As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehi...With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.展开更多
With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibilit...With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.展开更多
5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large nu...5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-par...Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.展开更多
Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a con...Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.展开更多
The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model ...The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. M...Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation (K-CI) resilience. An improved protocol with a simple modification of their...The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation (K-CI) resilience. An improved protocol with a simple modification of their protocol is proposed in this paper. In particular, our improved protocol is proved to be immune to the K-CI attack and at the same time possess other security properties.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
Identity-based key agreement protocol affords a natural way to combine the participant's identity with its public key. However, most of them just consider the key agreement in a single private key generator (PKG) e...Identity-based key agreement protocol affords a natural way to combine the participant's identity with its public key. However, most of them just consider the key agreement in a single private key generator (PKG) environment. In addition, the existing key agreement protocols have a great computing overhead for mobile computing which is more and more popular today. This paper proposes a new identity based key agreement protocol. With the help of mathematical tools, we make our protocol applied in multiple PKG environment. It also satisfies all the security properties which is set for key agreement protocol. Moreover, some of its time-consuming operations can be delivered to untrusted public computation resources, so its computing complexity can be greatly reduced.展开更多
During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure ...During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.展开更多
Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several securi...Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.展开更多
A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum sy...A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum system,the propounded protocol makes use of the advantage of the high-dimensional quantum system,which possesses higher efficiency and better robustness against eavesdropping.Besides,the protocol allows the classical participant to encode the secret key with qudit shifting operations without involving any quantum measurement abilities.The designed semi-quantum key agreement protocol could resist both participant attacks and outsider attacks.Meanwhile,the conjoint analysis of security and efficiency provides an appropriate choice for reference on the dimension of single-particle states and the number of decoy states.展开更多
Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment ar...Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.展开更多
The key agreement protocols allow two or more users to negotiate a shared key for establishing a secure communication channel without a third trusted party in such a way that the shared key is determined by all author...The key agreement protocols allow two or more users to negotiate a shared key for establishing a secure communication channel without a third trusted party in such a way that the shared key is determined by all authorized players rather than any subset of them.We propose the first real multiparty semiquantum key agreement(SQKA)protocols based on single-photons.Our protocols include only one quantum player,while the others are classical players who only need to measure and prepare states in the classical basis.We first present a symmetric three-party SQKA protocol,where two classical players can fairly negotiate a key with a quantum player by using single-photons as message carriers.Then we present an asymmetric SQKA protocol where a relatively low percentage of quantum states are used for eavesdropping detection.And we further extend them to an asymmetric multiparty SQKA protocol.Our SQKA protocols require fewer quantum resources than the previous SQKA protocols for classical players,especially without requirement of entanglement,which makes them easier to implement using current technologies.Our protocols are secure against external eavesdroppers and are fair against a minority of internal dishonest players.展开更多
Protocols for authentication and key establishment have special requirements in a wireless environment. This paper presents a new key agreement protocol HAKA (home server aided key agreement) for roaming scenario. I...Protocols for authentication and key establishment have special requirements in a wireless environment. This paper presents a new key agreement protocol HAKA (home server aided key agreement) for roaming scenario. It is carried out by a mobile user and a foreign server with the aid of a home server, which provides all necessary authentications of the three parties. The session key can be obtained by no one except for the mobile user and the foreign server. HAKA is based on Diffie-Hellman key exchange and a secure hash function without using any asymmetric encryption. The protocol is proved secure in Canetti-Krawczyk (CK) model.展开更多
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.
基金Supported by the National Engineering Research Center of Classified Protection and Safeguard Technology for Cybersecurity(No.C23640-XD-07)the Open Foundation of Key Laboratory of Cyberspace Security of Ministry of Education of China and Henan Key Laboratory of Network Cryptography(No.KLCS20240301)。
文摘With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.
基金supported in part by the National Natural Science Foundation of China under Grant 61941113,Grant 61971033,and Grant 61671057by the Henan Provincial Department of Science and Technology Project(No.212102210408)by the Henan Provincial Key Scientific Research Project(No.22A520041).
文摘5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金National Natural Science Foundation of China under Grant No. 60970116,60970115 and 90718006
文摘Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.
