Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more s...Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.展开更多
The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of...The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of VPN evades the hurdles involved in physical money exchange.The VPN acts as a gateway for the authorized user in accessing the banking server to provide mutual authentication between the user and the server.The security in the cloud authentication server remains vulnerable to the results of threat in JP Morgan Data breach in 2014,Capital One Data Breach in 2019,and manymore cloud server attacks over and over again.These attacks necessitate the demand for a strong framework for authentication to secure from any class of threat.This research paper,propose a framework with a base of EllipticalCurve Cryptography(ECC)to performsecure financial transactions throughVirtual PrivateNetwork(VPN)by implementing strongMulti-Factor Authentication(MFA)using authentication credentials and biometric identity.The research results prove that the proposed model is to be an ideal scheme for real-time implementation.The security analysis reports that the proposed model exhibits high level of security with a minimal response time of 12 s on an average of 1000 users.展开更多
Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password...Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password to help authenticate the identity of a user and increase the security of data.This chapter will investigate the problem with username and password logins,the different types of authentication,current best practice for multi-factor authentication and interpretations about how the technology will grow in the upcoming years.展开更多
Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured...Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.展开更多
Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like s...Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.展开更多
User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must e...User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.展开更多
To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the ...To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.展开更多
With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehi...With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.展开更多
As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in...As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.展开更多
Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.An...Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.Anonymous authentication is crucial in ensuring secure communication and privacy protection in VANET.However,existing anonymous authentication schemes are prone to single points of failure and often overlook the efficient tracking of the true identities of malicious vehicles after pseudonym changes.To address these challenges,we propose an efficient anonymous authentication scheme for blockchain-based VANET.By leveraging blockchain technology,our approach addresses the challenges of single points of failure and high latency,thereby enhancing the service stability and scalability of VANET.The scheme integrates homomorphic encryption and elliptic curve cryptography,allowing vehicles to independently generate new pseudonyms when entering a new domain without third-party assistance.Security analyses and simulation results demonstrate that our scheme achieves effective anonymous authentication in VANET.Moreover,the roadside unit can process 500 messages per 19 ms.As the number of vehicles in the communication domain grows,our scheme exhibits superior messageprocessing capabilities.展开更多
How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with ...How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.展开更多
To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortc...To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.展开更多
The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managin...The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managing and governing IoT devices is imperative.Secure authentication for IoT devices in resource-constrained environments remains challenging due to the limitations of conventional complex protocols.Prior methodologies enhanced mutual authentication through key exchange protocols or complex operations,which are impractical for lightweight devices.To address this,our study introduces the privacy-preserving software-defined range proof(SDRP)model,which achieves secure authentication with low complexity.SDRP minimizes the overhead of confidentiality and authentication processes by utilizing range proof to verify whether the attribute information of a user falls within a specific range.Since authentication is performed using a digital ID sequence generated from indirect personal data,it can avoid the disclosure of actual individual attributes.Experimental results demonstrate that SDRP significantly improves security efficiency,increasing it by an average of 93.02%compared to conventional methods.It mitigates the trade-off between security and efficiency by reducing leakage risk by an average of 98.7%.展开更多
The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
