A multi-server environment is an important application paradigm in the Internet of Things (IoT). It enables a user access services from different vendors without having to go through multiple registration. The privacy of one who desires to access these services is often crucial. In order to access this service in a manner that assures user privacy, a user needs to be anonymously authenticated independent of the vendors’ services. However, existing identity-based anonymous schemes are only suitable for the client-server domain. Moreover, these schemes provide conditional anonymity which presupposes that if an adversary discovers the user’s private key, the identity can easily be recovered and misused. To avoid this situation, a new unconditional anonymity identity-based user authenticated key agreement scheme for IoT multi-server environment is introduced in this paper. Our protocol applies a ring signature to allow users to anonymously authenticate themselves in the severs without revealing their identities. Hence, an adversary cannot recover the user’s identity even when the user’s private key is known. We further provide a security proof in the random oracle model. Compared with the existing protocols, our proposed scheme is well fitting for mobile phone applications and guarantees the privacy of users in IoT multi-server domain.
相似文献 |
|||||||
|
|||||||
|
共查询到19条相似文献,搜索用时 265 毫秒
1.
2.
3.
4.
在要求高效的密钥管理和中等的安全性的情况下,基于身份公钥密码已成为代替基于证书的公钥密码的一个很好的选择.本文在基于身份系统中,引入少数几个采用公钥证书实体充当裁决者,从而提出混合可验证加密签名的概念,并在Cheon基于身份签名体制的基础上,构造了一个有效的混合可验证加密签名体制;随后,本文讨论了混合可验证加密签名体制的安全模型,并在随机谕示模型下,基于双线性映射的计算性Diffie-Hellman问题难解性假设,证明本文体制是可证安全的.本文体制可用于构造基于身份的优化公平签名交换协议,这在电子商务等领域有着广泛的应用. 相似文献
5.
6.
7.
基于身份的门限代理签名方案大都是在随机预言模型下进行安全证明,并且方案中每个代理人的代理签名密钥在有效期内都是固定不变的。在已有的基于身份的签名方案基础上,利用可公开验证秘密分享技术提出了一个在标准模型下可证安全的基于身份的(t,n)-动态门限代理签名方案。方案中代理人的代理签名密钥可以定期更新,而且代理签名验证过程只需要常数个双线性对运算,因此方案具有更好的动态安全性和较高的效率。 相似文献
8.
9.
10.
11.
ID-based cryptographic schemes for user identification, digitalsignature, and key distribution 总被引:1,自引:0,他引:1
In 1984, A. Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he or she only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. The authors here propose three identity-based cryptographic schemes based on the discrete logarithm problem: the user identification scheme, the digital signature scheme, and the key distribution scheme. The schemes are based on the digital signature scheme of G.B. Agnew et al. (1990), which is reviewed 相似文献
12.
Many individuals or businesses outsource their data to remote cloud.Cloud storage provides users the advantages of economic convenience,but data owners no longer physically control over the stored data,which introduces new security challenges,such as no security guarantees of integrity and privacy.The security of two identity-based cloud data integrity verification schemes by Zhang et al and Xu et al respectively are analysed.It shows that Zhang et al.’s scheme is subjected to secret key recovery attack for the cloud servers can recover user’s private key only utilizing stored data.And Xu et al.’s scheme cannot satisfy security requirements of soundness.Based on Xu et al.'s scheme,a modified identity-based cloud data integrity verification scheme is proposed.A comprehensive analysis shows the new scheme can provide the security requirements of soundness and privacy,and has the same communication overhead and computational cost as Xu et al.’s scheme. 相似文献
13.
In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.'s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice. 相似文献
14.
15.
16.
Recently,Susilo et al.’s perfect concurrent signature scheme(PCS1) and Wang et al.’s improved perfect concurrent signature scheme(iPCS1) are proposed,which are considered as good improvements on concurrent signatures,and they adopt the same algorithms.In this paper,we develop generic perfect concurrent signature algorithms of which Susilo et al.and Wang et al.’s algorithms turn out to be a special instance.We also obtain numerous new,efficient variants from the generic algorithms which have not been proposed before.To display the advantage of these variants,a modified privacy-preserving PCS protocol is given.It shows that the new variants adapt to the protocol well and can form concrete privacy-preserving PCS schemes,while the original algorithms do not.Security proofs and efficiency analysis are also given. 相似文献
17.
18.
When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et al.'s scheme, we propose an improvement in this paper. 相似文献
19.
Identity-Based User Authenticated Key Agreement Protocol for Multi-Server Environment with Anonymity
Hassan Alzubair Omala Anyembe Andrew Ali Mohamed Jin Chunhua Li Fagen 《Mobile Networks and Applications》2019,24(3):890-902
|
| 设为首页 | 免责声明 | 关于勤云 | 加入收藏 |
|
Copyright©北京勤云科技发展有限公司 京ICP备09084417号 |