一种基于主从链的跨域身份认证算法

为了抵御身份伪造攻击和解决认证效率低的问题,提出了一种基于主从链的跨域身份认证算法（Cross-domain identity Authentication algorithm based on the Master-Slave chain,CAMS）。该算法基于区块链技术利用主从链方式实现了车辆数据的跨域存储和共享,从而提高了跨域身份认证效率。此外,CAMS算法在跨域认证过程中引入了假名的生成和验证参数。在验证消息之前,进一步验证车辆身份,确保认证身份的匿名性,抵御身份伪造攻击。仿真结果表明,CAMS在计算开销和认证效率方面具有较好的性能。     

基于匿名认证的车联网安全技术研究

车联网相关应用需要基于实时、准确的交通信息。RSU会实时进行广播,同时车辆间要进行实时通信,包括车辆的身份信息、驾驶状态及位置信息等。攻击者可以利用车联网的开放性获取实时发送的空口数据,通过破解空口数据获得车辆的身份信息和位置信息,进而可以通过伪装、篡改或者植入恶意程序的方式对车辆进行攻击。因此,车联网通信过程中的信息安全问题必须得到有效的保护。基于区块链的匿名认证,车辆在V2V及V2I通信过程中将公钥作为假名进行认证,既保证了消息来源的真实性和消息的完整性,也避免了车辆身份信息的泄露。     

VANETs中一种隐私保护的高效批认证协议

车载自组网(Vehicular Ad Hoc Networks, VANETs)是一种自组织、自管理、快速移动的户外通信网络系统。车辆加入VANETs可以获取道路的交通状况信息,但是其与路侧单元进行通信时消息容易被窃取。为此,文章提出了一种基于假名和数字签名的批认证协议,实现了车辆身份的匿名和隐私保护。同时,该协议支持路侧单元(Road Side Unit, RSU)对多辆车辆的批量认证,极大地降低了身份验证的计算开销。     

基于身份认证的无线安全密钥交换

认证密钥协商使得通信双方在共享一个安全会话密钥的同时实现相互认证。针对无线网络,基于口令认证的密钥协商算法也许能降低系统资源开销,但通常不能有效抵抗字典攻击。针对无线设备的资源有限性,文中提出一种可证安全的、基于身份的、认证的密钥协商方案,所提出方案需要计算量少,能够抵抗冒充攻击并且满足密钥协商协议所要求的其它安全属性。     

蜂窝车联网中基于服务异构性的V2V通信资源分配算法研究

在支持车与车直接通信(V2V)的蜂窝网络场景下,针对密集环境下复用车与设备(V2I)上行链路的资源分配问题,在V2V的干扰下,利用移动链路的信道状态信息(CSI)的慢衰落统计,联合通信可靠性、功率控制,建立最大化V2I信道容量的优化模型以满足车辆网络服务的异构性的需求。基于此,该文提出一种基于超图理论和遗传算法的资源分配算法。仿真结果表明,该算法在保证V2V通信可靠性的前提下,提高了V2I的信道容量。     

基于信息覆盖的无线传感器网络访问控制机制

通过周期性地信息扩散,设计THC(two-hop cover)算法,使传感器节点能够在用户移动过程中及时得到用户的认证信息.基于THC算法,引入Merkle散列树和单向链等安全机制,采用分布式的访问控制模式,提出了适用于随机移动用户的传感器网络访问控制机制.分析和实验表明,本机制既适用移动用户,也适用静止用户,计算、通信、存储开销低,能够抵制节点捕获、重放、DoS等攻击.     