In the rapidly evolving landscape of intelligent transportation systems,the security and authenticity of vehicular communication have emerged as critical challenges.As vehicles become increasingly interconnected,the n...In the rapidly evolving landscape of intelligent transportation systems,the security and authenticity of vehicular communication have emerged as critical challenges.As vehicles become increasingly interconnected,the need for robust authentication mechanisms to safeguard against cyber threats and ensure trust in an autonomous ecosystem becomes essential.On the other hand,using intelligence in the authentication system is a significant attraction.While existing surveys broadly address vehicular security,a critical gap remains in the systematic exploration of Deep Learning(DL)-based authentication methods tailored to these communication paradigms.This survey fills that gap by offering a comprehensive analysis of DL techniques—including supervised,unsupervised,reinforcement,and hybrid learning—for vehicular authentication.This survey highlights novel contributions,such as a taxonomy of DL-driven authentication protocols,real-world case studies,and a critical evaluation of scalability and privacy-preserving techniques.Additionally,this paper identifies unresolved challenges,such as adversarial resilience and real-time processing constraints,and proposes actionable future directions,including lightweight model optimization and blockchain integration.By grounding the discussion in concrete applications,such as biometric authentication for driver safety and adaptive key management for infrastructure security,this survey bridges theoretical advancements with practical deployment needs,offering a roadmap for next-generation secure intelligent vehicular ecosystems for the modern world.展开更多
The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’healt...The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.展开更多
Physical layer authentication(PLA)in the context of the Internet of Things(IoT)has gained significant attention.Compared with traditional encryption and blockchain technologies,PLA provides a more computationally effi...Physical layer authentication(PLA)in the context of the Internet of Things(IoT)has gained significant attention.Compared with traditional encryption and blockchain technologies,PLA provides a more computationally efficient alternative to exploiting the properties of the wireless medium itself.Some existing PLA solutions rely on static mechanisms,which are insufficient to address the authentication challenges in fifth generation(5G)and beyond wireless networks.Additionally,with the massive increase in mobile device access,the communication security of the IoT is vulnerable to spoofing attacks.To overcome the above challenges,this paper proposes a lightweight deep convolutional neural network(CNN)equipped with squeeze and excitation module(SE module)in dynamic wireless environments,namely SE-ConvNet.To be more specific,a convolution factorization is developed to reduce the complexity of PLA models based on deep learning.Moreover,an SE module is designed in the deep CNN to enhance useful features andmaximize authentication accuracy.Compared with the existing solutions,the proposed SE-ConvNet enabled PLA scheme performs excellently in mobile and time-varying wireless environments while maintaining lower computational complexity.展开更多
The increasing importance of terminal privacy in the Unmanned Aerial Vehicle(UAV)network has led to a growing recognition of the crucial role of authentication technology in UAV network security.However,traditional au...The increasing importance of terminal privacy in the Unmanned Aerial Vehicle(UAV)network has led to a growing recognition of the crucial role of authentication technology in UAV network security.However,traditional authentication approaches are vulnerable due to the transmission of identity information between UAVs and cryptographic paradigm management centers over a public channel.These vulnerabilities include brute-force attacks,single point of failure,and information leakage.Blockchain,as a decentralized distributed ledger with blockchain storage,tamper-proof,secure,and trustworthy features,can solve problems such as single-point-of-failure and trust issues,while the hidden communication in the physical layer can effectively resist information leakage and violent attacks.In this paper,we propose a lightweight UAV network authentication mechanism that leverages blockchain and covert communication,where the identity information is transmitted as covert tags carried by normal modulated signals.In addition,a weight-based Practical Byzantine Fault-Tolerant(wPBFT)consensus protocol is devised,where the weights are determined by the channel states of UAVs and the outcomes of past authentication scenarios.Simulation results demonstrate that the proposed mechanism outperforms traditional benchmarks in terms of security and robustness,particularly under conditions of low Signal-to-Noise Ratio(SNR)and short tag length.展开更多
Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier ap...Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.展开更多
文摘Car manufacturers aim to enhance the use of two-factor authentication (2FA) to protect keyless entry systems in contemporary cars. Despite providing significant ease for users, keyless entry systems have become more susceptible to appealing attacks like relay attacks and critical fob hacking. These weaknesses present considerable security threats, resulting in unauthorized entry and car theft. The suggested approach combines a conventional keyless entry feature with an extra security measure. Implementing multi-factor authentication significantly improves the security of systems that allow keyless entry by reducing the likelihood of unauthorized access. Research shows that the benefits of using two-factor authentication, such as a substantial increase in security, far outweigh any minor drawbacks.
