A secure authentication with key agreement scheme using ECC for satellite communication systems

Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.     

Modeling and performance evaluation of the IEEE 802.15.4e LLDN mechanism designed for industrial applications in WSNs

The IEEE 802.15.4 standard has been introduced for low latency and low energy consumption in wireless sensor networks. To better support the requirements of industrial applications, where the use of this standard is limited, the low latency deterministic network (LLDN) mechanism of the IEEE 802.15.4e amendment has been proposed. In this paper, we develop a three dimensional Markov chain model for the IEEE 802.15.4e LLDN mechanism. Then, we estimate the stationary probability distribution of this chain in order to derive theoretical expressions of some performance metrics, as the reliability, energy consumption, throughput, delay and jitter. After that, we conduct a comparative study between the IEEE 802.15.4e LLDN and the IEEE 802.15.4 slotted carrier sense multiple access with collision avoidance (CSMA/CA). Numerical results show that the deterministic behavior of the LLDN mechanism significantly reduces the collision probability providing best performances in terms of reliability, energy consumption, throughput and delay compared to the IEEE 802.15.4 slotted CSMA/CA. Finally, the accuracy of our theoretical analysis is validated by Monte Carlo simulations.     

A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks

Recently, Mun et al. analyzed Wu et al.’s authentication scheme and proposed an enhanced anonymous authentication scheme for roaming service in global mobility networks. However, through careful analysis, we find that Mun et al.’s scheme is vulnerable to impersonation attacks and insider attacks, and cannot provide user friendliness, user’s anonymity, proper mutual authentication and local verification. To remedy these weaknesses, we propose a novel anonymous authentication scheme for roaming service in global mobility networks. Compared with previous related works, our scheme has many advantages. Firstly, the secure authenticity of the scheme is formally validated by an useful formal model called BAN logic. Secondly, the scheme enjoys many important security attributes including prevention of various attacks, user anonymity, no verification table, local password verification and so on. Thirdly, the scheme does not use timestamp, thus it avoids the clock synchronization problem. Further, the scheme contains the authentication and establishment of session key scheme when mobile user is located in his/her home network, therefore it is more practical and universal for global mobility networks. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited mobile devices and thus availability for real implementation.     

Energy-efficient and intrusion-resilient authentication for ubiquitous access to factory floor information

Linking factory floors to the Internet, coupled with the rapid deployment of wireless access networks, is initiating a new paradigm for factory automation-a corporate employee with a handheld computing device can have anytime, anywhere access to the latest factory floor information. Authentication between a factory database and a remote user is crucial for such paradigm; however, existing authentication protocols are inadequate to defend against strong adversaries with break-in capabilities. In this paper, we design and implement the Energy-Efficient and Intrusion-Resilient Authentication (ERA) protocol. Through a novel combination of hash chain,pin, and message authentication code (MAC), ERA can achieve the security self-recovery when strong adversaries compromise either a user's handheld device or a factory authentication server to obtain the authentication secrets. The technique of mutual MAC is proposed to defend against online pin-guessing attacks launched by strong adversaries. Furthermore, an optimization of tuning hash chain iteration is introduced to reduce energy consumption of a handheld device. Analytical and experimental results show that ERA provides a better security guarantee and incurs much less computation and communication overhead than the existing authentication protocols.     

A practical authentication protocol with anonymity for wireless access networks

The use of anonymous channel tickets was proposed for authentication in wireless environments to provide user anonymity and to probably reduce the overhead of re‐authentications. Recently, Yang et al. proposed a secure and efficient authentication protocol for anonymous channel in wireless systems without employing asymmetric cryptosystems. In this paper, we will show that Yang et al.'s scheme is vulnerable to guessing attacks performed by malicious visited networks, which can easily obtain the secret keys of the users. We propose a new practical authentication scheme not only reserving the merits of Yang et al.'s scheme, but also extending some additional merits including: no verification table in the home network, free of time synchronization between mobile stations and visited networks, and without obsolete anonymous tickets left in visited networks. The proposed scheme is developed based on a secure one‐way hash function and simple operations, a feature which is extremely fit for mobile devices. We provide the soundness of the authentication protocol by using VO logic. Copyright © 2010 John Wiley & Sons, Ltd.     

LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

Lightweight and provably secure user authentication with anonymity for the global mobility network

Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one‐time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd.     

Robust data authentication for unattended wireless sensor networks

This paper presents a robust data authentication scheme for protecting data integrity and availability in unattended wireless sensor networks. Such networks are vulnerable to several types of attacks. In particular, attackers can compromise a subset of nodes and use these nodes to transmit modified data or to prevent genuine data from being verified. The presented scheme combines security against data modification and denial of service attacks with traffic and storage efficiency. This is achieved by involving all sensor nodes in the network in the authentication process, implementing cooperative authentication with multiple authenticators, and using dual storage. Detailed analysis and extensive simulation tests show that our scheme achieves better performance compared to related schemes published in the literature in terms of traffic, storage, security against DoS attacks, and security against data replacement attacks.     

Notes on “A Temporal-Credential-Based Mutual Authentication and Key Agreement Scheme for Wireless Sensor Networks”

Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.     

