无线网络中基于无证书聚合签名的高效匿名漫游认证方案

针对无线移动网络漫游认证中的隐私保护需求,提出了新的匿名漫游认证方案。引入在线离线签名技术,并巧妙结合聚合验证方法,设计了一个无证书聚合签名方案。与相关方案相比,该签名方案降低了签名和验证过程的计算开销,提高了通信效率。继而,基于该签名方案,提出了一种新型高效的匿名漫游认证方案,简化了传统的三方漫游认证模型。理论分析结果表明,该方案安全、有效,特别适用于大规模无线移动网络。     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

A new privacy and authentication protocol for end‐to‐end mobile users

In this papecr, we propose a new privacy and authentication scheme for end‐to‐end mobile users. There are three goals in our scheme. The first allows two end‐to‐end mobile users to communicate privately each other. The second allows two end‐to‐end mobile users to distribute a session key simply. The third allows two end‐to‐end mobile users to mutually authenticate. Copyright © 2003 John Wiley & Sons, Ltd.     

基于Edwards曲线的移动RFID安全认证协议

针对传统的RFID认证协议通常难以适应移动RFID系统的问题,提出了基于Edwards曲线的适用于移动RFID系统的安全认证协议,协议采用Edwards曲线提高了其防侧信道攻击的能力,并应用椭圆曲线离散对数问题实现安全认证。进一步采用可证明安全方法给出了标签和阅读器不可跟踪隐私的安全性证明,通过安全性分析指出协议能更有效抵抗已有各种攻击。与现有的结构类似RFID认证协议相比,该协议扩展性更好,安全性和性能优于其他方案。     

Multifold node authentication in mobile ad hoc networks

An ad hoc network is a collection of nodes that do not need to rely on a predefined infrastructure to keep the network connected. Nodes communicate amongst each other using wireless radios and operate by following a peer‐to‐peer network model. In this article, we propose a multifold node authentication approach for protecting mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using multiple authentication protocols are analysed. Such protocols, which are based on zero‐knowledge and challenge‐response techniques, are presented through proofs and simulation results. Copyright © 2007 John Wiley & Sons, Ltd.     

A practical authentication protocol with anonymity for wireless access networks

The use of anonymous channel tickets was proposed for authentication in wireless environments to provide user anonymity and to probably reduce the overhead of re‐authentications. Recently, Yang et al. proposed a secure and efficient authentication protocol for anonymous channel in wireless systems without employing asymmetric cryptosystems. In this paper, we will show that Yang et al.'s scheme is vulnerable to guessing attacks performed by malicious visited networks, which can easily obtain the secret keys of the users. We propose a new practical authentication scheme not only reserving the merits of Yang et al.'s scheme, but also extending some additional merits including: no verification table in the home network, free of time synchronization between mobile stations and visited networks, and without obsolete anonymous tickets left in visited networks. The proposed scheme is developed based on a secure one‐way hash function and simple operations, a feature which is extremely fit for mobile devices. We provide the soundness of the authentication protocol by using VO logic. Copyright © 2010 John Wiley & Sons, Ltd.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

Secure and efficient token based roaming authentication scheme for space-earth integration network

Aiming at the problem of prolongation and instability of satellite and terrestrial physical communication links in the space-earth integration network,a two-way token based roaming authentication scheme was proposed.The scheme used the characteristics of the computing capability of the satellite nodes in the network to advance the user authentication process from the network control center (NCC) to the access satellite.The satellite directly verified the token issued by the NCC to verify the user's identity.At the same time,the token mechanism based on the one-way accumulator achieved the user's dynamic join,lightweight user self-service customization and billing,and the introduction of Bloom Filter enabled effective user revocation and malicious access management.Compared with the existing scheme,the scheme can guarantee the security of roaming authentication and significantly reduce the calculation and communication overhead of the authentication and key negotiation process.     