车联网中基于证书的车辆身份认证方案

基于隐私保护的车联网身份认证系统面临各种攻击的威胁,其中最普遍的一种攻击就是Sybil攻击。现有的Sybil攻击检测方案中,大都需要路边基础设施的协助来检测Sybil攻击,车辆无法独立检测Sybil攻击。同时,使用撤销列表来防止恶意车辆再次攻击,给基于群签名的方案带来了较大的额外计算开销。为了解决以上问题,本文提出一种基于证书的身份认证方案,车辆从区域服务器完成注册后获取证书,实现车辆身份匿名认证,并能够独立检测Sybil攻击。恶意车辆身份撤销由区域服务器完成,避免使用撤销列表,使得车辆省去查找撤销列表的开销。     

LiteST：一种无线传感器网络轻量级安全时间同步协议

提出了一个简单的时间同步广播报文完整性认证方法.在此基础上,结合单向链(而非复杂得多的μTESLA)提供的发送节点身份认证功能和冗余机制提供的防止内部节点攻击功能,设计了一个轻量级的安全时间同步协议LiteST(lightweight secure time).理论分析和仿真实验结果表明,LiteST能够防御外部攻击并能容忍内部攻击节点发送错误信息,达到了目前虽好的安全时间同步协议TinySeRSync类似的安全性.32个Mica2节点组成的原型系统实验结果表明LiteST协议取得了与没有安全机制的FrSP协议几乎相同的时间同步精度.LiteST协议与安全相关的计算开销大约只有TinySeRSync的五分之一:通信开销为其1/(2m+2),其中m为网络节点的平均邻居数;其存储开销在实际的场景下也显著降低.     

车载自组织网络应用服务原型系统的设计

车载自组织网络中主要采用下列两种方式进行通信:(1)车辆与车辆间(Vehicular toVehicular)之间的通信,简称V2V;(2)车辆与基础设施间(Vehicular toinfrastructure)之间的通信,简称V2I。该文研究基于3G和WLAN两种通信方式实现V2V和V2I的车载应用服务原型系统,其主要研究内容包括:(1)提出了系统通信技术方案,为车载自组织网络应用服务系统提供技术支撑;(2)提出了基于现状的车载网系统架构设计并给出应用服务原型系统。该文对车载应用服务系统的实用化进行了一定的探索。     

车联网中的协同通信平均传输时间计算

车联网(Internet of Vehicles,Io V)是智能交通和通信领域的热点课题,协同通信算法的研究是Io V通信的重要技术之一。针对Io V环境下因通信拓扑结构快速变化导致数据信号利用单一通信方式难以高效传输的问题,提出Io V环境下协同通信算法,利用车对车(Vehicle-to-Vehicle,V2V)和车对路(Vehicle-to-Infrastructure,V2I)协同通信方法,对目标数据从请求到完成的平均传输时间进行了理论分析和推导。仿真结果表明,该算法的传输效率比基于移动边缘计算(Mobile Edge Computing,MEC)车联网协作传输算法提升40%,比基于分簇V2X车载广播传输算法提升25%;该算法的平均传输时间随着路侧单元(Road Side Unit,RSU)缓存概率从0.5增加至1可提高9%,随着车辆缓存概率从0.5增加至1可提高46%。     

一种新型的LTE-A网络切换认证协议

针对典型蜂窝网络LTE-A网络的切换认证问题,本文通过引入SDN（Software Defined Network,软件定义网络）,提出了软件定义LTE-A异构网络架构,在中心控制器中共享UE（User Equipment,用户设备）的安全上下文信息,以实现简化切换认证过程,提高认证效率的目标.中心控制器的加入,使蜂窝与核心网通信时需要增加一次信令开销,而LTE-A网络的标准切换认证方法过于复杂,应用在软件定义LTE-A异构网络中,会产生较多的信令开销.基于代理签名的切换认证方法,使UE在验证身份时不用经过核心网,减少了信令开销.在安全性相同的情况下,基于椭圆曲线的加密体系比基于RSA的加密体系计算量更小,有利于减少中心控制器的计算压力.本文采用椭圆曲线代理签名方法,提出了一种新型的切换认证协议,并运用着色Petri网进行建模和仿真分析.仿真结果表明,该协议是有效的,且安全性更高.     

Secure and efficient token based roaming authentication scheme for space-earth integration network

Aiming at the problem of prolongation and instability of satellite and terrestrial physical communication links in the space-earth integration network,a two-way token based roaming authentication scheme was proposed.The scheme used the characteristics of the computing capability of the satellite nodes in the network to advance the user authentication process from the network control center (NCC) to the access satellite.The satellite directly verified the token issued by the NCC to verify the user's identity.At the same time,the token mechanism based on the one-way accumulator achieved the user's dynamic join,lightweight user self-service customization and billing,and the introduction of Bloom Filter enabled effective user revocation and malicious access management.Compared with the existing scheme,the scheme can guarantee the security of roaming authentication and significantly reduce the calculation and communication overhead of the authentication and key negotiation process.     

