LWDSA: light-weight digital signature algorithm for wireless sensor networks

The essential security mechanism in wireless sensor networks (WSNs) is authentication, where nodes can authenticate each other before transmitting a valid data to a sink. There are a number of public key authentication procedures available for WSN in recent years. Due to constraints in WSN environment there is a need for light-weight authentication procedure that consumes less power during computation. This proposed work aims at developing a light-weight authentication protocol using MBLAKE2b with elliptic curve digital signature algorithm (ECDSA). The proposed protocol is also tested using the protocol verification tool Scyther and found to be secure in all claims and roles. This proposed algorithm increases the network life time and reduces the computation time, which is essential for the constrained environment like WSNs.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

Blockchain-Based SQKD and IDS in Edge Enabled Smart Grid Network

Smart Grid is a power grid that improves flexibility, reliability, and efficiency through smart meters. Due to extensive data exchange over the Internet, the smart grid faces many security challenges that have led to data loss, data compromise, and high power consumption. Moreover, the lack of hardware protection and physical attacks reduce the overall performance of the smart grid network. We proposed the BLIDSE model (Blockchain-based secure quantum key distribution and Intrusion Detection System in Edge Enables Smart Grid Network) to address these issues. The proposed model includes five phases: The first phase is blockchain-based secure user authentication, where all smart meters are first registered in the blockchain, and then the blockchain generates a secret key. The blockchain verifies the user ID and the secret key during authentication matches the one authorized to access the network. The secret key is shared during transmission through secure quantum key distribution (SQKD). The second phase is the lightweight data encryption, for which we use a lightweight symmetric encryption algorithm, named Camellia. The third phase is the multi-constraint-based edge selection; the data are transmitted to the control center through the edge server, which is also authenticated by blockchain to enhance the security during the data transmission. We proposed a perfect matching algorithm for selecting the optimal edge. The fourth phase is a dual intrusion detection system which acts as a firewall used to drop irrelevant packets, and data packets are classified into normal, physical errors and attacks, which is done by Double Deep Q Network (DDQN). The last phase is optimal user privacy management. In this phase, smart meter updates and revocations are done, for which we proposed Forensic based Investigation Optimization (FBI), which improves the security of the smart grid network. The simulation is performed using network simulator NS3.26, which evaluates the performance in terms of computational complexity, accuracy, false detection, and false alarm rate. The proposed BLIDSE model effectively mitigates cyber-attacks, thereby contributing to improved security in the network.     

Lightweight Authentication Protocol Based on Physical Unclonable Function

In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.     

A dual‐purpose signature for authentication on UMTS

Abstract

In UMTS, the mobile station and the authentication server can perform mutual authentication via the secret shared key. This implies that the server requires a secure storage to maintain the shared keys of all users. Clearly this large, sensitive storage increases both maintenance loading and security concerns: re malicious intruders. As this paper shows, the signature technique can be applied not only to discard the bulky storage needed at the server but also to guarantee the access rights of the mobile clients. Two different important purposes can be simultaneously achieved from the same signature equation, so the Dual‐Purpose signature provides valuable improvements to UMTS.     

Quantum Secure Direct Communication Protocol with Mutual Authentication Based on Single Photons and Bell States

Quantum secure direct communication (QSDC) can transmit secret messages directly from one user to another without first establishing a shared secret key, which is different from quantum key distribution. In this paper, we propose a novel quantum secure direct communication protocol based on signal photons and Bell states. Before the execution of the proposed protocol, two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret, respectively. Then the message sender, Alice, encodes each secret message bit into two single photons (| 01〉or|10〉) or a Bell state , and composes an ordered secret message sequence. To insure the security of communication, Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB. By the secret identity IDA and IDB, both sides of the communication can check eavesdropping and identify each other. The proposed protocol not only completes secure direct communication, but also realizes the mutual authentication. The security analysis of the proposed protocol is presented in the paper. The analysis results show that this protocol is secure against some common attacks, and no secret message leaks even if the messages are broken. Compared with the two-way QSDC protocols, the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack. Furthermore, our proposed protocol can be realized without quantum memory.     

