An improved dynamic ID-based remote user authentication with key agreement scheme

In 2009, Wang et al. presented a dynamic ID-based remote user authentication scheme and claimed that their scheme was more efficient and secure. In this paper, we point out that their scheme is not secure against impersonation attacks launched by any adversary at anytime and could leak some key information to legal users, who can launch an off-line guessing attack. If the adversary could get the secret information stored in the smart cards someway, their scheme will be completely broken down. In addition, their scheme does not provide anonymity for the users, and lacks the functionalities of revocation, key exchange and secret renew for users and servers. Furthermore, we propose a more secure and robust scheme, which does not only cover all the above security flaws and weaknesses, but also provides more functionalities.     

Provably secure authenticated key agreement scheme for distributed mobile cloud computing services

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.     

A secure dynamic ID based remote user authentication scheme for multi-server environment

Since the number of server providing the facilities for the user is usually more than one, the authentication protocols for multi-server environment are required for practical applications. Most of password authentication schemes for multi-server environment are based on static ID, so the adversary can use this information to trace and identify the user's requests. It is unfavorable to be applied to special applications, such as e-commerce. In this paper, we develop a secure dynamic ID based remote user authentication scheme to achieve user's anonymity. The proposed scheme only uses hashing functions to implement a robust authentication scheme for the multi-server environment. It provides a secure method to update password without the help of third trusted party. The proposed scheme does not only satisfy all requirements for multi-server environment but also achieve efficient computation. Besides, our scheme provides complete functionality to suit with the real applications.     

A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.     

A lightweight authentication and key agreement protocol preserving user anonymity

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

     

Simple password-based three-party authenticated key exchange without server public keys

Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security.     

Efective Error-Tolerant Keyword Search for Secure Cloud Computing简

The existing solutions to keyword search in the cloud can be divided into two categories： searching on exact keywords and searching on error-tolerant keywords. An error-tolerant keyword search scheme permits to make searches on encrypted data with only an approximation of some keyword. The scheme is suitable to the case where users＇ searching input might not exactly match those pre-set keywords. In this paper, we first present a general framework for searching on error-tolerant keywords. Then we propose a concrete scheme, based on a fuzzy extractor, which is proved secure against an adaptive adversary under well-defined security definition. The scheme is suitable for all similarity metrics including Hamming distance, edit distance, and set difference. It does not require the user to construct or store anything in advance, other than the key used to calculate the trapdoor of keywords and the key to encrypt data documents. Thus, our scheme tremendously eases the users＇ burden. What is more, our scheme is able to transform the servers＇ searching for error-tolerant keywords on ciphertexts to the searching for exact keywords on plaintexts. The server can use any existing approaches of exact keywords search to search plaintexts on an index table.     

Secure key management scheme for dynamic hierarchical access control based on ECC

An access control mechanism in a user hierarchy is used to provide the management of sensitive information for authorized users. The users and their own information can be organized into a number of disjoint sets of security classes according to their responsibilities. Each security class in a user hierarchy is assigned an encryption key and can derive the encryption keys of all lower security classes according to predefined partially ordered relation. In 2006, Jeng and Wang proposed an efficient key management scheme based on elliptic curve cryptosystems. This paper, however, pointed out that Jeng-Wang scheme is vulnerable to the so-called compromising attack that the secret keys of some security classes can be compromised by any adversary if some public information modified. We further proposed a secure key management scheme based on elliptic curve cryptosystems to eliminate the pointed out the security leak and provide better security requirements. As compared with Jeng and Wang's scheme (Jeng and Wang, 2006), the proposed scheme has the following properties. (i) It is simple to execute the key generation and key derivation phases. (ii) It is easily to address dynamic access control when a security class is added into or deleted from the hierarchy. (iii) It is secure against some potential attacks. (iv) The required storage of the public/secret parameters is constant.     

粒子群属性聚类的位置隐私保护

针对基于位置服务中连续查询情况下，用户自身属性信息很容易被攻击者获取，并通过关联获得用户位置隐私的情况，提出了一种利用粒子群聚类加速相似属性用户寻找，并由相似属性匿名实现用户位置泛化的隐私保护方法。该方法利用位置隐私保护中常用的可信中心服务器，通过对发送到中心服务器中的查询信息进行粒子群属性聚类，在聚类的过程中加速相似属性用户的寻找过程，由相似属性用户完成位置泛化，以此实现位置隐私保护。实验结果证明，这种基于粒子群属性聚类的隐私保护方法具有高于同类算法的隐私保护能力，以及更快的计算处理速度。     

无安全信道的注册用户公钥可搜索加密方案

现有的无安全信道公钥可搜索加密（SCF-PEKS）方案架构中,在服务器关键词公钥加密时依赖于用户公钥,此缺陷会将服务器的数据搜索服务仅限于某一用户。因为没有该公钥对应私钥的用户无法对数据进行搜索,这使得可搜索加密的使用受到极大限制。基于合数阶双线性群,提出一个可以允许用户注册使用的高效的SCF-PEKS方案。该方案允许多个用户在无安全信道情况下对数据进行搜索,需要数据搜索服务的用户通过注册方式来完成服务,服务器的关键词公钥加密不再依赖于用户的公钥。在标准模型下基于判定性子群的假设验证了方案可以抵抗选择关键词攻击(IND-SCF-CKA),与现有的SCF-PEKS方案相比,具有更高的计算效率。     

Security analysis and enhancements of an improved authentication for session initiation protocol with provable security

Very recently, Tu et al. proposed an authentication scheme for session initiation protocol using smart card to overcome the security flaws of Zhang et al.’s protocol. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Tu et al.’s protocol is insecure against impersonation attack. We show that an adversary can easily masquerade as a legal server to fool users. As a remedy, we also improve Tu et al.’s protocol without imposing extra computation cost. To show the security of our protocol, we prove its security in the random oracle model.     