HIMALIS-VI: Fast and Secure Mobility Management Scheme Based on HIMALIS for V2I Services in Future Networks

To overcome the inherent limitations of the current Internet architecture, such as lack of mobility support and security mechanism, research has begun on future Internet based on ID/locator split architecture. For the realization of future networks, it is necessary to consider the characteristics of their services and applications, as well as research on their basic architectures. The representative services include Cooperative Intelligent Transportation System (C-ITS) applications based on vehicle-to-vehicle/vehicle-to-infrastructure (V2V/V2I) communication which can prevent vehicular accidents, increase the efficiency of transportation systems, and reduce environmental pollution, all while improving passenger convenience. Since C-ITS services using V2I communication are tightly connected to both passenger and pedestrian safety, they require not only continuous network access but also secure communication regardless of the vehicle mobility. To provide continuous network access and secure communication to moving vehicles in future networks based on an ID/locator split approach, authentication and location updates of moving vehicles should be frequently performed, which results in significant signaling overhead. Therefore, to integrate V2I communication with an ID/locator split approach based on the (R1) HIMALIS architecture, in this paper we propose a novel mobility management scheme, called HIMALIS-VI, which can contribute to a delay reduction for the authentication and mitigating handover procedures at both the mobile hosts and network entities in an edge network.     

CAKA: a novel certificateless-based cross-domain authenticated key agreement protocol for wireless mesh networks

Due to the flexibility of wireless mesh networks (WMNs) to form the backhaul subnetworks, future generation networks may have to integrate various kinds of WMNs under possibly various administrative domains. Aiming at establishing secure access and communications among the communication entities in a multi-domain WMN environment, in this paper, we intend to address the cross-domain authentication and key agreement problem. We present a light-weight cross-domain authentication and key agreement protocol, namely CAKA, under certificateless-based public key cryptosystem. CAKA has a few attractive features. First, mutual authentication and key agreement between any pair of users from different WMN domains can be easily achieved with two-round interactions. Second, no central domain authentication server is required and fast authentication for various roaming scenarios is supported by using a repeated cross-domain algorithm. Third, no revocation and renewal of certificates and key escrow are needed. Finally, it provides relatively more security features without increasing too much overhead of computation and storage. Our analysis shows that the proposed CAKA protocol is highly efficient in terms of communication overhead and resilient to various kinds of attacks.     

LoWaNA: low overhead watermark based node authentication in WSN

Nodes in a wireless sensor network (WSN) are generally deployed in unattended environments making them susceptible to attacks. Therefore, the need of defending such attacks is of utmost importance. The challenge in providing security in this network is that the securing mechanism must be lightweight to make it implementable for such resource-constrained nodes. A robust security solution for such networks must facilitate authentication of sensor nodes. So far, only data authentication has drawn much attention from the research community. In this paper, a digital watermark based low-overhead solution (LoWaNA) is proposed for node authentication. The proposed watermarking technique consists of three modules viz. watermark generation, embedding and detection. The robustness of the algorithm is measured in terms of cracking probability and cracking time. This robustness analysis helps us to set the design guideline regarding size of watermark. Performance of the scheme is analyzed in terms of storage, computation and communication overhead. The analytical results are compared with two of the existing schemes and that show significant reduction of all such overheads. Thus it proves the suitability of the proposed scheme for resource-constrained networks like WSN. Finally the entire scheme is simulated in Cooja, the Contiki network simulator to make it readily implementable in real life mote e.g. MICAz.