文摘The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of VPN evades the hurdles involved in physical money exchange.The VPN acts as a gateway for the authorized user in accessing the banking server to provide mutual authentication between the user and the server.The security in the cloud authentication server remains vulnerable to the results of threat in JP Morgan Data breach in 2014,Capital One Data Breach in 2019,and manymore cloud server attacks over and over again.These attacks necessitate the demand for a strong framework for authentication to secure from any class of threat.This research paper,propose a framework with a base of EllipticalCurve Cryptography(ECC)to performsecure financial transactions throughVirtual PrivateNetwork(VPN)by implementing strongMulti-Factor Authentication(MFA)using authentication credentials and biometric identity.The research results prove that the proposed model is to be an ideal scheme for real-time implementation.The security analysis reports that the proposed model exhibits high level of security with a minimal response time of 12 s on an average of 1000 users.
文摘Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password to help authenticate the identity of a user and increase the security of data.This chapter will investigate the problem with username and password logins,the different types of authentication,current best practice for multi-factor authentication and interpretations about how the technology will grow in the upcoming years.
基金Taif University Researchers Supporting Project number(TURSP-2020/98),Taif University,Taif,Saudi Arabia。
文摘Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.
文摘Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.
文摘User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.
文摘To ensure the access security of 6G,physical-layer authentication(PLA)leverages the randomness and space-time-frequency uniqueness of the channel to provide unique identity signatures for transmitters.Furthermore,the introduction of artificial intelligence(AI)facilitates the learning of the distribution characteristics of channel fingerprints,effectively addressing the uncertainties and unknown dynamic challenges in wireless link modeling.This paper reviews representative AI-enabled PLA schemes and proposes a graph neural network(GNN)-based PLA approach in response to the challenges existing methods face in identifying mobile users.Simulation results demonstrate that the proposed method outperforms six baseline schemes in terms of authentication accuracy.Furthermore,this paper outlines the future development directions of PLA.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘As a model for the next generation of the Internet,the metaverse—a fully immersive,hyper-temporal virtual shared space—is transitioning from imagination to reality.At present,the metaverse has been widely applied in a variety of fields,including education,social entertainment,Internet of vehicles(IoV),healthcare,and virtual tours.In IoVs,researchers primarily focus on using the metaverse to improve the traffic safety of vehicles,while paying limited attention to passengers’social needs.At the same time,Social Internet ofVehicles(SIoV)introduces the concept of social networks in IoV to provide better resources and services for users.However,the problem of single interaction between SIoVand users has become increasingly prominent.In this paper,we first introduce a SIoVenvironment combined with the metaverse.In this environment,we adopt blockchain as the platform of the metaverse to provide a decentralized environment.Concerning passengers’social data may contain sensitive/private information,we then design an authentication and key agreement protocol calledMSIoV-AKAto protect the communications.Through formal security verifications in the real-or-random(ROR)model and using the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool,we firmly verify the security of the protocol.Finally,detailed comparisons are made between our protocol and robust protocols/schemes in terms of computational cost and communication cost.In addition,we implement the MSIoV-AKA protocol in the Ethereum test network and Hyperledger Sawtooth to show the practicality.
基金supported by the National Natural Science Foundation of China under Grant U2001213.
文摘Vehicular Ad-hoc Network(VANET)is a platform that facilitates Vehicle-to-Everything(V2X)interconnection.However,its open communication channels and high-speed mobility introduce security and privacy vulnerabilities.Anonymous authentication is crucial in ensuring secure communication and privacy protection in VANET.However,existing anonymous authentication schemes are prone to single points of failure and often overlook the efficient tracking of the true identities of malicious vehicles after pseudonym changes.To address these challenges,we propose an efficient anonymous authentication scheme for blockchain-based VANET.By leveraging blockchain technology,our approach addresses the challenges of single points of failure and high latency,thereby enhancing the service stability and scalability of VANET.The scheme integrates homomorphic encryption and elliptic curve cryptography,allowing vehicles to independently generate new pseudonyms when entering a new domain without third-party assistance.Security analyses and simulation results demonstrate that our scheme achieves effective anonymous authentication in VANET.Moreover,the roadside unit can process 500 messages per 19 ms.As the number of vehicles in the communication domain grows,our scheme exhibits superior messageprocessing capabilities.
