An enhanced authentication with key agreement scheme for satellite communication systems

To ensure secure communication in satellite communication systems, recently, Zhang et al presented an authentication with key agreement scheme and claimed that their scheme satisfies various security requirements. However, this paper demonstrates that Zhang et al's scheme is insecure against the stolen‐verifier attack and the denial of service attack. Furthermore, to authenticate a user, Zhang et al's scheme requires large computational load to exhaustively retrieve the user's identity and password from the account database according to a temporary identity and then update the temporary identity in the database. To overcome the weaknesses existing in Zhang et al's scheme, we proposed an enhanced authentication with key agreement scheme for satellite communication systems. The analyses of our proposed scheme show that the proposed scheme possesses perfect security properties and eliminates the weaknesses of Zhang et al's scheme well. Therefore, from the authors' viewpoints, the proposed scheme is more suitable for the authentication scheme of mobile satellite communication systems.     

Secure anonymous authentication scheme without verification table for mobile satellite communication systems

An authentication scheme is one of the most basic and important security mechanisms for satellite communication systems because it prevents illegal access by an adversary. Lee et al. recently proposed an efficient authentication scheme for mobile satellite communication systems. However, we observed that this authentication scheme is vulnerable to a denial of service (DoS) attack and does not offer perfect forward secrecy. Therefore, we propose a novel secure authentication scheme without verification table for mobile satellite communication systems. The proposed scheme can simultaneously withstand DoS attacks and support user anonymity and user unlinkability. In addition, the proposed scheme is based on the elliptic curve cryptosystem, has low client‐side and server‐side computation costs, and achieves perfect forward secrecy. Copyright © 2013 John Wiley & Sons, Ltd.     

A post quantum secure construction of an authentication protocol for satellite communication

Satellite's communication system is used to communicate under significant distance and circumstances where the other communication systems are not comfortable. Since all the data are exchanged over a public channel, so the security of the data is an essential component for the communicating parties. Both key exchange and authentication are two cryptographic tools to establish a secure communication between two parties. Currently, various kinds of authentication protocols are available to establish a secure network, but all of them depend on number–theoretical (discrete logarithm problem/factorization assumption) hard assumptions. Due to Shor's and Grover's computing algorithm number theoretic assumptions are breakable by quantum computers. Although Kumar and Garg have proposed a quantum attack-resistant protocol for satellite communication, it cannot resist stolen smart card attack. We have analyzed that how Kumar and Garg is vulnerable to the stolen smart card attack using differential power analysis attack described in He et al and Chen and Chen. We have also analyzed the modified version of signal leakage attack and sometimes called improved signal leakage attack on Kumar and Garg's protocol. We have tried to construct a secure and efficient authentication protocol for satellites communication that is secure against quantum computing. This is more efficient as it requires only three messages of exchange. This paper includes security proof and performance of the proposed authentication and key agreement protocol.     

An improved authentication scheme for mobile satellite communication systems

Recently, Lee et al. proposed a simple and efficient authentication scheme for mobile satellite communication systems. However, we find that their scheme is vulnerable to the smart card loss attack, the denial of service attack and the replay attack. To overcome the weaknesses of Lee et al.'s scheme, we proposed an authentication scheme for mobile satellite communication systems to improve security. The proposed scheme possesses the essential properties and security requirements, which should be considered for the authentication scheme of mobile satellite communication systems. Copyright © 2014 John Wiley & Sons, Ltd.     

A secure authentication with key agreement scheme using ECC for satellite communication systems

Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.     

Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things

The Internet of Things (IoT) is an expansion of Internet-based sensing, processing and networking. As a key technique of the IoT, the Radio Frequency Identification (RFID) had a prosperous development in the past decade. Security schemes were also proposed to ensure secure RFID authentication. This paper analyzes security weaknesses found in previous schemes and proposes a new RFID authentication scheme using Elliptic Curve Cryptography (ECC). Security analysis results show that the proposed scheme can meet security requirements of RFID authentication while requiring no extra cost in terms of performance.     

