A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Homomorphic signature schemes for single-source and multi-source network coding

To solve the problems of pollution attacks of single-source and multi-source network coding,two homomorphic signature schemes for network coding were proposed.In homomorphic signature for single-source network,the message hash value was signed on the elliptic curve,then the message,hash value and the signature of hash value were output,and the receiving node could verify the signature,the elliptic curve signature based on homomorphism could resist intra/inter-generation pollution attacks.Homomorphic signature from pairings for multi-source network coding could resist pollution attacks,and the introduction of timestamp made it be capable to resist replay attacks.In the random oracle model,it proves that two schemes are all secure under the selective attacks.Analysis shows that two schemes can effectively improve the verification efficiency.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

A neural network system for authenticating remote users in multi‐server architecture

Authenticating the legitimacy of a remote user is an important issue in modern computer systems. In this paper, a neural network system for authenticating remote users is presented. The benefits of the proposed scheme include that (1) it is suitable for multi‐server environment; (2) it does not maintain a verification table; (3) users can freely choose their password; and (4) it can withstand replay attack, off‐line password guessing attack, and privileged insider attacks. Furthermore, some drawbacks, such as the users who choose the same passwords will have the same identities and unavailability for evicting a user from the system, will also be eliminated. Copyright © 2007 John Wiley & Sons, Ltd.     

Continuous leakage–resilient IBE in cloud computing

Cloud computing is an efficient tool in which cloud storage shares plenty of encrypted data with other data owners. In existing cloud computing scenarios, it may suffer from some new attacks like side channel attacks. Therefore, we are eager to introduce a new cryptographic scheme that can resist these new attacks. In this work, we exploit a new technique to build leakage‐resilient identity‐based encryption and use the stronger existing partial leakage model, such as continual leakage model. More specifically, our proposal is based on the underlying decisional bilinear Diffie‐Hellman assumption, but proven adaptively secure against adaptive chosen ciphertext attack in the standard model. Above all, a continuous leakage–resilient IBE scheme with adaptive security meets cloud computing with stronger security.     

基于DDCT表的多副本完整性审计方案

在云存储环境下,云数据采用多副本存储已经成为一种流行的应用.针对恶意云服务提供商威胁云副本数据安全问题,提出一种基于DDCT（Dynamic Divide and Conquer Table）表的多副本完整性审计方案.首先引入DDCT表来解决数据动态操作问题,同时表中存储副本数据的块号、版本号和时间戳等信息;接下来为抵制恶意云服务商攻击,设计一种基于时间戳的副本数据签名认证算法;其次提出了包括区块头和区块体的副本区块概念,区块头存储副本数据基于时间戳识别认证的签名信息,区块体存放加密的副本数据;最后委托第三方审计机构采用基于副本时间戳的签名认证算法来审计云端多副本数据的完整性.通过安全性分析和实验对比,本方案不仅有效的防范恶意存储节点之间的攻击,而且还能防止多副本数据泄露给第三方审计机构.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Layered data aggregation with efficient privacy preservation for fog‐assisted IIoT

The emergence of fog computing facilitates industrial Internet of Things (IIoT) to be more real‐time and efficient; in order to achieve secure and efficient data collection and applications in fog‐assisted IIoT, it usually sacrifices great computation and bandwidth resources. From the low computation and communication overheads perspective, this paper proposes a layered data aggregation scheme with efficient privacy preservation (LDA‐EPP) for fog‐assisted IIoT by integrating the Chinese remainder theorem (CRT), modified Paillier encryption, and hash chain technology. In LDA‐EPP scheme, the entire network is divided into several subareas; the fog node and cloud are responsible for local and global aggregations, respectively. Specially, the cloud is able to obtain not only the global aggregation result but also the fine‐grained aggregation results of subareas, which enables that can provide fine‐grained data services. Meanwhile, the LDA‐EPP realizes data confidentiality by the modified Paillier encryption, ensures that both outside attackers and internal semi‐trusted nodes (such as, fog node and cloud) are unable to know the privacy data of individual device, and guarantees data integrity by utilizing simply hash chain to resist tempering and polluting attacks. Moreover, the fault tolerance is also supported in our scheme; ie, even though some IIoT devices or channel links are failure, the cloud still can decrypt incomplete aggregation ciphertexts and derive expected aggregation results. Finally, the performance evaluation indicates that our proposed LDA‐EPP has less computation and communication costs.     

A secure regenerating code‐based cloud storage with efficient integrity verification

Cloud storage is gaining popularity as it relieves the data owners from the burden of data storage and maintenance cost. However, outsourcing data to third‐party cloud servers raise several concerns such as data availability, confidentiality, and integrity. Recently, regenerating codes have gained popularity because of their low repair bandwidth while ensuring data availability. In this paper, we propose a secure regenerating code‐based cloud storage (SRCCS) scheme, which utilizes the verifiable computation property of homomorphic encryption scheme to check the integrity of outsourced data. In this work, an error‐correcting code (ECC)–based homomorphic encryption scheme (HES) is employed to simultaneously provide data privacy as well as error correction while supporting efficient integrity verification. In SRCCS, server regeneration process is initiated on detection of data corruption events in order to ensure data availability. The ECC‐based HES significantly reduces the probability of server regeneration and minimizes the repair cost. Extensive theoretical analysis and simulation results validate the security, efficiency, and practicability of the proposed scheme.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

Adaptive Channel‐Matched Extended Alamouti Space‐Time Code Exploiting Partial Feedback