基金supported by National Natural Science Foundation of China(No.61931020,No.U19B2024 and No.62371462).
文摘How to ensure the security of device access is a common concern in the Internet of Things(IoT)scenario with extremely high device connection density.To achieve efficient and secure network access for IoT devices with constrained resources,this paper proposes a lightweight physical-layer authentication protocol based on Physical Unclonable Function(PUF)and channel pre-equalization.PUF is employed as a secret carrier to provide authentication credentials for devices due to its hardware-based uniqueness and unclonable property.Meanwhile,the short-term reciprocity and spatio-temporal uniqueness of wireless channels are utilized to attach an authentication factor related to the spatio-temporal position of devices and to secure the transmission of authentication messages.The proposed protocol is analyzed formally and informally to prove its correctness and security against typical attacks.Simulation results show its robustness in various radio environments.Moreover,we illustrate the advantages of our protocol in terms of security features and complexity through performance comparison with existing authentication schemes.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(1ITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘To date,many previous studies have been proposed for driver authentication;however,these solutions have many shortcomings and are still far from practical for real-world applications.In this paper,we tackle the shortcomings of the existing solutions and reach toward proposing a lightweight and practical authentication system,dubbed DriveMe,for identifying drivers on cars.Our novelty aspects are 1⃝Lightweight scheme that depends only on a single sensor data(i.e.,pressure readings)attached to the driver’s seat and belt.2⃝Practical evaluation in which one-class authentication models are trained from only the owner users and tested using data collected from both owners and attackers.3⃝Rapid Authentication to quickly identify drivers’identities using a few pressure samples collected within short durations(1,2,3,5,or 10 s).4⃝Realistic experiments where the sensory data is collected from real experiments rather than computer simulation tools.We conducted real experiments and collected about 13,200 samples and 22,800 samples of belt-only and seat-only datasets from all 12 users under different settings.To evaluate system effectiveness,we implemented extensive evaluation scenarios using four one-class detectors One-Class Support Vector Machine(OCSVM),Local Outlier Factor(LOF),Isolation Forest(IF),and Elliptic Envelope(EE),three dataset types(belt-only,seat-only,and fusion),and four different dataset sizes.Our average experimental results show that the system can authenticate the driver with an F1 score of 93.1%for seat-based data using OCSVM classifier,an F1 score of 98.53%for fusion-based data using LOF classifier,an F1 score of 91.65%for fusion-based data using IF classifier,and an F1 score of 95.79%for fusion-based data using EE classifier.
基金funding from the Korea Institute for Advancement of Technology(KIAT)through a grant provided by the Korean Government Ministry of Trade,Industry,and Energy(MOTIE)(RS-2024-00415520,Training Industrial Security Specialist for High-Tech Industry)Additional support was received from the Ministry of Science and ICT(MSIT)under the ICAN(ICT Challenge and Advanced Network of HRD)program(No.IITP-2022-RS-2022-00156310)overseen by the Institute of Information&Communication Technology Planning and Evaluation(IITP).
文摘The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managing and governing IoT devices is imperative.Secure authentication for IoT devices in resource-constrained environments remains challenging due to the limitations of conventional complex protocols.Prior methodologies enhanced mutual authentication through key exchange protocols or complex operations,which are impractical for lightweight devices.To address this,our study introduces the privacy-preserving software-defined range proof(SDRP)model,which achieves secure authentication with low complexity.SDRP minimizes the overhead of confidentiality and authentication processes by utilizing range proof to verify whether the attribute information of a user falls within a specific range.Since authentication is performed using a digital ID sequence generated from indirect personal data,it can avoid the disclosure of actual individual attributes.Experimental results demonstrate that SDRP significantly improves security efficiency,increasing it by an average of 93.02%compared to conventional methods.It mitigates the trade-off between security and efficiency by reducing leakage risk by an average of 98.7%.
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
基金funded and supported by the UCSI University Research Excellence&Innovation Grant(REIG),REIG-ICSDI-2024/044.