     

Energy Efficient Multi-hop Cooperative Transmission Protocol for Large Scale Mobile Ad hoc Networks

A great advancement has been made in intelligent transportation system and communication technologies in order to exchange secure information between automobiles, facilities provider have led an frame over road network. The intelligent transportation system provides an efficient traffic system for drivers, so that there must be less risk to users. In order to design a secure communication protocol among V & V and V & I is a challenging problem. In order to reduce the chance of attacks and increase privacy level, crypto graphic tools provides the feasible solution. In this paper, we proposed pseudonym changing strategy with mix zones (1) Anonymous authentication: the message should be authenticated by issuer due to mix zone and cryptographic tools secure message without any attack. (2) Privacy: Communication contents are confidential due to encrypted messages during communications also improving the scalability through address configuration scheme to reduce computational cost. (3) Efficiency: low storage requirements, The velocity and distance factors may also consider secure measurement, message delivery, overhead and coverage,packet delivery rate, reduce latency and overhead not only by computation cost and time but also compared our scheme, fast delivery rate, low latency and maximum coverage in order to enhance privacy against malicious attacks.

     

Efficient and privacy-preserving online face authentication scheme

In traditional face authentication system,the trait template and authentication request were generally matched over plaintext,which may lead to the leakage of users’ sensitive data.In order to address the above-mentioned problem,based on matrix encryption,an efficient and privacy-preserving online face authentication scheme was proposed.Specifically,the users’ face trait template for register and the authentication request were encrypted before being sent to the online authentication server,and the similarity computation between the encrypted face trait template and authentication request was computed by the online authentication server over ciphertexts,which guaranteed the security of users’ sensitive data without affecting the accuracy of face authentication.Security analysis shows that the proposed scheme can achieve multiple security levels according to different security parameters.Moreover,performance evaluation shows that the proposed scheme has low computation cost and communication overhead.Experiments results demonstrate the high efficiency of the proposed scheme,which can be implemented in the real environment effectively.     

Secure deduplication and integrity audit system based on convergent encryption for cloud storage

Cloud storage applications quickly become the best choice of the personal user and enterprise storage with its convenience,scalability and other advantages,secure deduplication and integrity auditing are key issues for cloud storage.At first,convergent key encapsulation/decoupling algorithm based on blind signature was set up,which could securely store key and enable it to deduplicate.Besides,a BLS signature algorithm based on convergence key was provided and use TTP to store public key and proxy audit which enables signature and pubic key deduplication and reduces client storage and computing overhead.Finally,cloud-based secure deduplicaion and integrity audit system was designed and implemented.It offered user with data privacy protection,deduplication authentication,audit authentication services and lowered client and cloud computation overhead.     

Distance and clustering‐based energy‐efficient pseudonyms changing strategy over road network

To improve the fairness, the energy consumption changing pseudonyms needs to be taken into account. Existing works focus on changing velocity‐based pseudonyms changing strategy and short changes interval with limited coverage, but due to similar velocity and short changes, internal attacker guesses easily known communication and location information due to location information of vehicle on tracking, which may expose adversary private information, and frequently, pseudonyms changing occurs due to movement of vehicles' similar velocity and short coverage, which may cause serious attack of vehicle. To overcome this problem, distance and cluster can be performed. In this work, we proposed distance and cluster‐based energy pseudonyms changing method for road network. We proposed distance and energy‐based clustering routing service over road network, the cluster head elected to depend on random number of distance and energy to change pseudonyms of vehicles. An each interval to be establish cluster head vehicle deployed while selects the operation mode and informs the cluster members of the selected mode through beacon signal. The cluster head vehicle node performs the pseudonyms changing based on the predicted distance and energy of the cluster member to use clustering optimization. The data of whole network send to report server through these nodes while near the RSU, and the vehicles in this area will use less energy to change the pseudonyms. The simulation results show that the proposed method enhances pseudonyms changing strategy less consumption and delays sufficient privacy level each vehicle also our method has outperform compare with existing methods than we use Sumo simulation and Matlab tools to verify our proposed method. Our proposed method outperformed in terms of pseudonym changing energy efficiency to careful attention during the cluster formation process, stable and balanced clusters that prolong the network lifetime, increases distances to more CH vehicles connectivity to makes clustering group and changing their pseudonyms in terms of high level privacy and finally, CH nodes use Dijkstra's algorithm use MST among the vehicles nodes depend on existing road networks to follow shortest path selection roads in terms of high connectivity probability of CH and stable structure of the network decreases the topology changes and thus,the clustering overhead is reduced.     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.