A simple key agreement scheme based on chaotic maps for VSAT satellite communications

Security is an essential requirement in any data communication system because a cyber criminal might try to break into it at any point by any means possible. A key agreement procedure is a necessary technique to ensure the security of data communication by way of encryption and mutual authentication. This article proposes a simple key agreement scheme on the basis of chaotic maps for VSAT satellite communications. The new scheme keeps the advantages of all chaotic maps‐based public key cryptosystems, providing a secure function of session key agreement. Based on the intractability of chaotic map discrete logarithm problem and chaotic map Diffie–Hellman problem, the security of this new scheme has been proven to be robust enough against all the well‐known cryptographical attacks with perfect forward secrecy provided. In addition, compared with similar schemes that serve the same purposes, the proposed scheme demands a lower computation cost. With all the previous features put together, the proposed scheme is extremely suitable for the use in very small aperture terminal satellite communication environments. Copyright © 2013 John Wiley & Sons, Ltd.     

A lightweight authentication scheme based on self‐updating strategy for space information network

The security of space information network (SIN) is getting more and more important now. Because of the special features of SIN (e.g., the dynamic and unstable topology, the highly exposed links, the restricted computation power, the flexible networking methods, and so on), the security protocol for SIN should have a balance between security properties and computation/storage overhead. Although a lot of security protocols have been proposed recently, few can provide overall attacks resistance power with low computation and storage cost. To solve this problem, in this paper we propose a lightweight authentication scheme for space information network. It is mainly based on the self‐updating strategy for user's temporary identity. The scheme consists of two phases, namely, the registration phase and the authentication phase. All the computing operations involved are just hash function (h), the bit‐wise exclusive‐or operation (⊕), and the string concatenation operation (||), which are of low computation cost. The security properties discussion and the attacks–resistance power analysis show that the proposed authentication scheme can defend against various typical attacks, especially denial of service attacks. It is sufficiently secure with the lowest computation and storage costs. Furthermore, the formal security proof in SVO logic also demonstrates that the scheme can satisfy the security goals very well. Copyright © 2016 John Wiley & Sons, Ltd.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

New entity authentication and access control scheme in satellite communication network

With the increasing global demand for satellite communications,the problem of entity authentication and access control of the satellite communication network needs to be solved urgently.To solve this problem,a new multiple center-based entity authentication and cross-domain access control scheme was proposed.The scheme divided the multiple centers into two layers for entity authentication,and maped the authorization of the multiple domains to achieve access control.Simulation experiments show that the proposed scheme support the entity authentication for 100 million users.Furthermore,it also allows 1 million users to access in parallel.     

Secure authentication enhancement scheme for seamless handover and roaming in space information network

Space information network composed of a variety of heterogeneous networks is widely concerned.However,the space information network is facing more security threats and more likely to roam due to its complex topology and large user scale.Considering the characteristics of space information network,a secure authentication enhancement scheme for seamless handover and roaming in space information network was presented.The fast mutual authentication and reasonable accounting between the user and the visiting domain based on the combination of Token and Hash chain was achieved.In addition,two seamless handover mechanisms were proposed to ensure the continuity of user communication.Finally,security analysis indicates that the scheme can not only provide essential security properties,but also achieve reasonable accounting.     

Efficient dynamic authentication for mobile satellite communication systems without verification table

The mobile satellite system is an important wireless communication system widely used nowadays. The issue of protecting the transmission security in low‐earth‐orbit satellite networks thus becomes more and more critical. It is known that several authentication schemes for satellite communication systems have been proposed to deal with the issue. However, previous protocols either employ complicated public key computation or have to maintain a verification table. In this paper, the author will introduce a new dynamic authentication protocol for mobile satellite communication systems without using a verification table. The comparison results will also show that the proposed scheme has lower computational costs. Copyright © 2014 John Wiley & Sons, Ltd.     