文摘In the rapidly evolving landscape of intelligent transportation systems,the security and authenticity of vehicular communication have emerged as critical challenges.As vehicles become increasingly interconnected,the need for robust authentication mechanisms to safeguard against cyber threats and ensure trust in an autonomous ecosystem becomes essential.On the other hand,using intelligence in the authentication system is a significant attraction.While existing surveys broadly address vehicular security,a critical gap remains in the systematic exploration of Deep Learning(DL)-based authentication methods tailored to these communication paradigms.This survey fills that gap by offering a comprehensive analysis of DL techniques—including supervised,unsupervised,reinforcement,and hybrid learning—for vehicular authentication.This survey highlights novel contributions,such as a taxonomy of DL-driven authentication protocols,real-world case studies,and a critical evaluation of scalability and privacy-preserving techniques.Additionally,this paper identifies unresolved challenges,such as adversarial resilience and real-time processing constraints,and proposes actionable future directions,including lightweight model optimization and blockchain integration.By grounding the discussion in concrete applications,such as biometric authentication for driver safety and adaptive key management for infrastructure security,this survey bridges theoretical advancements with practical deployment needs,offering a roadmap for next-generation secure intelligent vehicular ecosystems for the modern world.
文摘The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.
基金supported in part by the National Key R&D Program of China under grant no.2022YFB2703000in part by the Young Backbone Teachers Support Plan of BISTU under grant no.YBT202437+1 种基金in part by the R&D Program of Beijing Municipal Education Commission under grant no.KM202211232012in part by the Educational Innovation Program of BISTU under grant no.2025JGYB19。
文摘Physical layer authentication(PLA)in the context of the Internet of Things(IoT)has gained significant attention.Compared with traditional encryption and blockchain technologies,PLA provides a more computationally efficient alternative to exploiting the properties of the wireless medium itself.Some existing PLA solutions rely on static mechanisms,which are insufficient to address the authentication challenges in fifth generation(5G)and beyond wireless networks.Additionally,with the massive increase in mobile device access,the communication security of the IoT is vulnerable to spoofing attacks.To overcome the above challenges,this paper proposes a lightweight deep convolutional neural network(CNN)equipped with squeeze and excitation module(SE module)in dynamic wireless environments,namely SE-ConvNet.To be more specific,a convolution factorization is developed to reduce the complexity of PLA models based on deep learning.Moreover,an SE module is designed in the deep CNN to enhance useful features andmaximize authentication accuracy.Compared with the existing solutions,the proposed SE-ConvNet enabled PLA scheme performs excellently in mobile and time-varying wireless environments while maintaining lower computational complexity.
基金supported by the Hainan Province Science and Technology Special Fund,China(No.ZDYF2024GXJS292).
文摘The increasing importance of terminal privacy in the Unmanned Aerial Vehicle(UAV)network has led to a growing recognition of the crucial role of authentication technology in UAV network security.However,traditional authentication approaches are vulnerable due to the transmission of identity information between UAVs and cryptographic paradigm management centers over a public channel.These vulnerabilities include brute-force attacks,single point of failure,and information leakage.Blockchain,as a decentralized distributed ledger with blockchain storage,tamper-proof,secure,and trustworthy features,can solve problems such as single-point-of-failure and trust issues,while the hidden communication in the physical layer can effectively resist information leakage and violent attacks.In this paper,we propose a lightweight UAV network authentication mechanism that leverages blockchain and covert communication,where the identity information is transmitted as covert tags carried by normal modulated signals.In addition,a weight-based Practical Byzantine Fault-Tolerant(wPBFT)consensus protocol is devised,where the weights are determined by the channel states of UAVs and the outcomes of past authentication scenarios.Simulation results demonstrate that the proposed mechanism outperforms traditional benchmarks in terms of security and robustness,particularly under conditions of low Signal-to-Noise Ratio(SNR)and short tag length.
基金supported by Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2022-II221200)Convergence Security Core Talent Training Business(Chungnam National University).
文摘Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.
