An anonymous authentication and secure data transmission scheme for the Internet of Things based on blockchain

With the widespread use of network infrastructures such as 5G and low-power wide-area networks, a large number of the Internet of Things (IoT) device nodes are connected to the network, generating massive amounts of data. Therefore, it is a great challenge to achieve anonymous authentication of IoT nodes and secure data transmission. At present, blockchain technology is widely used in authentication and s data storage due to its decentralization and immutability. Recently, Fan et al. proposed a secure and efficient blockchain-based IoT authentication and data sharing scheme. We studied it as one of the state-of-the-art protocols and found that this scheme does not consider the resistance to ephemeral secret compromise attacks and the anonymity of IoT nodes. To overcome these security flaws, this paper proposes an enhanced authentication and data transmission scheme, which is verified by formal security proofs and informal security analysis. Furthermore, Scyther is applied to prove the security of the proposed scheme. Moreover, it is demonstrated that the proposed scheme achieves better performance in terms of communication and computational cost compared to other related schemes.     

A color image authenticated encryption using conic curve and Mersenne twister

A robust secure image transmission scheme has to achieve all the security services as confidentiality, authentication, integrity and nonrepudiation with a reasonable efficiency. An authenticated image encryption scheme which achieves all these services is proposed in this paper. The scheme uses pseudorandom sequence Public-key cryptosystem design based on factoring and discrete logarithmsenerated by Mersenne’s twister with XOR operation for image encryption and proposes two hard problems based digital signature: conic curve discrete logarithm problem (CCDLP) and Integer Factorization Problem (IFP) which achieves a highly secure system with efficient point operations and inverses. For efficient transmission, the image signature is embedded in the cipher image. Security analysis of the scheme is provided. According to the results, the proposed scheme is efficient and achieves an excellent long term security.

     

SAS-SIP: A secure authentication scheme based on ECC and a fuzzy extractor for session initiation protocol

The session initiation protocol is used for communication purposes in a client-server environment, where for each time session the client and server agree upon a shared secret session key through an authentication system. After establishing the connection between client and server for a session, both the parties use a session key to encrypt/decrypt messages for communicating within that session securely. Therefore, authentication plays a vital role in sharing the secret session key. Recently, Chaudhry et al. proposed an authentication scheme; yet this paper shows that Chaudhry et al.’s scheme has inefficient login and password change phases, respectively, and does not take care of the users’ anonymity. Therefore, this study proposes an enhanced scheme, referred to as the secure authentication scheme for session initiation protocol (SAS-SIP) to eliminate the drawbacks of the scheme proposed by Chaudhry et al. In addition, the proposed SAS-SIP uses fuzzy extractors to incorporate biometric data along with the password to enhance the degree of security in the authentication system. After performing the security analysis through a random oracle model, this paper concludes that SAS-SIP is secure from secret information retrieval of communicators to the attacker. Furthermore, it has a better trade-off among several measurement costs along with security.     

Cryptanalysis and improvement of ‘a secure authentication scheme for telecare medical information system’ with nonce verification

In 2009, Xu et al. presented an improved smartcard based authentication scheme while using a security model previously applied by Bellare et al. to prove the security of their authentication methods. Later on, in 2012, Wu et al. pointed out number of authentication attacks in Xu et al. scheme. To address these issues, Wu et al. presented a Smartcard based Two-Factor Authentication (2FA) scheme for Telecare Medical Information System (TMIS) facility. In this study, we prove that authentication scheme of Wu et al. is still vulnerable to impersonation attack, offline password guessing attack, forgery attack and many other attacks. Moreover, number of performance and verification issues are also outlined in the authentication scheme of Wu et al. To overcome these issues, an improved and enhanced 3FA Smartphone based authentication method is proposed on a Cloud Computing environment. The proposed scheme is further corroborated using Burrows-Abadi-Needham logic (BAN logic) nonce verification. The detailed BAN logic verification and further security analysis shows that the proposed authentication protocol is highly reliable and secure in terms of message verifications, message freshness and trustworthiness of its origin. Moreover, the comparative security, performance and feature analysis shows that the proposed work yields an even more improved and enhanced authentication framework as compared to Wu et al. authentication scheme.     

Sharing secrets in stego images with authentication

Recently, Lin and Tsai and Yang et al. proposed secret image sharing schemes with steganography and authentication, which divide a secret image into the shadows and embed the produced shadows in the cover images to form the stego images so as to be transmitted to authorized recipients securely. In addition, these schemes also involve their authentication mechanisms to verify the integrity of the stego images such that the secret image can be restored correctly. Unfortunately, these schemes still have two shortcomings. One is that the weak authentication cannot well protect the integrity of the stego images, so the secret image cannot be recovered completely. The other shortcoming is that the visual quality of the stego images is not good enough. To overcome such drawbacks, in this paper, we propose a novel secret image sharing scheme combining steganography and authentication based on Chinese remainder theorem (CRT). The proposed scheme not only improves the authentication ability but also enhances the visual quality of the stego images. The experimental results show that the proposed scheme is superior to the previously existing methods.     