A novel user’s authentication scheme for pervasive on-line media services

Due to the explosive growth of the Internet and the pervasion of multimedia, protection of intellectual property (IP) rights of digital content in transactions induces people’s concerns. Current security requirements and copyright protection mechanisms especially need to work in real-time and on-line for communication and networking. For media service systems in the Internet, user’s authentication is most essential in association with the access control of the media system. The authentication scheme is a trivial but crucial issue for maintaining user’s information. Up to now, many one-time password-based authentication schemes have been proposed. However, none is secure enough. The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources. Traditionally static passwords can more easily be obtained by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. These schemes are specially fit for media services in the Internet since they will frustrate the attacker’s attempt. Lin, Shen and Hwang proposed a strong-password authentication scheme in association with one-time password by using smart cards, and claimed their scheme can resist guess attack, replay attack, impersonation attack and stolen attack. Later, Ku, Tsai, and Chen showed that Lin-Shen-Hwang’s scheme suffers from a replay attack and a denial-of-service attack. Furthermore, Ku proposed a hash-based strong-password authentication scheme to enhance the security. In this paper, we show the weaknesses and devise some attacks against Ku’s scheme. Then, we revise Ku’s scheme and propose a novel user’s authentication scheme in pervasive on-line media services for current communication and networking.     

Efficient and privacy-preserving online face authentication scheme

In traditional face authentication system,the trait template and authentication request were generally matched over plaintext,which may lead to the leakage of users’ sensitive data.In order to address the above-mentioned problem,based on matrix encryption,an efficient and privacy-preserving online face authentication scheme was proposed.Specifically,the users’ face trait template for register and the authentication request were encrypted before being sent to the online authentication server,and the similarity computation between the encrypted face trait template and authentication request was computed by the online authentication server over ciphertexts,which guaranteed the security of users’ sensitive data without affecting the accuracy of face authentication.Security analysis shows that the proposed scheme can achieve multiple security levels according to different security parameters.Moreover,performance evaluation shows that the proposed scheme has low computation cost and communication overhead.Experiments results demonstrate the high efficiency of the proposed scheme,which can be implemented in the real environment effectively.     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X:车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。     

量子消息认证协议

研究了在量子信道上实现经典消息和量子消息认证的方法。给出了一个基于量子单向函数的非交互式经典消息认证加密协议。证明了给出的协议既是一个安全的加密方案,也是一个安全的认证方案。利用该认证加密协议作为子协议,构造了一个量子消息认证方案,并证明了其安全性。与BARNUM等给出的认证方案相比,该方案缩减了通信双方共享密钥的数量。     

A simple and efficient authentication scheme for mobile satellite communication systems

In this article, the authors shall propose a simple and efficient authentication scheme for mobile satellite communication systems. The proposed scheme can achieve the following security requirements: (S1) withstand impersonation attacks; (S2) withstand denial server attacks; (S3) withstand smart card loss attacks; (S4) withstand replay attacks; and (S5) withstand stolen‐verifier attacks, and achieve the following functionality requirements: (F1) freely choose identity; (F2) provide mutual authentication; (F3) provide session key agreement; (F4) provide user anonymity; and (F5) provide perfect forward secrecy. In additional, the proposed scheme does not use the high complex computation, such as public key cryptosystem or secret key cryptosystem, for the mobile users' side. The proposed scheme is only based on hash functions and exclusive‐OR operations. Compared with other schemes, the proposed scheme has a lower computation cost. It is more simple and efficient scheme. Copyright © 2011 John Wiley & Sons, Ltd.     

LEO卫星移动通信系统空间网络技术分析

在分析LEO卫星星座移动通信系统空间段网络功能和特点的基础上,进行了星座网络路由和交换技术体制的分析和论证,提出了以支持话音业务为主的LEO卫星移动通信系统星座网络路由和交换技术方案。星座网络采用定长信元格式交换体制,采用动态拓扑离散化的拓扑快照静态路由策略。这种静态路由离线计算方式和定长信元交换相结合,提高了网络交换的效率和转发速率。     

液晶光学相控技术在卫星通信多接入中的应用

在空间激光通信、组网过程中,为了能够实现一颗卫星终端对多颗卫星终端的物理光束接入,从而使得一颗卫星能与多颗卫星实现数据分发、路由、交换等组网功能,对卫星激光通信捕跟过程中存在的多终端物理接入方法进行了研究。在基于液晶光学相控阵多波束生成能力和多波束赋形的理论基础上,设计了一种新型的多终端接入方法。该方法的核心是利用液晶光学相控阵的多波束生成与控制能力实现对多个终端的接入。对光束在远场光斑的位置信息以及接入过程中的衍射效率和能量损耗情况进行仿真来验证该方案是否满足空间激光通信终端接入要求。仿真结果发现接入过程中的衍射效率大于80%,能量损耗小于1 dB,表明该方案有效可行。     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.