Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture

From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

To provide mutual authentication and communication confidentiality between mobile clients and servers, numerous identity‐based authenticated key agreement (ID‐AKA) protocols were proposed to authenticate each other while constructing a common session key. In most of the existing ID‐AKA protocols, ephemeral secrets (random values) are involved in the computations of the common session key between mobile client and server. Thus, these ID‐AKA protocols might become vulnerable because of the ephemeral‐secret‐leakage (ESL) attacks in the sense that if the involved ephemeral secrets are compromised, an adversary could compute session keys and reveal the private keys of participants in an AKA protocol. Very recently, 2 ID‐AKA protocols were proposed to withstand the ESL attacks. One of them is suitable for single server environment and requires no pairing operations on the mobile client side. The other one fits multi‐server environments, but requires 2 expensive pairing operations. In this article, we present a strongly secure ID‐AKA protocol resisting ESL attacks under mobile multi‐server environments. By performance analysis and comparisons, we demonstrate that our protocol requires the lowest communication overhead, does not require any pairing operations, and is well suitable for mobile devices with limited computing capability. For security analysis, our protocol is provably secure under the computational Diffie‐Hellman assumption in the random oracle model.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

Analysis of multi‐user detection of multi‐rate transmissions in multi‐cellular CDMA

In this paper, we address the issue of multi‐user receiver design in realistic multi‐cellular and multi‐rate CDMA systems based on performance analysis. We consider the multi‐user detection (MUD) technique, denoted interference subspace rejection (ISR), because it offers a wide range of canonic suppression modes that range in performance and complexity between interference cancellers and linear receivers. To further broaden our study, we propose a modified ISR scheme called hybrid ISR to cope better with multi‐rate transmissions. The performance analysis, which is based on the Gaussian assumption (GA) and validated by simulations, takes into account data estimation errors, carrier frequency mismatch, imperfect power control, identification errors of time‐varying multipath Rayleigh channels and intercell interference. This analysis enables us to optimize the selection of the MUD mode for multi‐rate transmissions in different operating conditions. The effectiveness of interference cancellation is indeed investigated under different mobile speeds, numbers of receiving antennas, near‐far situations, channel estimation errors, and out‐cell to in‐cell interference ratios. This investigation suggests that the out‐of‐cell interference, the residual in‐cell interference, the noise enhancement as well as low mobility favor the simplest MUD modes as they offer the best performance/complexity tradeoffs. Copyright © 2008 John Wiley & Sons, Ltd.     

Performance analysis of an opportunistic multi‐user cognitive network with multiple primary users

Consider a multi‐user underlay cognitive network where multiple cognitive users concurrently share the spectrum with a primary network with multiple users. The channel between the secondary network is assumed to have independent but not identical Nakagami‐m fading. The interference channel between the secondary users (SUs) and the primary users is assumed to have Rayleigh fading. A power allocation based on the instantaneous channel state information is derived when a peak interference power constraint is imposed on the secondary network in addition to the limited peak transmit power of each SU. The uplink scenario is considered where a single SU is selected for transmission. This opportunistic selection depends on the transmission channel power gain and the interference channel power gain as well as the power allocation policy adopted at the users. Exact closed form expressions for the moment‐generating function, outage performance, symbol error rate performance, and the ergodic capacity are derived. Numerical results corroborate the derived analytical results. The performance is also studied in the asymptotic regimes, and the generalized diversity gain of this scheduling scheme is derived. It is shown that when the interference channel is deeply faded and the peak transmit power constraint is relaxed, the scheduling scheme achieves full diversity and that increasing the number of primary users does not impact the diversity order. Copyright © 2014 John Wiley & Sons, Ltd.     

