A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

Secure mobile device structure for trust IoT

In the IoT environment, all devices are connected to each other, and mobile device is considered as key device. But hacking into mobile devices is increasing rapidly with the increase in mobile device users. As the market share of Android OS increases, hacking of mobile devices has focused on Android devices. Although there are many security solutions for mobile devices, they are fragmentary for mobile threats; that is, they are solutions for only several threats rather than comprehensive solutions. There is hence a limit to protecting user’s and company’s data stored or used on mobile devices from various types of hacking. To address this, we propose a mobile device protection technology based on domain isolation. Virtualization technology has emerged to increase CPU utilization in server-class PCs and to run various OSs in one system. As these virtualization technologies become lightweight, they are beginning to be applied to embedded devices. In this paper, we applied this lightweight embedded virtualization technology to mobile devices to divide mobile devices into two areas. Therefore, users can have hidden area from hacker attack in addition to Android OS area which can use same as existing mobile device. There is a hardware-based mobile security solution using an secure element, but this has to be reflected in the manufacturing process of the mobile device. However, since the domain separation technology using the virtualization, proposed in this paper, is a software solution, it has an advantage that it can be applied to a device that is already in use. In addition, to protect the hidden area, application authentication/authorization and user authentication technology were applied. And we use white-box cryptography to get root of trust of the key which is used for secure storage and data encryption/decryption. We believe this is a fundamental solution for protecting the mobile device users from hacking. We implemented and tested various mobile applications operating on a mobile device that incorporates our proposed structure based on domain isolation. There is some performance degradation caused by the domain separation, but it is negligible. According to https://www.wired.com/insights/2012/11/mobile-supercomputers/, the chips for mobile phones have evolved and mobile phones will soon become supercomputers. In this case, the addition of virtualization to the mobile device will have less impact on the computing power of the mobile device, and data protection stored in mobile devices and secure execution environment of security programs will become more important issues. Therefore, our TeeMo structure is a necessary technology to protect mobile device users.     

A remote user authentication scheme without using smart cards

User authentication is one of the fundamental procedures to ensure secure communications over an insecure public network channel. Especially, due to tamper-resistance and convenience in managing a password file, various user authentication schemes using smart cards have been proposed. A smart card however far from ubiquitous because of the high cost of a smart card and the infrastructure requirements. In this paper, we study secure user authentication using only a common storage device such as a universal serial bus (USB) memory, instead of using smart cards. We first show that the existing schemes using smart cards cannot be immediately converted into schemes using a common storage device. We then propose a practical and secure user authentication scheme, capable of supporting the use of the common storage device, which retains all the advantages of schemes using smart cards.     

Two ID-based authenticated schemes with key agreement for mobile environments

With the rapid development of electronic commerce transactions on mobile devices, achieving secure communications between communication parties is an important issue. The typical solutions are authenticated key agreement protocols, designed to efficiently implement secure channels for two or more parties communicating via a public network by providing them with a shared secret key, called a session key. In this paper, we propose two key agreement schemes based on elliptic curve cryptosystems suited for mobile environments. The first one is an identity-based remote mutual authentication with key agreement scheme, and it is used to establish a session key between the client and the server. In the second one, we extend the proposed two-party authentication key exchange scheme to develop an efficient three-party authenticated key agreement scheme for establishing a session key between two users with the help of a trusted server. Both our proposed schemes achieve efficiency, practicability, simplicity, and strong notions of security.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

A Generic Framework for Anonymous Authentication in Mobile Networks

Designing an anonymous user authentication scheme in global mobility networks is a non-trivial task because wireless networks are susceptible to attacks and mobile devices powered by batteries have limited communication, processing and storage capabilities. In this paper, we present a generic construction that converts any existing secure password authen- tication scheme based on a smart card into an anonymous authentication scheme for roaming services. The security proof of our construction can be derived from the underlying password authentication scheme employing the same assumptions. Compared with the original password authentication scheme, the transformed scheme does not sacrifice the authentication effciency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited. Furthermore, we present an instantiation of the proposed generic construction. The performance analysis shows that compared with other related anonymous authentication schemes, our instantiation is more effcient.     

