Analysis of a secure conference scheme for mobile communication

Dynamic participation is a feature of the secure conference schemes that allows new conferees to join and the old conferees to leave. The conferees who have left should not be able to decrypt the secure conference communication anymore. A secure conference scheme with dynamic participation was proposed in M.S. Hwang and W.P. Yang (1995) and later it was modified with the self-encryption mechanism in K.F. Hwang and C.C. Chang (2003) for a better performance. In this paper we analyze both the original scheme and the modified version. We show that both of them are subject to the active and passive attacks presented in this paper. Our active attack works in the way that a colluding group of attackers can still obtain the conference key even after they all leave the conference. The passive attack does not need any attacker to ever participate the conference. The conference key can be compromised with a large probability as long as the number of conferees is large.     

A secure conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconference in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in a mobile teleconference. The authors design a new secure conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically.     

IDSDDIP: a secure distributed dynamic IP configuration scheme for mobile ad hoc networks

In IP‐based networks, IP address uniqueness is one of the most important requirements since a node has to participate in unicast communications and routing. Often nodes are assumed to have unique IP addresses configured a priori. However, this is not the case and cannot be achieved easily in mobile ad hoc networks (MANETs). Most of the existing dynamic address allocation schemes of MANET rely on network‐wide flooding for address solicitation and/or duplicate address detection. As a result, several types of security threats can be seen at the time of address allocation. In this paper, we present an ID‐based distributed dynamic IP configuration scheme that securely allocates IP addresses to the authorized nodes without flooding the entire network. Here each node acquires capability of generating unique IP addresses from its own IP address and can assign those addresses to the new nodes. The proposed scheme provides security against the associated threats with dynamic IP allocation protocol without the help of a trusted third party. It also efficiently handles the network partitioning and merging and reduces the chance of address conflicts. Performance analysis and simulation results are present to show that the proposed addressing scheme has low communication overhead and fairly low addressing latency with added security mechanisms compared to the similar existing dynamic address allocation schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

A secure incentive protocol for mobile ad hoc networks

The proper functioning of mobile ad hoc networks depends on the hypothesis that each individual node is ready to forward packets for others. This common assumption, however, might be undermined by the existence of selfish users who are reluctant to act as packet relays in order to save their own resources. Such non-cooperative behavior would cause the sharp degradation of network throughput. To address this problem, we propose a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation among mobile nodes with individual interests. SIP can be implemented in a fully distributed way and does not require any pre-deployed infrastructure. In addition, SIP is immune to a wide range of attacks and is of low communication overhead by using a Bloom filter. Detailed simulation studies have confirmed the efficacy and efficiency of SIP. This work was supported in part by the U.S. Office of Naval Research under Young Investigator Award N000140210464 and under grant N000140210554. Yanchao Zhang received the B.E. degree in Computer Communications from Nanjing University of Posts and Telecommunications, Nanjing, China, in July 1999, and the M.E. degree in Computer Applications from Beijing University of Posts and Telecommunications, Beijing, China, in April 2002. Since September 2002, he has been working towards the Ph.D. degree in the Department of Electrical and Computer Engineering at the University of Florida, Gainesville, Florida, USA. His research interests are network and distributed system security, wireless networking, and mobile computing, with emphasis on mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and heterogeneous wired/wireless networks. Wenjing Lou is an assistant professor in the Electrical and Computer Engineering department at Worcester Polytechnic Institute. She obtained her Ph.D degree in Electrical and Computer Engineering from University of Florida in 2003. She received the M.A.Sc degree from Nanyang Technological University, Singapore, in 1998, the M.E degree and the B.E degree in Computer Science and Engineering from Xi'an Jiaotong University, China, in 1996 and 1993 respectively. From Dec 1997 to Jul 1999, she worked as a Research Engineer in Network Technology Research Center, Nanyang Technological University. Her current research interests are in the areas of ad hoc and sensor networks, with emphases on network security and routing issues. Wei Liu received his B.E. and M.E. in Electrical and Information Engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001. In August 2005, he received his PhD in Electrical and Computer Engineering from University of Florida. Currently, he is a senior technical member with Scalable Network Technologies. His research interest includes cross-layer design, and communication protocols for mobile ad hoc networks, wireless sensor networks and cellular networks. Yuguang Fang received a Ph.D. degree in Systems Engineering from Case Western Reserve University in January 1994 and a Ph.D degree in Electrical Engineering from Boston University in May 1997. He was an assistant professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology from July 1998 to May 2000. He then joined the Department of Electrical and Computer Engineering at University of Florida in May 2000 as an assistant professor, got an early promotion to an associate professor with tenure in August 2003 and a professor in August 2005. He has published over 150 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He has served on many editorial boards of technical journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEE Transactions on Mobile Computing and ACM Wireless Networks. He is a senior member of the IEEE.     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