面向多网关的无线传感器网络多因素认证协议

无线传感器网络作为物联网的重要组成部分,广泛应用于环境监测、医疗健康、智能家居等领域.身份认证为用户安全地访问传感器节点中的实时数据提供了基本安全保障,是保障无线传感器网络安全的第一道防线;前向安全性属于系统安全的最后一道防线,能够极大程度地降低系统被攻破后的损失,因此一直被学术及工业界视为重要的安全属性.设计面向多网关的可实现前向安全性的无线传感器网络多因素身份认证协议是近年来安全协议领域的研究热点.由于多网关无线传感器网络身份认证协议往往应用于高安全需求场景,一方面需要面临强大的攻击者,另一方面传感器节点的计算和存储资源却十分有限,这给如何设计一个安全的多网关无线传感器网络身份认证协议带来了挑战.近年来,大量的多网关身份认证协议被提出,但大部分都随后被指出存在各种安全问题.2018年,Ali等人提出了一个适用于农业监测的多因素认证协议,该协议通过一个可信的中心(基站)来实现用户与外部的传感器节点的认证;Srinivas等人提出了一个通用的面向多网关的多因素身份认证协议,该协议不需要一个可信的中心,而是通过在网关之间存储共享秘密参数来完成用户与外部传感器节点的认证.这两个协议是多网关无线传感器网络身份认证协议的典型代表,分别代表了两类实现不同网关间认证的方式:1)基于可信基站,2)基于共享秘密参数.分析指出这两个协议对离线字典猜测攻击、内部攻击是脆弱的,且无法实现匿名性和前向安全性.鉴于此,本文提出一个安全增强的可实现前向安全性的面向多网关的无线传感器网络多因素认证协议.该协议采用Srinivas等协议的认证方式,即通过网关之间的共享秘密参数完成用户与外部传感器节点的认证,包含两种典型的认证场景.对新协议进行了BAN逻辑分析及启发式分析,分析结果表明该协议实现了双向认证,且能够安全地协商会话密钥以及抵抗各类已知的攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于资源受限的无线传感器网络环境.     

参与者有特殊权限的秘密共享方案

考虑到某些参与者有特殊权限,基于RSA密码体制和哈希函数的安全性,设计了参与者有特殊权限的秘密共享方案。参与者的秘密份额由自己产生和保管,只需出示伪秘密份额,无需安全信道。在秘密重构时,不仅要求参与者的权值之和达到对应门限值,而且对于具有特殊权限的参与者设定了特别门限,增强了共享秘密的安全性。     

无线传感器网络中具有匿名性的用户认证协议

对He等人提出的无线传感器网络用户认证协议(Ad-Hoc Sensor Wireless Networks, 2010, No.4)进行研究,指出该协议无法实现用户匿名性,不能抵抗用户仿冒攻击和网关节点旁路攻击,并利用高效的对称密码算法和单向hash函数对其进行改进。理论分析结果证明,改进协议可以实现用户匿名性、不可追踪性及实体认证,抵抗离线字典攻击、用户仿冒攻击和网关节点旁路攻击,与同类协议相比,计算效率更高。     

A high quality image sharing with steganography and adaptive authentication scheme

With the rapid growth of numerous multimedia applications and communications through Internet, secret image sharing has been becoming a key technology for digital images in secured storage and confidential transmission. However, the stego-images are obtained by directly replacing the least-significant-bit planes (LSB) of cover-images with secret data and authentication code in most schemes, which will result in the distortion of the stego-images. In this paper, we proposed a novel secret image sharing scheme by applying optimal pixel adjustment process to enhance the image quality under different payload capacity and various authentication bits conditions. The experimental results showed that the proposed scheme has improved the image quality of stego images by 4.71%, 9.29%, and 11.10%, as compared with the schemes recently proposed by Yang et al., Chang et al., and Lin and Tsai. We also provide several experiments to demonstrate the efficacy of authentication capability of the proposed scheme. In other words, our scheme maintains the secret image sharing and authentication ability while enhances the image quality.     

可保证临时秘密泄漏安全的无证书签密方案

为了确保无证书签密方案能实现临时秘密泄漏安全性,提出了一种新的无需对运算的无证书签密方案.新签密方案将用户部分私钥、用户私有秘密和签密临时秘密分别对应到求解3个不同的CDH (computational Diffie-Hellman)问题,并采用散列函数将用户密钥、临时秘密和密文与用户身份绑定.表明了新方案不仅能实现数据的认证性、机密性,还能确保临时秘密泄漏安全性.对比分析结果表明,新方案的安全性更高,计算性能更优.此外,文中还指出文献[3]中签密方案不能抵抗临时秘密泄露攻击.     

An authenticated group key transfer protocol using elliptic curve cryptography

Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions.     

A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.     