A secure authentication watermarking for halftone and binary images

An authentication watermark is a hidden data inserted into an image that can be used to detect any accidental or malicious alteration in the image. Many authentication‐watermarking techniques for continuous‐tone images are described in the literature, but only a quite small number of secure authentication watermarking techniques are available for binary/halftone images. This article proposes a simple solution for inserting a secure authentication watermark in binary/halftone images. It consists of choosing a set of pseudo‐random pixels in the image, clearing them, computing the message authentication code (or the digital signature) of the now‐cleared image, and inserting the resulting code into the selected random pixels. Dispersed‐dot halftone images watermarked by the proposed technique present better visual quality than do watermarked generic binary images. However, in practice, the visual degradation is hardly noticeable in either case. The proposed technique seems to be the only binary/halftone watermarking scheme that can detect even a single pixel alteration in the host image. It can be used with secret‐key or public‐key ciphers. © 2004 Wiley Periodicals, Inc. Int J Imaging Syst Technol 14, 147–152, 2004; Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/ima.20018     

Signature scheme based on the root extraction problem over braid groups

Several public key cryptosystems and authentication schemes based on the conjugator search and root extraction problems over braid groups have been proposed. However, security analysis showed that it is not necessary to solve the underlying conjugator search problem or the root extraction problem in order to break these public key cryptographic algorithms. Hence, these cryptographic primitives suffer from some security drawbacks. A digital signature scheme based on the root extraction problem over braid groups is proposed. It is proven that the only way for the attacker to forge a signature is to extract the eth root for a given braid in the braid group. It is also shown that given sufficiently many message-signature pairs, the attacker needs to solve an intractable problem, the group factorisation problem, in order to forge a signature. Furthermore, it is pointed out that the attacker cannot learn much useful information by reconstructing braid equations with respect to the public and secret keys. Performance analysis shows that the proposed signature scheme is efficient and practical, and the key sizes are acceptable. The computational overheads to sign a message and to verify a signature are only equivalent to several 1024-RSA modular multiplications.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

EIAS: An Efficient Identity-Based Aggregate Signature Scheme for WSNs Against Coalition Attack

Wireless sensor networks (WSNs) are the major contributors to big data acquisition. The authenticity and integrity of the data are two most important basic requirements for various services based on big data. Data aggregation is a promising method to decrease operation cost for resource-constrained WSNs. However, the process of data acquisitions in WSNs are in open environments, data aggregation is vulnerable to more special security attacks with hiding feature and subjective fraudulence, such as coalition attack. Aimed to provide data authenticity and integrity protection for WSNs, an efficient and secure identity-based aggregate signature scheme (EIAS) is proposed in this paper. Rigorous security proof shows that our proposed scheme can be secure against all kinds of attacks. The performance comparisons shows EIAS has clear advantages in term of computation cost and communication cost when compared with similar data aggregation scheme for WSNs.     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

An Efficient Certificateless Aggregate Signature Scheme Designed for VANET

The Vehicular Ad-hoc Network (VANET) is the fundamental of smart transportation system in the future, but the security of the communication between vehicles and vehicles, between vehicles and roadside infrastructures have become increasingly prominent. Certificateless aggregate signature protocol is used to address this security issue, but the existing schemes still have many drawbacks in terms of security and efficiency: First, many schemes are not secure, and signatures can be forged by the attacker; Second, even if some scheme are secure, many schemes use a large number of bilinear pairing operation, and the computation overhead is large. At the same time, the length of the aggregated signature also increases linearly with the increase of user numbers, resulting in a large communication overhead. In order to overcome the above challenges, we propose a new certificateless aggregate signature scheme for VANET, and prove the security of the scheme under the random oracle model. The new scheme uses pseudonym to realize the conditional privacy protection of the vehicle’s information. The new scheme does not use bilinear pairing operation, and the calculation efficiency is high. At the same time, the length of the aggregate signature of the new scheme is constant, thereby greatly reducing the communication and storage overhead. The analysis results demonstrate that the new scheme is not only safer, but also superior in performance to the recent related schemes in computation overhead and communication cost.     

Multi-Factor Password-Authenticated Key Exchange via Pythia PRF Service

Multi-factor authentication (MFA) was proposed by Pointcheval et al. [Pointcheval and Zimmer (2008)] to improve the security of single-factor (and two-factor) authentication. As the backbone of multi-factor authentication, biometric data are widely observed. Especially, how to keep the privacy of biometric at the password database without impairing efficiency is still an open question. Using the vulnerability of encryption (or hash) algorithms, the attacker can still launch offline brute-force attacks on encrypted (or hashed) biometric data. To address the potential risk of biometric disclosure at the password database, in this paper, we propose a novel efficient and secure MFA key exchange (later denoted as MFAKE) protocol leveraging the Pythia PRF service and password-to-random (or PTR) protocol. Armed with the PTR protocol, a master password pwd can be translated by the user into independent pseudorandom passwords (or rwd) for each user account with the help of device (e.g., smart phone). Meanwhile, using the Pythia PRF service, the password database can avoid leakage of the local user’s password and biometric data. This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.     