On applying support vector machines to a user authentication method using surface electromyogram signals

At present, mobile devices such as tablet-type PCs and smart phones have widely penetrated into our daily lives. Therefore, an authentication method that prevents shoulder surfing is needed. We are investigating a new user authentication method for mobile devices that uses surface electromyogram (s-EMG) signals, not screen touching. The s-EMG signals, which are detected over the skin surface, are generated by the electrical activity of muscle fibers during contraction. Muscle movement can be differentiated by analyzing the s-EMG. Taking advantage of the characteristics, we proposed a method that uses a list of gestures as a password in the previous study. In this paper, we introduced support vector machines (SVM) for improvement of the method of identifying gestures. A series of experiments was carried out to evaluate the performance of the SVM based method as a gesture classifier and we also discussed its security.     

An optimized authentication protocol for mobile networks

Practical secure communication of mobile systems with low communication cost has become one of the major research directions. An established public key infrastructure (PKI) provides key management and key distribution mechanisms, which can lead to authentication and secure communication. Adding public key cryptography to Kerberos provides a nice congruence to public key protocols, which can obviate the human users’ burden to manage strong passwords. This paper emphasizes on authentication as a considerable issue related to security. Additionally, an efficient and secure hybrid authentication protocol for large mobile network is proposed. Its infrastructure accommodates explosive growth of the large mobile network. It reduces the communication cost for providing secure network access in inter-domain communication. This method is based on symmetric cryptosystem, PKI, challenge–response and hash chaining.     

Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce

The popularity of handheld mobile devices and deployment of the public key infrastructure in many parts of the world have led to the development of electronic commerce on mobile devices. For the current version of mobile phones, the main challenge is the limited computing capacity on these devices for PKI-based end-to-end secure transactions. This paper presents a new architecture and protocol for authentication and key exchange as well as the supporting infrastructure that is suitable for the mobile phone environment. The system requirements and our solutions in addressing these requirements in the restrictive environment are discussed. An evaluation of the system performance is also included. The system has been implemented and is supporting some real-life applications.     

A novel DNA based password authentication system for global roaming in resource-limited mobile environments

Mobile environments are highly vulnerable to security threats and pose a great challenge for the wireless and mobile networks being used today. Because the mode of a wireless channel is open, these networks do not carry any inherent security and hence are more prone to attacks. Therefore, designing a secure and robust protocol for authentication in a global mobile network is always a challenging. In these networks, it is crucial to provide authentication to establish a secure communication between the Mobile User (MU), Foreign Agent (FA) and Home Agent (HA). In order to secure communication among these entities, a number of authentication protocols have been proposed. The main security flaw of the existing authentication protocols is that attackers have the ability to impersonate a legal user at any time. Moreover, the existing authentication protocols in the literature are exposed to various kind of cryptographic attacks. Besides, the authentication protocols require larger key length and more computation overhead. To remedy these weaknesses in mobility networks, DNA (Deoxyribo Nucleic Acid) based authentication scheme using Hyper Elliptic Curve Cryptosystem (HECC) is introduced. It offers greater security and allows an MU, FA and HA to establish a secure communication channel, in order to exchange the sensitive information over the radio link. The proposed system derive benefit from HECC, which is smaller in terms of key size, more computational efficiency. In addition, the security strength of this authentication system is validated through widely accepted security verification tool called ProVerif. Further, the performance analysis shows that the DNA based authentication system using HECC is secure and practically implementable in the resource-constrained mobility nodes.

     

移动网络与云环境下的重认证和访问控制策略研究

随着手机、电脑等移动设备的普遍使用,人们越来越习惯于用智能设备存储个人信息。但近些年来,由于移动设备丢失导致的用户隐私泄露事件屡见不鲜,如何实现互联网云环境下身份认证以及信息安全性的提高已经成为人们极为关注的问题。基于这个问题本文提出了一种访问策略的更新,设计动态演化的隐式重认证方法,使得智能终端能够持续地识别用户是否合法,对抗恶意用户的模拟攻击,防止未授权用户造成数据泄露。通过分析及研究以期为相关工作者提供一定的帮助。     

Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices

With the rapidly escalating use of smart devices and fraudulent transaction of users data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.     

Evaluation of feature values of surface electromyograms for user authentication on mobile devices

At the present time, mobile devices, such as tablet-type PCs and smart phones, have widely penetrated into our daily lives. Therefore, an authentication method that prevents shoulder surfing is needed. We are investigating a new user authentication method for mobile devices that use surface electromyogram (s-EMG) signals, not screen touching. The s-EMG signals, which are generated by the electrical activity of muscle fibers during contraction, are detected over the skin surface. Muscle movement can be differentiated by analyzing the s-EMG. In this paper, a method that uses a list of gestures as a password is proposed. And also, results of experiments are presented that was carried out to investigate the performance of the method extracting feature values from s-EMG signals (using the Fourier transform) adopted in this research. \(Myo^{TM}\), which is the candidate of s-EMG measurement device used in a prototype system for future substantiative experiments, was used in the experiment together with the s-EMG measuring device used in the previous research to investigate its performance.     