An improved dynamic ID-based remote user authentication with key agreement scheme

In 2009, Wang et al. presented a dynamic ID-based remote user authentication scheme and claimed that their scheme was more efficient and secure. In this paper, we point out that their scheme is not secure against impersonation attacks launched by any adversary at anytime and could leak some key information to legal users, who can launch an off-line guessing attack. If the adversary could get the secret information stored in the smart cards someway, their scheme will be completely broken down. In addition, their scheme does not provide anonymity for the users, and lacks the functionalities of revocation, key exchange and secret renew for users and servers. Furthermore, we propose a more secure and robust scheme, which does not only cover all the above security flaws and weaknesses, but also provides more functionalities.     

一种高安全的门限群签密方案

为了满足群组通信的高安全性,将超椭圆曲线密码体制与Schno~数字签名体制相结合,设计了一个高安全的同时具有(t,n)门限签密和(k,l)门限共享验证功能的门限群签密方案.该方案克服了彭等人和Wang等人方案的安全缺陷,利用Desmedt等人的密钥重新分配协议的思想实现了门限签密和门限解签密的密钥先应式秘密共享.与现有的面向群组通信的广义门限签密方案相比,该方案能避免恶意信息的攻击,能抵抗内部欺诈和外部攻击,具有更小的通信代价和更高的安全性,特别适用于解决带宽受限网络的安全问题.     

A secure and efficient mutual authentication scheme for session initiation protocol

The Session Initiation Protocol (SIP) as the core signaling protocol for multimedia services is receiving much attention. Authentication is becoming increasingly crucial issue when a user asks to use SIP services. Many authentication schemes for the SIP have been proposed. Very recently, Zhang et al. has presented an authentication scheme for SIP and claimed their scheme could overcome various attacks while maintaining efficiency. In this research, we illustrate that their scheme is susceptible to the insider attack and does not provide proper mutual authentication. We then propose a modified secure mutual authentication scheme to conquer the security flaws in Zhang et al.’s scheme. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Zhang et al.’s scheme. In addition, the performance analysis shows that our scheme has better efficiency in comparison with other related ECC-based authentication schemes for SIP.     

格上基于智能卡的安全口令认证方案

基于智能卡的认证方案是一种高效且常用的认证机制,但安全性基于数论难题构建的相关认证方案存在不能抵抗量子攻击、恶意读卡器攻击等问题.提出一种新的格上基于智能卡的口令认证方案,该方案利用格密码中近似平滑投射哈希函数和可拆分公钥密码体制,通过用户口令和智能卡完成与服务器的身份认证和会话密钥协商.该方案在随机预言模型下满足理论可证明安全,在抵抗量子攻击、恶意读卡器攻击和其他类型攻击方面有较高的可靠度.仿真实验表明,所提方案执行效率高,满足实际应用需求.     

3个秘密共享方案的弱点分析与改进

通过对秘密共享的研究与分析,发现现有的秘密共享方案几乎都有其弱点,导致这些方案不能在实际中得到应用。分析3个秘密共享方案,指出它们各自存在的安全漏洞,并通过系统初始化、秘密份额生成和验证、秘密承诺生成和恢复等对刘锋等人的方案(计算机应用研究,2008年第(1)期)进行改进。结果表明,改进后的方案克服了原有方案的缺点,是一个安全的可验证的秘密共享方案。     

A comment on “Sharing secrets in stegoimages with authentication”

Recently, Chang et al.'s image secret sharing (ISS) scheme enhanced the weak authentication of two previous ISS schemes—Lin et al.'s scheme and Yang et al.'s scheme. Also, the authors claimed that the visual qualities of stegoimages were superior to the previous two schemes; however, their qualities were not really that improved. Contrarily, the qualities are significantly degraded when compared with those in Yang et al.'s scheme. This miscalculation is owing to a misunderstanding of Yang et al.'s scheme.     

A cheating prevention scheme for binary visual cryptography with homogeneous secret images

In 1995, Naor and Shamir proposed the k-out-of-n visual cryptography scheme such that only more than or equal to k participants can visually recover the secret through superimposing their transparencies. Visual cryptography schemes have been extensively investigated since their invention and extended to numerous applications such as visual authentication and identification, steganography, and image encryption. In 2006, Horng et al. proposed that cheating is possible where some participants can deceive the remaining participants by delivering forged transparencies. Meanwhile, Horng et al. also proposed two cheating prevention schemes. One scheme, however, requires extra verification transparencies and the other needs larger transparencies. In other words, compared to visual cryptography, both schemes burden each participant with an additional problem of transparency management. In this paper, a more secure scheme is given to solve the cheating problem without extra burdens by adopting multiple distinct secret images. Moreover, for sharing these secret images simultaneously, the share construction method of visual cryptography is redesigned and extended by generic algorithms. Finally, the results of the experiment and security analysis show that not only the proposed scheme is more secure in comparison with the two previous cheating prevention schemes in the literature, but extra burdens are also eliminated.     

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.’s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.’s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.’s schemes which is evident from security and performance analysis.