A secure and efficient conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconferencing, in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in mobile teleconferencing. When deploying secure services in mobile teleconferences, it has to be taken into account that the mobility of users is usually built on portable devices with limited computing capability. A secure conference scheme for mobile communications needs to be executed efficiently on portable devices. We propose a new secure and efficient conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically. In addition, the scheme is particularly efficient on the mobile user's portable device because the mobile user needs to perform only single modular multiplication plus encryptions and decryptions of a secret key cryptosystem.     

基于短信息服务的移动安全通信系统设计

短信息由于其成本低廉、使用方便等特点,被广泛应用于业务数据交换。但由于其本身的不安全因素,无法满足传递敏感数据需求。为此,设计了基于短信息服务的移动安全通信系统,在移动终端设备、通信链路和应用服务等方面都采取了安全保障措施。通过短信息服务,可实现移动通信网络和固网应用服务的安全无缝集成。     

A model for mobile code using interacting automata

The Internet supports migration of code from node to node. A number of paradigms exist for distributed computing and mobile code, including client/server, remote evaluation, code-on-demand, and mobile agents. We find them overly-restrictive views of reality. We propose a model that can express previous paradigms as special cases. We derive a model using cellular automata (CA) abstractions to study relations between local node behavior and global system behavior. Example mobile code systems are provided and existing paradigms are expressed in terms of the model. These examples include network attacks such as viruses, worms, and distributed denial of service (DDoS). A distributed system simulation tool based on the model is described. Simulation results provide insights gained from this work.     

移动网络环境下实现电力移动终端的安全通信

为了防范移动网络环境中所客观存在的恶意攻击、软件漏洞等安全风险,文中提出一种基于端到端信息交换的加密和认证的电力移动终端安全解决方案。在所设计的方案中,与当前地理位置相关联的对话伙伴经过处理的指纹用于生成寿命较短的对称密钥,同时还结合了加密算法、指纹特征和用户虹膜特征,确保在整个认证通信过程中的数据安全。测试结果表明,该方案能够在移动网络环境中高效实现对电力移动终端的身份验证和信息加密。     

Security issues for downloaded code in mobile phones

'Software defined radio' (SDR) is a technology that will appear in future generations of mobile phones, i.e. following the third-generation mobile phone technology that is currently being defined and developed. Early versions of 'pragmatic' SDR will allow the terminal to be reconfigured at any level of its protocol stack. Ultimately, the 'pure' SDR technology will allow a mobile phone or terminal to have its air interface software configured or reconfigured by other software (or software parameters) that have been downloaded to the terminal, e.g. over the air, or from a remote server via the Internet and one's personal computer (PC). A number of security issues arise with downloaded code that implements the air interface functions, and these may not be obvious simply from looking at the way PC software is updated on-line today. This paper starts with an outline of the code that allows a mobile phone to operate over a particular air interface. This sets the baseline for a discussion of the security issues surrounding the change of this code from one that is fixed and downloaded once only, to code that is reconfigurable during the life of a product.     