A Secure Three-Factor Authenticated Key Agreement Scheme for Multi-Server Environment

Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years. However, traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service. Moreover, it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party. In order to overcome these difficulties, we designed a secure threefactor multi-server authenticated key agreement protocol based on elliptic curve cryptography, which needs the user to register only once at the registration center in order to access all semi-trusted servers. The proposed scheme can not only against various known attacks but also provides high computational efficiency. Besides, we have proved our scheme fulfills mutual authentication by using the authentication test method.     

A Key Recovery System Based on Password-Protected Secret Sharing in a Permissioned Blockchain

In today’s fourth industrial revolution, various blockchain technologies are being actively researched. A blockchain is a peer-to-peer data-sharing structure lacking central control. If a user wishes to access stored data, she/he must employ a private key to prove ownership of the data and create a transaction. If the private key is lost, blockchain data cannot be accessed. To solve such a problem, public blockchain users can recover the key using a wallet program. However, key recovery in a permissioned blockchain (PBC) has been but little studied. The PBC server is Honest-but-Curious (HBC), and should not be able to learn anything of the user; the server should simply recover and store the key. The server must also be resistant to malicious attacks. Therefore, key recovery in a PBC must satisfy various security requirements. Here, we present a password-protected secret sharing (PPSS) key recovery system, protected by a secure password from a malicious key storage server of a PBC. We describe existing key recovery schemes and our PPSS scheme.     

条件接收系统中机顶盒和智能卡安全通信协议

提出了条件接收系统中智能卡和机顶盒安全通信的协议.协议使用了Schnorr身份方案实现机顶盒对智能卡的认证,并使用一个非对称密码系统实现智能卡对机顶盒的认证.协议最小化了智能卡的在线计算负担,同时保持与其它协议同样的安全水平.对协议的安全性和性能进行了分析.分析结果表明,协议对于恶意攻击是鲁棒的,并且非常适合于只有有限处理能力的智能卡.而且,协议为不同的条件接收系统使用同样的机顶盒提供了可能,因为在协议中机顶盒不需要事先存储任何条件接收系统的秘密私有数据.     

Fingerprint-Based Millimeter-Wave Beam Selection for Interference Mitigation in Beamspace Multi-User MIMO Communications

Millimeter-wave communications are suitable for application to massive multiple-input multiple-output systems in order to satisfy the ever-growing data traffic demands of the next-generation wireless communication. However, their practical deployment is hindered by the high cost of complex hardware, such as radio frequency (RF) chains. To this end, operation in the beamspace domain, through beam selection, is a viable solution. Generally, the conventional beam selection schemes focus on the feedback and exhaustive search techniques. In addition, since the same beam in the beamspace may be assigned to a different user, conventional beam selection schemes suffer serious multi-user interference. In addition, some RF chains may be wasted, since they do not contribute to the sum-rate performance. Thus, a fingerprint-based beam selection scheme is proposed to solve these problems. The proposed scheme conducts offline group-based fingerprint database construction and online beam selection to mitigate multi-user interference. In the offline phase, the contributing users with the same best beam are grouped. After grouping, a fingerprint database is created for each group. In the online phase, beam selection is performed for purposes of interference mitigation using the information contained in the group-based fingerprint database. The simulation results confirm that the proposed beam selection scheme can achieve a signal-to-interference-plus-noise ratio and sum-rate performance which is close to those of a fully digital system, and having much higher energy efficiency.     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

Post-Quantum Blockchain over Lattice

Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.     

Improved Multi-party Quantum Key Agreement with Four-qubit Cluster States

Quantum key agreement is a promising key establishing protocol that can play a significant role in securing 5G/6G communication networks. Recently, Liu et al. (Quantum Information Processing 18(8):1-10, 2019) proposed a multi-party quantum key agreement protocol based on four-qubit cluster states was proposed. The aim of their protocol is to agree on a shared secret key among multiple remote participants. Liu et al. employed four-qubit cluster states to be the quantum resources and the X operation to securely share a secret key. In addition, Liu et al.'s protocol guarantees that each participant makes an equal contribution to the final key. The authors also claimed that the proposed protocol is secure against participant attack and dishonest participants cannot generate the final shared key alone. However, we show here that Liu et al. protocol is insecure against a collusive attack, where dishonest participants can retrieve the private inputs of a trustworthy participant without being caught. Additionally, the corresponding modifications are presented to address these security flaws in Liu et al.'s protocol.