices.The improved CPK algorithm solves the key collision problem,and the third party only needs to save the private key and the public key matrix.Experimental results show that the amount of storage resources occupied in our scheme is small.The proposed scheme is more suitable for the power IoT.
基金Beijing Postdoctoral Research Foundation(No.2021-ZZ-077,No.2020-YJ-006)Chongqing Industrial Control System Security Situational Awareness Platform,2019 Industrial Internet Innovation and Development Project-Provincial Industrial Control System Security Situational Awareness Platform,Center for Research and Innovation in Software Engineering,School of Computer and Information Science(Southwest University,Chongqing 400175,China)Chongqing Graduate Education Teaching Reform Research Project(yjg203032).
文摘With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
文摘The smartphone has become an indispensable electric device for most people since it can assist us in finishing many tasks such as paying and reading. Therefore, the security of smartphones is the most crucial issue to illegal users who cannot access legal users’ privacy information. This paper studies identity authentication using user action. This scheme does not rely on the password or biometric identification. It checks user identity just by user action features. We utilize sensors installed in smartphones and collect their data when the user waves the phone. We collect these data, process them and feed them into neural networks to realize identity recognition. We invited 13 participants and collected about 350 samples for each person. The sampling frequency is set at 200 Hz, and DenseNet is chosen as the neural network to validate system performance. The result shows that the neural network can effectively recognize user identity and achieve an authentication accuracy of 96.69 percent.
文摘The advancement of 6G wireless communication technology has facilitated the integration of Vehicular Ad-hoc Networks(VANETs).However,the messages transmitted over the public channel in the open and dynamic VANETs are vulnerable to malicious attacks.Although numerous researchers have proposed authentication schemes to enhance the security of Vehicle-to-Vehicle(V2V)communication,most existing methodologies face two significant challenges:(1)the majority of the schemes are not lightweight enough to support realtime message interaction among vehicles;(2)the sensitive information like identity and position is at risk of being compromised.To tackle these issues,we propose a lightweight dual authentication protocol for V2V communication based on Physical Unclonable Function(PUF).The proposed scheme accomplishes dual authentication between vehicles by the combination of Zero-Knowledge Proof(ZKP)and MASK function.The security analysis proves that our scheme provides both anonymous authentication and information unlinkability.Additionally,the performance analysis demonstrates that the computation overhead of our scheme is approximately reduced 23.4% compared to the state-of-the-art schemes.The practical simulation conducted in a 6G network environment demonstrates the feasibility of 6G-based VANETs and their potential for future advancements.
基金supported by Department of Science & Technology of Guangdong Province (No.2006A15006003)National High Technology Research and Development Program of China (863 Program)(No.2006AA04A120)
文摘The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication and the access control modules are designed according to those analyses. Finally, the unified identity authentication and the access control on the business level are implemented separately. In the unified identity authentication module, based on an improved Kerberos-based authentication approach, a new control transfer method is proposed to solve the sharing problem of tickets among different servers of different departments. In the access control module, the functions of access controls are divided into different granularities to make the access control management more flexible. Moreover, the access control module has significant reference value for user management in similar systems.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金National Natural Science Foundation of China(No.61271152)Natural Science Foundation of Hebei Province,China(No.F2012506008)the Original Innovation Foundation of Ordnance Engineering College,China(No.YSCX0903)
文摘Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.
基金Supported by the National Natural Science Foundation of China (60273014)
文摘The publish/subscribe (pub/sub) paradigm has asynchronous, loosely-coupled and many-to-many communication properties and is widely used in the application of large-scale distributed computing environment. There is the problem that is mutual trustable between network proxies in terms of pub/sub systems and the problem which is hardly to distinguish accident responsibility while the accident happens in Kerberos based on symmetrical encryption algorithm. A proxy identity authentication algorithm based on RSA encryption is proposed to solve the problem of mutual trust between proxies, and the security of the messages is guaranteed through certificate delegation. The algorithm can distinguish accident responsibility. The feasibility analysis, security analysis and efficiency analysis of the algorithm are carried out.
基金National Natural Science Foundation of China (60372094) Beijing Natural Science Foundation (4062025).
文摘The traditional authentication system is based on the secret key, and is mainly based on public key infrastructure (PKI). Unfortunately, a key has many disadvantages, for example, the key can be forgotten or stolen, and can be easily cracked. Nowadays, authentication systems using biometric technology have become more prevalent because of the advantages over password-based authentication systems. In this article, several biometfic authentication models are presented, upon which most biometric authentication systems are based. Biometric authentication systems based-on these models provide high security for access control in non-face-to-face environment such as e-commerce, over open network.