Remote access virtual private network architecture for high‐speed wireless internet users

The new emerging broadband wireless network (BWN) technologies with high‐speed wireless internet access promotes corporations to provide their roaming employees with high‐speed wireless access to the computing resources on their corporate networks. Thus, a value added service to broadband wireless network is the remote access virtual private network (VPN), where the corporate legitimate users can connect to their offices wirelessly from different locations and get secure services as if they were connected to the corporate local area network (LAN). One of the most important challenges is to block out illegitimate user requests, which are wirelessly received, to protect corporate privacy. Registration (adding new users) and authentication (accepting current users) functions should be implemented with highly secured wireless connection. These functions are accomplished by encapsulating (i.e. tunneling) the user information in a secured form to the corporate authentication server through the internet traffic. The corporate authentication server then grants or denies the user access. In this paper, we propose a new operational design algorithm for remote access wireless VPN authentication and registration protocols that depends on modifying tunnel establishment as compared to existing dial‐in VPN mechanisms. The modifications proposed in this paper are made to support successful deployment of the remote access VPN services over high‐speed wireless network. The paper presents an overview of two tunneling approaches using Layer 3 and Layer 2 separately for implementing these functions. Then we propose how we establish the tunnel in both approaches, and compare it to similar operation steps previously reported for the dial‐in VPN protocols. The proposed algorithms are distinguished from previously developed dial‐in VPN protocols by using L2TP and IPSEC instead of mobile IP. It is also shown that the steps involved in the establishment of the tunnel are functionally different and more appropriate to our applications using communication environment of the BWN. Finally, a qualitative analysis of the added functions, and a comparison between L2TP‐based and IPSec‐based approaches are established. Copyright © 2004 John Wiley & Sons, Ltd.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

An anonymous and robust multi‐server authentication protocol using multiple registration servers

The concept of multi‐server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi‐server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi‐server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi‐server environments compared to other protocols with similar nature.     

The capacity of multi‐channel multi‐interface wireless networks with multi‐packet reception and directional antenna

The capacity of wireless networks can be improved by the use of multi‐channel multi‐interface (MCMI), multi‐packet reception (MPR), and directional antenna (DA). MCMI can provide the concurrent transmission in different channels for each node with multiple interfaces; MPR offers an increased number of concurrent transmissions on the same channel; DA can be more effective than omni‐DA by reducing interference and increasing spatial reuse. This paper explores the capacity of wireless networks that integrate MCMI, MPR, and DA technologies. Unlike some previous research, which only employed one or two of the aforementioned technologies to improve the capacity of networks, this research captures the capacity bound of the networks with all the aforementioned technologies in arbitrary and random wireless networks. The research shows that such three‐technology networks can achieve at most capacity gain in arbitrary networks and capacity gain in random networks compared with MCMI wireless networks without DA and MPR. The paper also explored and analyzed the impact on the network capacity gain with different , θ, and k‐MPR ability. Copyright © 2012 John Wiley & Sons, Ltd.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Secure user authentication scheme with novel server mutual verification for multiserver environments

The fast growth of mobile services and devices has made the conventional single‐server architecture ineffective from the point of its functional requirements. To extend the scalability and availability of mobile services to various applications, it is required to deploy multiserver architecture. In 2016, Moon et al insisted that Lu et al's scheme is weak to insiders and impersonation attack, then they proposed a biometric‐based scheme for authentication and key agreement of users in multiserver environments. Unfortunately, we analyze Moon et al's scheme and demonstrate that their scheme does not withstand various attacks from a malicious registered server. We propose a user authentication scheme with server mutual verification to overcome these security drawbacks. The proposed scheme withstands an attack from malicious insiders in multiserver environments. We use a threshold cryptography to strengthen the process of server authorization and to provide better security functionalities. We then prove the authentication and session key of the proposed scheme using Burrows‐Abadi‐Needham (BAN) logic and show that our proposed scheme is secure against various attacks.     