Since the publication of Alamouti's famous space‐time block code, various quasi‐orthogonal space‐time block codes (QSTBC) for multi‐input multi‐output (MIMO) fading channels for more than two transmit antennas have been proposed. It has been shown that these codes cannot achieve full diversity at full rate. In this paper, we present a simple feedback scheme for rich scattering (flat Rayleigh fading) MIMO channels that improves the coding gain and diversity of a QSTBC for 2ⁿ (n = 3, 4,…) transmit antennas. The relevant channel state information is sent back from the receiver to the transmitter quantized to one or two bits per code block. In this way, signal transmission with an improved coding gain and diversity near to the maximum diversity order is achieved. Such high diversity can be exploited with either a maximum‐likelihood receiver or low‐complexity zero‐forcing receiver.     

云存储中密文数据的客户端安全去重方案

云存储环境下,客户端数据去重能在本地进行文件重复性检测,有效地节约存储空间和网络带宽.然而,客户端去重仍面临着很多安全挑战.首先,由于将文件哈希值作为重复性检测的证据,攻击者很可能通过一个文件的哈希值获得整个文件;其次,为了保护数据隐私,收敛加密被广泛运用于数据去重方案,但是由于数据本身是可预测的,所以收敛加密仍不可避免地遭受暴力字典攻击.为了解决上述问题,本文首次利用盲签名构造了一个安全的密钥生成协议,通过引入一个密钥服务器,实现了对收敛密钥的二次加密,有效地预防了暴力字典攻击;并进一步提出了一个基于块密钥签名的拥有权证明方法,能够有效预防攻击者通过单一的哈希值来获取文件,并能同时实现对密文文件的文件级和块级去重.同时,安全分析表明本文方案在随机预言模型下是可证明安全的,并能够满足收敛密钥安全、标签一致性和抗暴力字典攻击等更多安全属性.此外,与现有方案相比,实验结果表明本文方案在文件上传和文件去重方面的计算开销相对较小.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

An anonymous and robust multi‐server authentication protocol using multiple registration servers

The concept of multi‐server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi‐server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi‐server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi‐server environments compared to other protocols with similar nature.     

Forgery attacks on digital signature schemes without using one-way hash and message redundancy

Chang and Chang proposed a new digital signature scheme, and claimed the scheme can resist the forgery attack without using one-way hash function and any redundancy padding. This claim is very interesting to all designers, because conventionally a one-way hash function is required to resist the attacks. This article shows an existential forgery attack on the scheme, and shows that the scheme would still be insecure even if a secure one-way function were adopted in the scheme.     

Forgery attacks of an identity‐based multi‐proxy signature scheme

Multi‐proxy signature is used to delegate a permission of an owner to at least two proxies in the digital world. Recently, Sahu and Padhye gave a new construction of identity‐based multi‐proxy signature. Their scheme's security was supported by a reduction proof against a hard mathematical problem. Even supported by such security proofs, we present some forgery attacks against Sahu and Padhye's scheme. We demonstrate that any dishonest insider or any malicious outsider can break the security of Sahu and Padhye's scheme by forging either a permission or a multi‐proxy signature. In fact, our forgery attacks exploit the security weakness in their underlying identity‐based signature scheme, which is the fundamental constructing component of their proposed scheme. Copyright © 2014 John Wiley & Sons, Ltd.     

Fog‐SDN: A light mitigation scheme for DDoS attack in fog computing framework

Cloud computing is one of the most tempting technologies in today's computing scenario as it provides a cost‐efficient solutions by reducing the large upfront cost for buying hardware infrastructures and computing power. Fog computing is an added support to cloud environment by leveraging with doing some of the less compute intensive task to be done at the edge devices, which reduces the response time for end user computing. But the vulnerabilities to these systems are still a big concern. Among several security needs, availability is one that makes the demanded services available to the targeted customers all the time. Availability is often challenged by external attacks like Denial of service (DoS) and distributed denial of service (DDoS). This paper demonstrates a novel source‐based DDoS mitigating schemes that could be employed in both fog and cloud computing scenarios to eliminate these attacks. It deploys the DDoS defender module which works on a machine learning–based light detection method, present at the SDN controller. This scheme uses the network traffic data to analyze, predict, and filter incoming data, so that it can send the filtered legitimate packets to the server and blocking the rest.     

基于混沌的带密钥散列函数安全分析

利用统计分析、生日攻击等方法,针对一类基于混沌系统的带密钥散列函数进行了分析,给出了针对这些算法的伪造攻击和等价密钥恢复攻击。同时,研究了上述攻击奏效的原因,并由此总结了基于混沌技术设计带密钥散列函数时应该注意的问题。最后,提出了一个改进方案,该方案可以抵抗伪造攻击和等价密钥攻击,并且增加的计算负担可以忽略不计。     

Block‐Mode Lattice Reduction for Low‐Complexity MIMO Detection

We propose a very‐low‐complexity lattice‐reduction (LR) algorithm for multi‐input multi‐output detection in time‐varying channels. The proposed scheme reduces the complexity by performing LR in a block‐wise manner. The proposed scheme takes advantage of the temporal correlation of the channel matrices in a block and its impact on the lattice transformation matrices during the LR process. From this, the proposed scheme can skip a number of redundant LR processes for consecutive channel matrices and performs a single LR in a block. As the Doppler frequency decreases, the complexity reduction efficiency becomes more significant.