Detection technique for a serial DS-SS code synchronisation in afading mobile channel

A performance analysis of the threshold decision technique for direct-sequence spread-spectrum (DS-SS) code synchronisation is presented. The proposed serial acquisition system is compared to the conventional serial acquisition system, and a significant improvement in performance is shown in terms of the mean acquisition time     

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.     

可证明安全的智能移动终端私钥保护方案

提出一种可证明安全的智能移动终端私钥保护方案。充分利用口令保护、密钥分割与服务器动态交互获取部分私钥等技术保证用户私钥安全。与其他方案相比,该方案的优势在于：减少了智能移动终端的计算量和存储量,简化了交互过程参数的设置;将时间同步贯穿整个方案的设计过程,防止重放攻击的同时,更提供了便捷高效的用户私钥失效方案。方案达到了安全私钥获取和高效私钥失效的效果,符合智能移动终端的安全应用需求,在随机预言机模型下是可证明安全的。     

An anonymous and provably secure authentication scheme for mobile user

Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lin's scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lin's scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright © 2016 John Wiley & Sons, Ltd.     

PSP: proximity-based secure pairing of mobile devices using WiFi signals

Wireless Networks - Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously,...     

A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SK-security along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.     

A secure dynamic IP configuration scheme for mobile ad hoc networks

Secure dynamic IP addressing is a prime requirement for unicast communication between authorized hosts in mobile ad hoc networks (MANETs). Recently, several approaches have been proposed for dynamic addressing scheme. However, most of the approaches rely on broadcasting for address solicitation and/or duplicate address detection. As a result, several types of security threats in dynamic IP configuration can be observed. In this paper, we present an ID based dynamic IP configuration scheme that can securely allocate IP addresses to the authorized hosts for a mobile ad hoc network without broadcasting over the entire network. Each host in the MANET can generate an unique IP address from its own IP address for a new host. The proposed scheme provides authentication for address configuration without the help of a trusted third party while taking care of the security-threats associated with dynamic IP configuration. Performance analysis shows that even with added security mechanisms our proposed addressing scheme has fairly good addressing latency and control overhead compared to the similar existing schemes. Moreover, the proposed scheme is able to solve the problem of network partitions and mergers along with the arrival and departure of a host efficiently and securely.     

PSMECS: A provably secure ID-based communication in mobile edge computing

Human-centered systems play an important role in the modern world, for example, driverless car, autonomous and smart vehicles, drones, and robotics. The internet of things environment demands a faster real-time response depending on the applications processed in a particular duration. Mobile edge computing (MEC) allows a user to get a real-time response as compared with cloud computing (CC), although ensuring a number of security attributes in MEC environment remains challenging. In this article, a protocol is designed to achieve mutual authentication, anonymous communication, and security against traceability, as these are very crucial factors to ensure the security of data and user's privacy. Moreover, the proposed scheme ensures mutual authentication between a mobile user and an edge server along with the user's anonymity and untraceability. The proof of security and evaluation of performance of the scheme validates that it ensures security attributes and improves efficiency in terms of communication and computation overheads.     

A framework for enhancing mobile workflow execution through injection of flexible security controls

Mobile workflow execution is gaining importance as traditional process execution systems are employed in many new scenarios such as mobile networks or the Internet of Things. Unfortunately, in these solutions, security is still based on control loops or computer science techniques which have not evolved as fast as current mobile systems and applications. In this context, in order to improve the security level of these systems, it is necessary to create a security framework tightly coupled with the mobile workflow execution platforms. To contribute filling this gap, we propose a framework to inject security controls in workflows, which supports mobile execution and allows a flexible decision making. This solution models security as control points where some relevant previously defined indicators are evaluated. Depending on the obtained values, the framework takes corrective, preventive or adaptive actions, considering also the execution system capabilities and the workflow being executed. In order to evaluate the effectiveness and performance of the proposed solution we include experimental validation.