A network processor‐based architecture for multi‐gigabit traffic analysis

The wide availability of cheap and effective commodity PC hardware has driven the development of versatile traffic monitoring software such as protocol analyzers, traffic characterizers and intrusion detection systems. Most of them are designed to run on general purpose architectures and are based on the well‐known libpcap API, which has rapidly become a de facto standard. Although many improvements have been applied to packet capturing software, it still suffers from several performance flaws, mainly due to the underlying hardware bottlenecks. To overcome these issues, this paper proposes a system architecture, which combines the high performance of a Network Processor card with the flexibility of software‐based solutions. It allows for removing most part of the hardware limitations exhibited by a purely PC‐based architecture, while preserving the full compliance to any software applications based on libpcap. In addition, the proposed system enables the use of monitoring applications at the wire speed, with the possibility of on‐the‐fly data processing. The system performance has been thoroughly assessed: the results show that it clearly outperforms the previous PC‐based solutions in terms of packet capturing power, while the timestamping accuracy is as good as that achieved by DAG cards. Copyright © 2009 John Wiley & Sons, Ltd.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.     

A novel convolutional neural network architecture of multispectral remote sensing images for automatic material classification

For real-world simulation, terrain models must combine various types of information on material and texture in terrain reconstruction for the three-dimensional numerical simulation of terrain. However, the construction of such models using the conventional method often involves high costs in both manpower and time. Therefore, this study used a convolutional neural network (CNN) architecture to classify material in multispectral remote sensing images to simplify the construction of future models. Visible light (i.e., RGB), near infrared (NIR), normalized difference vegetation index (NDVI), and digital surface model (DSM) images were examined.This paper proposes the use of the robust U-Net (RUNet) model, which integrates multiple CNN architectures, for material classification. This model, which is based on an improved U-Net architecture combined with the shortcut connections in the ResNet model, preserves the features of shallow network extraction. The architecture is divided into an encoding layer and a decoding layer. The encoding layer comprises 10 convolutional layers and 4 pooling layers. The decoding layer contains four upsampling layers, eight convolutional layers, and one classification convolutional layer. The material classification process in this study involved the training and testing of the RUNet model. Because of the large size of remote sensing images, the training process randomly cuts subimages of the same size from the training set and then inputs them into the RUNet model for training. To consider the spatial information of the material, the test process cuts multiple test subimages from the test set through mirror padding and overlapping cropping; RUNet then classifies the subimages. Finally, it merges the subimage classification results back into the original test image.The aerial image labeling dataset of the National Institute for Research in Digital Science and Technology (Inria, abbreviated from the French Institut national de recherche en sciences et technologies du numérique) was used as well as its configured dataset (called Inria-2) and a dataset from the International Society for Photogrammetry and Remote Sensing (ISPRS). Material classification was performed with RUNet. Moreover, the effects of the mirror padding and overlapping cropping were analyzed, as were the impacts of subimage size on classification performance. The Inria dataset achieved the optimal results; after the morphological optimization of RUNet, the overall intersection over union (IoU) and classification accuracy reached 70.82% and 95.66%, respectively. Regarding the Inria-2 dataset, the IoU and accuracy were 75.5% and 95.71%, respectively, after classification refinement. Although the overall IoU and accuracy were 0.46% and 0.04% lower than those of the improved fully convolutional network, the training time of the RUNet model was approximately 10.6 h shorter. In the ISPRS dataset experiment, the overall accuracy of the combined multispectral, NDVI, and DSM images reached 89.71%, surpassing that of the RGB images. NIR and DSM provide more information on material features, reducing the likelihood of misclassification caused by similar features (e.g., in color, shape, or texture) in RGB images. Overall, RUNet outperformed the other models in the material classification of remote sensing images. The present findings indicate that it has potential for application in land use monitoring and disaster assessment as well as in model construction for simulation systems.     