基于身份认证的安全量子中继器网络编码方案

本文将量子一次一密通信方法引入到量子中继器网络中,提出了基于身份认证的安全量子中继器网络编码方案.针对编码过程中存在的主动攻击问题,用一次一密的方式实现任意相邻节点通信过程中的身份认证,优化编码算法,最终在源节点与目的节点间生成量子纠缠态作为信道,构成量子隐形传态网络.方案分析表明,这种方案可以实现高可靠性、高安全性的远程量子通信.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

Performance evaluation for a beacon enabled IEEE 802.15.4 scheme with heterogeneous unsaturated conditions

The successful release of the IEEE 802.15.4 standard offers a great convenience to applications of low-power and low-rate wireless sensor networks (WSNs) which almost touch upon all aspects of our life. Analyses of the IEEE 802.15.4 Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) scheme have received considerable attention on saturated or homogeneous traffic recently. More realistic stochastic analysis approach to evaluate the performance of CSMA/CA scheme with heterogeneous unsaturated traffic is proposed in our applications. We adopt two modified semi-Markov chains and one macro-Markov chain to characterize such an asymmetric system, in which traffic arrivals and packets accessing the channel are bestowed with non-preemptive priority over each other instead of prioritization, and the behaviors of heterogeneous nodes interact with each other rather than simple independent behavior superposition. Throughput, packet delay and energy consumption of unsaturated, unacknowledged IEEE 802.15.4 beacon enabled networks are predicted based on these models. Comprehensive simulations demonstrate that the analysis results of these simplified models match well with the simulation results, and not undermine the accuracy at the same time.     

A Simple Time Shift Scheme for Beacon Broadcasting Based on Cluster-Tree IEEE 802.15.4 Low-Rate WPANs

Wireless sensor networks based on the IEEE 802.15.4 standard is able to carry out short-distance transmissions in low-rate and low-power wireless personal area networks. To access the channel, it uses the slotted carrier sense multiple access with collision avoidance (CSMA/CA) in the contention access period (CAP) under superframe structure with beacon frame broadcast to bound the duration of superframe. However, the beacon frame is transmitted periodically without CSMA/CA so that it could be collided continuously. This type of collision causes node lost synchronization and unable to join a network because the beacon frame cannot be normally received. This paper proposes a simple time shift scheme based on IEEE 802.15.4 to keep original superframe structure and distribute transmission of beacon frame over active period to avoid beacon frame collisions. We use a simple function to allocate beacon frame transmission in the active period. The simulation results show that the proposed scheme significantly reduces the beacon collision and lost synchronization rate, and it also improves the throughput.     

IEEE 802.16密钥管理协议的安全问题分析与改进方案

IEEE 802.16在MAC层设计的安全子层没有完全解决宽带无线接入的安全问题.本文分析了认证和密钥管理(PKM)协议的安全缺陷,针对其可能遭受的攻击,提出了改进方案,并提出一种基于PKM的支持快速切换的密钥信息安全漫游机制.     

Three-party password authenticated key agreement protocol with user anonymity based on lattice

With the rapid development of quantum theory and the existence of polynomial algorithm in quantum computation based on discrete logarithm problem and large integer decomposition problem,the security of the algorithm was seriously threatened.Therefore,two authentication key agreement protocols were proposed rely on ring-learning-with-error (RLWE) assumption including lattice-based implicit authentication key agreement scheme and lattice-based explicit authentication key agreement scheme and proved its security.The implicit authentication key agreement protocol is less to communicate and faster to authentication,the explicit authentication key agreement protocol is more to secure.At the same time,bidirectional authentication of users and servers can resist unpredictable online dictionary attacks.The new protocol has higher efficiency and shorter key length than other password authentication key agreement protocols.It can resist quantum attacks.Therefore,the protocol is efficient,secure,and suitable for large-scale network communication.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

抗污染攻击的自适应网络编码传输机制

研究了网络编码中的污染攻击问题,提出了一种抗污染攻击的自适应网络编码传输机制ASNC (adaptive secure network coding)。在编码数据分组的传输过程中,该机制利用网络编码的时间和空间特性有效控制污染数据分组的传播。同时,ASNC机制创新性地促使网络编码系统动态调整安全策略,自适应于当前网络安全态势。此外,为了达到更好的实用性,ASNC机制有效利用网络编码的编码空间特性,不需要额外的安全数据通道和数据分组加密操作。ASNC机制的安全分析和仿真结果表明,其能够有效抵抗污染攻击,与不具有自适应能力的机制相比具有更好的安全效率。     

基于IEEE 802．15．4 CSMA／CA机制的无线非均匀传感网络实时性能分析

自从IEEE802．15．4标准发布以来,低功耗、低速率传输的无线传感器网络的应用几乎涉及到现实生活的方方面面．而这个标准的CSMMCA机制性能分析大部分都是基于均匀、饱和的传感器网络。针对非均匀、非饱和的CSMMCA机制．提出了一种离散的性能评估方法。采用两个半马尔可夫链来分别表达两组节点的访问过程、一个宏观马尔可夫链来表达信道状态。最大的特点是两组节点被赋予了公平的机会来访问信道,而不存在优先权的问题。基于这个模型。分析了不饱和、无ACK的IEEE802．15．4信标使能访问机制的数据包传送时间,包括数据包到达率、包大小、节点数量等参数对系统实时性的影响。并且这些分析结果与采用NS=2工具仿真的结果十分吻合。     

基于IEEE802.15.4CSMA/CA机制的无线非均匀传感网络实时性能分析

自从IEEE802.15.4标准发布以来,低功耗、低速率传输的无线传感器网络的应用几乎涉及到现实生活的方方面面,而这个标准的CSMA/CA机制性能分析大部分都是基于均匀、饱和的传感器网络。针对非均匀、非饱和的CSMA/CA机制,提出了一种离散的性能评估方法,采用两个半马尔可夫链来分别表达两组节点的访问过程、一个宏观马尔可夫链来表达信道状态。最大的特点是两组节点被赋予了公平的机会来访问信道,而不存在优先权的问题。基于这个模型,分析了不饱和、无ACK的IEEE 802.15.4信标使能访问机制的数据包传送时间,包括数据包到达率、包大小、节点数量等参数对系统实时性的影响,并且这些分析结果与采用NS-2工具仿真的结果十分吻合。