基金Supported by the National Natural Science Foun-dation of China(60373059) the National Research Foundationfor theDoctoral Programof Higher Education of China(20040013007) the Major Research Plan of the National Natural Science Foundation ofChina(90604023)
文摘Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.
文摘The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金Supported by the National Natural Science Foundation of China (19501032)
文摘Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
基金the National Natural Science Foundation of China (60773086)
文摘The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation (K-CI) resilience. An improved protocol with a simple modification of their protocol is proposed in this paper. In particular, our improved protocol is proved to be immune to the K-CI attack and at the same time possess other security properties.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
基金Supported by the National Natural Science Foundation of China(61103194)
文摘Identity-based key agreement protocol affords a natural way to combine the participant's identity with its public key. However, most of them just consider the key agreement in a single private key generator (PKG) environment. In addition, the existing key agreement protocols have a great computing overhead for mobile computing which is more and more popular today. This paper proposes a new identity based key agreement protocol. With the help of mathematical tools, we make our protocol applied in multiple PKG environment. It also satisfies all the security properties which is set for key agreement protocol. Moreover, some of its time-consuming operations can be delivered to untrusted public computation resources, so its computing complexity can be greatly reduced.
文摘During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.
基金supported by National Key Research and Development Program of China under Grant 2021YFE0205300Tianjin Natural Science Foundation(19JCYBJC15700)。
文摘Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61871205 and 61561033)the Major Academic Discipline and Technical Leader of Jiangxi Province,China(Grant No.20162BCB22011).
文摘A new efficient two-party semi-quantum key agreement protocol is proposed with high-dimensional single-particle states.Different from the previous semi-quantum key agreement protocols based on the two-level quantum system,the propounded protocol makes use of the advantage of the high-dimensional quantum system,which possesses higher efficiency and better robustness against eavesdropping.Besides,the protocol allows the classical participant to encode the secret key with qudit shifting operations without involving any quantum measurement abilities.The designed semi-quantum key agreement protocol could resist both participant attacks and outsider attacks.Meanwhile,the conjoint analysis of security and efficiency provides an appropriate choice for reference on the dimension of single-particle states and the number of decoy states.
基金This work is supported by the Sichuan education department research project(No.16226483)Sichuan Science and Technology Program(No.2018GZDZX0008)+1 种基金Chengdu Science and Technology Program(No.2018-YF08-00007-GX)the National Natural Science Foundation of China(No.61872087).
文摘Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.
基金supported by the National Natural Science Foundation of China(Grant No.61601358)the Natural Science Basic Research Plan in Shaanxi Province of China(Program No.2019JM-291)。
文摘The key agreement protocols allow two or more users to negotiate a shared key for establishing a secure communication channel without a third trusted party in such a way that the shared key is determined by all authorized players rather than any subset of them.We propose the first real multiparty semiquantum key agreement(SQKA)protocols based on single-photons.Our protocols include only one quantum player,while the others are classical players who only need to measure and prepare states in the classical basis.We first present a symmetric three-party SQKA protocol,where two classical players can fairly negotiate a key with a quantum player by using single-photons as message carriers.Then we present an asymmetric SQKA protocol where a relatively low percentage of quantum states are used for eavesdropping detection.And we further extend them to an asymmetric multiparty SQKA protocol.Our SQKA protocols require fewer quantum resources than the previous SQKA protocols for classical players,especially without requirement of entanglement,which makes them easier to implement using current technologies.Our protocols are secure against external eavesdroppers and are fair against a minority of internal dishonest players.
基金the National High Technology Research and Development Program of China (2007AA01Z43)
文摘Protocols for authentication and key establishment have special requirements in a wireless environment. This paper presents a new key agreement protocol HAKA (home server aided key agreement) for roaming scenario. It is carried out by a mobile user and a foreign server with the aid of a home server, which provides all necessary authentications of the three parties. The session key can be obtained by no one except for the mobile user and the foreign server. HAKA is based on Diffie-Hellman key exchange and a secure hash function without using any asymmetric encryption. The protocol is proved secure in Canetti-Krawczyk (CK) model.