An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among n authentication servers and is secure unless the adversary corrupts more than t+1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.     

智能卡和口令结合的动态认证方案

远程认证协议能有效的保证远程用户和服务器在公共网络上的通信安全。提出一种匿名的安全身份认证方案,通过登录 的动态变化,提供用户登录的匿名性,通过用户和服务器相互验证建立共享的会话密钥,抵抗重放攻击和中间人攻击,实现用户安全和隐私,通过BAN逻辑分析证明改进方案的有效性,通过安全性证明和性能分析说明了新协议比同类型的方案具有更高的安全性、高效性。     

运用DH-EKE增强WTLS握手协议的安全性

WTLS握手协议不满足前向安全性,非匿名验证模式下不满足用户匿名性,完全匿名模式下易遭受中间人攻击.DH-EKE协议具有认证的密钥协商功能,将改进的DH-EKE集成到WTLS握手协议中,只需使用可记忆的用户口令,不需使用鉴权证书及数字签名.该方案适用于完全匿名的验证模式,可抵御中间人攻击和字典式攻击,且在服务器中不直接存储口令,攻击者即使攻破服务器获得口令文件也无法冒充用户,能够在WTLS握手协议中实现简单身份认证和安全密钥交换.     

Secure multi-party computation protocol for sequencing problem

In the field of multi-party computation,an important problem is how to construct an efficient and secure multi-party computation protocol for certain specific problems.In the present study,we make use of a secret sharing scheme to construct an efficient and secure multi-party computation protocol for sequencing problems.Our protocols are perfectly secure against both a passive adversary that can corrupt at most t (n-1)/2 participants, and an active adversary that can corrupt at most t < n/3 participants.The...     

Unconditional secure conference key distribution schemes with disenrollment capability

A conference key distribution scheme with disenrollment capability is a method to distribute pieces of information among a set of users in such a way that each group of them can compute a common key to be used for secure communication. In such a scheme any user can be disenrolled. After each disenrollment, although the disenrolled user reveals his private information, the security of the scheme remains unchanged. The scheme is unconditional secure if any adversary coalition has no information on the common key even though it has access to an infinite computational power.

In this paper we model the problem of unconditionally secure conference key distribution schemes with disenrollment capability using an information theoretical framework. We prove tight lower bounds on the size of information each user in the scheme has to keep secret.     

Study on two privacy-oriented protocols for information communication systems

In these days, the privacy of a user in information communication system is more important than ever before. Especially, the property is important for mobile communication systems due to the mobility of underlying mobile devices. Until now, many cryptographic tools have been proposed for achieving users’ privacy. In this paper, we review two privacy-oriented cryptographic protocols, and show their security holes. We also provide some countermeasure to fix the weaknesses. First, we discuss the security of the user identification scheme proposed by Hsu and Chuang which permits a user to anonymously log into a system and establish a secret key shared with the system. We show that the Hsu-Chuang scheme is not secure against known session key attacks, and then we provide a countermeasure which can be used for enhancing the security the Hsu-Chuang scheme. Secondly, we review a deniable authentication proposed by Harn and Ren which protects the privacy of a message sender. Then we show that the protocol has a potential incompleteness and two weaknesses.     

Public-key encryption with bidirectional keyword search and its application to encrypted emails

A traditional Public-key Encryption scheme with Keyword Search (PEKS) allows multiple senders to encrypt keywords under the public key of a receiver such that the receiver can search on these encrypted keywords using his/her searching secret key. In encrypted email systems, an email user not only needs to search on encrypted emails received from other users, but also needs to search on encrypted emails sent to other users. Motivated by this, the paper proposes a cryptographic method to allow these two types of user (i.e., senders and receivers) to search on encrypted keywords, which is called Public-key Encryption with Bidirectional Keyword Search (PEBKS). We give formal definitions of a PEBKS scheme and its indistinguishable security model to capture the scenario that no adversary can efficiently distinguish two ciphertexts of keywords from each other, even if the adversary can adaptively obtain search trapdoors of many keywords. Specifically, we propose a concrete PEBKS scheme, whose security relies on a standard hard problem, i.e., bilinear Diffie–Hellman problem, in the random oracle model. Finally, we simulate the proposed PEBKS scheme to assess its practicability and convinces that its feasibility to be applied to encrypted email systems.     

面向可变用户群体的可搜索属性基加密方案

为解决属性基加密方案中用户撤销繁琐、密文更新计算开销大的问题,提出一种面向可变用户群体的可搜索属性基加密方案.利用二叉树管理撤销列表,当需要撤销用户时,可信中心只要将其加入撤销列表,并通知云服务器更新部分密文,提高了用户撤销的效率.考虑到利用二叉树实现用户撤销会导致系统中用户数量存在上限,当某个二叉树叶结点所代表的用户被撤销后,只要更新二叉树中设置的随机值,其他用户就可以重复使用该结点.基于配对计算为用户提供密文搜索功能,并保证被撤销的用户无法搜索密文.安全性分析表明,该方案在随机谕言模型下满足选择明文不可区分安全性.性能分析和实验数据表明,该方案相比于同类方案,计算开销更小.