Mutual authentication scheme for smart devices in IoT-enabled smart home systems

The emergence of Internet of Things (IoT) technology has yielded a firm technical basis for the construction of a smart home. A smart home system offers occupants the convenience of remote control and automation of household systems. However, there are also potential security risks associated with smart home technologies. The security of users in a smart home environment is related to their life and possessions. A significant amount of research has been devoted to studying the security risks associated with IoT-enabled smart home systems. The increasing intelligence of devices has led to a trend of independent authentication between devices in smart homes. Therefore, mutual authentication for smart devices is essential in smart home systems. In this paper, a mutual authentication scheme is proposed for smart devices in IoT-enabled smart home systems. Signature updates are provided for each device. In addition, with the assistance of a home gateway, the proposed scheme can enable devices to verify the identity of each other. According to the analysis, the proposed scheme is secure against a forged SD or a semi-trusted HG. The computational cost of the proposed scheme in the simulation is acceptable for the application in smart home systems.     

Android平台说话人认证系统的并行计算与设计

智能手机技术的快速进步催生了移动商务的蓬勃发展,智能手机移动商务平台的安全性和身份认证问题已经成为移动商务能否进一步发展的关键。说话人识别技术作为一种生物识别认证技术应用到现有的智能手机中非常便利,而且有其他安全认证技术所无法比拟的优势。因此,将说话人识别相关技术应用于Android系统的安全认证中,设计了基于Android平台的说话人认证系统。同时由于智能手机多核性和特征参数提取工作的独立性,为了提高认证系统的效率,提出了基于Android平台的并行算法,并在不同机型上做了相关的实验,通过实验结果可以发现在Android平台采用并行算法能够较大幅度地提高认证系统的效率,从而提高认证系统的用户体验。     

工业物联网中基于PUFs轻量级的密钥交换协议研究

为了保障数据的安全性和隐私性,防止恶意用户访问传感器设备,针对工业物联网提出一种轻量级的认证与密钥交换协议.该协议采用物理不可克隆函数,模糊提取器保障传感器设备的安全.同时采用单向散列函数、异或操作和对称加解密等技术建立安全的会话通道.实验结果表明,相比于其他认证方案,该协议有效减少了密钥交换的通信和计算开销,所提出的...     

A Lightweight And privacy-preserving public cloud auditing scheme without bilinear pairings in smart cities

Smart Cities have become a global strategy. However, massive data generated by various smart devices need to be uploaded and stored to the cloud servers. It is critical to ensure the integrity and privacy of the stored data. Quite a few public cloud auditing schemes have been proposed recently. However, most of them use bilinear pairing operations in the audit phase, requiring a significant time cost. Meanwhile, users (may be resource-constrained mobile devices or sensor nodes) still need to perform significant computations, like computing meta data for each data block, which bring a huge burden of calculation for these users. Moreover, those schemes cannot effectively protect users’ data privacy. Thus, we propose a lightweight and privacy-preserving public cloud auditing scheme for smart cities that does not require bilinear pairings. First, the proposed scheme is pairing-free, and allowing a third party auditor to generate authentication meta set on behalf of users. Furthermore, it also protects data privacy against the third party auditor and the cloud service providers. In addition, this new scheme can be easily and naturally extended to batch auditing in a multi-user scenario. Detailed security and performance analyses show that the proposed scheme is more secure and efficient compared to the existing public cloud auditing schemes.     

可穿戴设备拥有者转换协议的设计

近年来,可穿戴设备作为一类新型的智能设备正在改变着人们的生活方式。当这类设备处在多用户环境下时,应该考虑拥有者转换这一场景。为了解决可穿戴设备在拥有者转换场景下面临的安全隐私问题,设计了一个安全的可穿戴设备拥有者转换协议。该协议包括初始化、相互认证和密钥更新3个阶段。安全性分析表明本协议能够抵御传统的信道攻击和拥有者转换场景下的特殊攻击。实验分析表明所提方案具有较高的效率,能够适用于可穿戴设备环境。     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

基于击键特征的手机用户身份认证系统

针对目前手机的高普及、高智能和安全性差的问题,统计并研究了不同手机用户使用手机的击键特征。依据数理统计知识发现其符合正态分布,进而设计和实现了基于击键特征的手机用户身份认证系统。经测试表明,该系统能显著提高手机安全性。