Sequential detection CDMA multi‐user receiver

This paper proposes a sequential detection technique for a multi‐user receiver that is constructed over a CDMA system. In this system, the transmitter transmits a symbol made by spreading the spectrum with an enveloped sequence protected by guard sequences, and a receiver de‐modulates the core‐sequence part of the received symbol with either a de‐correlating detector or an MMSE detector. The advantage is that performance is improved without reducing the number of the active users. This sequential detection system estimates the best user signal from all of the soft outputs, which are obtained by solving a de‐correlating system of equations. Once detected, the best user component is removed from the received symbol. The resultant symbol composed of the remaining user signals is then sequentially detected by repeating the method stated above. A computer simulation of this system reveals a remarkable improvement in the bit‐error rate performance compared to conventional systems. Copyright © 2005 John Wiley & Sons, Ltd.     

Performance analysis of multi‐stage interference cancellation for ultra‐wide band multiple‐access communication systems

In this contribution, a novel particle swarm optimization (PSO)‐based multi‐user detector (MUD) aided time‐hopping ultra‐wide band (TH‐UWB) system has been investigated in the multi‐path channel model. In this approach, the PSO‐based MUD employs the output of the Rake receiver as its initial value to search for the best solution which results in a formulated optimization mechanism. By taking advantage of the heuristic values and the collective intelligence of PSO technique, the proposed detector offers almost the same bit error rate (BER) performance as the full‐search‐based optimum MUD does, while greatly reducing the potentially computational complexity. Simulation results have been provided to examine the evolutionary behavior and the detection performance of the proposed PSO‐based MUD in both the additive white Gaussian noise and the multi‐path fading channel. Copyright © 2011 John Wiley & Sons, Ltd.     

Performance analysis of data scheduling algorithms for multi‐item requests in multi‐channel broadcast environments

Nowadays querying multiple‐dependent data items in a request is common in many advanced mobile applications, such as traffic information enquiry services. In addition, multi‐channel architectures are widely deployed in many data dissemination systems. In this paper, we extend a number of data productivity‐based scheduling algorithms and evaluate their performance in scheduling multi‐item requests in multi‐channel broadcast environments. We observe from the experimental results two performance problems that render these algorithms ineffective. Lastly, we discuss possible causes of these problems to give insights in the design of a better solution. Copyright © 2009 John Wiley & Sons, Ltd.     

Household energy use patterns and social organisation for optimal energy management in a multi‐user solar energy system

Multi‐user systems (MUS) for electrification of rural villages have specific advantages compared with individual systems (SHS). However, as MUS serve multiple consumers, shared energy use presents a challenging problem to the communities. Despite the increased performance of MUS over SHS, they still produce a limited amount of available energy, and users cannot consume as much electricity as they wish without considering the needs of the other users. This means that energy distribution among village residents has to be organised and energy consumption has to be controlled. There are different ways to achieve energy distribution. One possibility is to leave it to the users themselves to organise rational energy use according to their needs and daily routines. For the development of a self‐managed scheme, knowledge is required not only of the users' total energy consumption, but also of their individual energy use patterns. With knowledge of the community's energy consumption habits, rules for adequate energy use can be developed more accurately. The present study describes community energy management in a Cuban village using a central photovoltaic installation. Applying different methods, data were collected in order to identify individual energy use patterns and to investigate how villagers distribute energy and what rules of use are in effect. We wanted to find out whether their energy management leads to well‐adapted energy use patterns and reasonable system performance. The results show that the village residents have developed rules and agreements for coordination of their energy use that have led to good adaptation to the dynamics of energy production. Copyright © 2006 John Wiley & Sons, Ltd.     

基于NTP协议的网络时间服务系统的实现

本文介绍了网络时间协议的基本工作原理,简要分析了在网络路径对称和不对称两种情况下的网络时延问题.论述了网络时间服务器的构建方法和网络授时软件的设计流程.应用数据统计,对网络时延和时差作了详细分析,给出了在软件设计中处理与网络时延和时差相关问题的方法.最后阐明了建立网络时间服务体系的必要性.