一种高效的具有用户匿名性的无线认证协议

提出了一种高效的具有用户匿名性的无线认证协议。利用Hash函数和Smart卡实现了协议的用户匿名性。协议充分考虑了无线网络自身的限制和移动设备存储资源及计算资源的局限性，在认证过程中移动用户只需要进行一次对称加密和解密运算，用户与访问网络、本地网络与访问网络都只进行一次信息交换，而且所有对称加密都使用一次性密钥。本协议具有实用、安全、高效的特点。     

A location‐based service advertisement algorithm for pervasive service discovery in wireless mobile networks

The practical success of pervasive services running in mobile wireless networks relies largely on its flexibility in providing adaptive and cost‐effective services. Service discovery is an essential mechanism to achieve this goal. As an enhancement to our previous work for service discovery, that is, model‐based service discovery (MBSD), this paper proposes a location‐based service advertisement (SA) algorithm named as MBSD‐sa. MBSD‐sa advocates the importance of service location to the service availability and integrates the service location information together with the service semantic information into service information for advertisement. MBSD‐sa utilizes prediction to estimate the service location so as to reduce the number of SA messages (SAMs). Two complementary types of SA mechanisms (Types 1 and 2) are employed by MBSD‐sa to strike the balance between the SAM overhead and the accuracy of service information. The performance of MBSD‐sa is analyzed both numerically and using simulations. Copyright © 2008 John Wiley & Sons, Ltd.     

基于拓扑重构的水下移动无线传感器网络拓扑优化

针对水下移动无线传感器网络（MUWSN, mobile underwater wireless sensor networks）拓扑随洋流动态演化对其网络性能会产生很大影响,提出了一种基于拓扑重构的水下移动无线传感器网络拓扑优化方法,首先通过模拟鱼群行为对传感器节点位置进行调整,优化网络覆盖度;其次,利用冗余节点修复网络中不连通位置,消除关键节点,优化网络连通性,最后,通过仿真对比实验验证了该方法的合理性和有效性。实验结果表明,所提算法能在较低能耗下,保证网络覆盖度长期维持在97%左右,连通率达到89%以上。     

IEEE 802.11 roaming and authentication in wireless LAN/cellular mobile networks

A wireless LAN service integration architecture based on current wireless LAN hot spots is proposed so that migration to a new service becomes easier and cost effective. The proposed architecture offers wireless LAN seamless roaming in wireless LAN/cellular mobile networks. In addition, a link-layer-assisted mobile IP handoff mechanism is introduced to improve the network/domain switching quality in terms of handoff delay and packet loss. An application layer end-to-end authentication and key negotiation scheme is proposed to overcome the open-air connection problem existing in wireless LAN deployment. The scheme provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign network. A functional demonstration of the scheme is given. The research results can contribute to rapid deployment of wireless LANs.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

A data privacy protective mechanism for wireless body area networks

As an important branch of wireless sensor networks, wireless body area networks (WBAN) has attracted widespread attention in various fields because of its portability and mobility. However, because much of the data collected by WBAN are related to personal information of the user, the sensitive private data may be at risk of leakage or malicious modification in the actual process of application and deployment. In order to assure the security and privacy of user's data in the environment of WBAN, this paper presents a Data Privacy Protective Mechanism for WBAN. In order to secure data and secure transmission, this mechanism combines symmetric key with an asymmetric key to transmit user's data. Then, it cuts and reorganizes the data in the process of transmission to better capture defense and the attacks of the nodes. Ultimately transmits the user's data securely under the condition that the data collected by the nodes are confidential and secure. Copyright © 2015 John Wiley & Sons, Ltd.     

Accelerating signature-based broadcast authentication for wireless sensor networks

In wireless sensor networks (WSNs), broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. In this contribution, we propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4 × 4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7-34.5% less energy and runs about 50% faster than the traditional signature verification method. The efficiency of the proposed technique has been tested through an experimental study on a network of MICAz motes.     

Quality of service challenges for wireless mobile ad hoc networks

Wireless mobile ad hoc networks consist of mobile nodes interconnected by wireless multi‐hop communication paths. Unlike conventional wireless networks, ad hoc networks have no fixed network infrastructure or administrative support. The topology of such networks changes dynamically as mobile nodes join or depart the network or radio links between nodes become unusable. Supporting appropriate quality of service for mobile ad hoc networks is a complex and difficult issue because of the dynamic nature of the network topology and generally imprecise network state information, and has become an intensely active area of research in the last few years. This paper

1 This article, except for some minor changes, is essentially the same as one that appears in 103 . The latter is a revised and updated version of 51

presents the basic concepts of quality of service support in ad hoc networks for unicast communication, reviews the major areas of current research and results, and addresses some new issues. The principal focus is on routing and security issues associated with quality of service support. The paper concludes with some observations on the open areas for further investigation. Copyright © 2004 John Wiley & Sons, Ltd.     

Hierarchical location service for wireless sensor networks with mobile sinks

In wireless sensor networks (WSNs), a mobile sink can help eliminate the hotspot effect in the vicinity of the sink, which can balance the traffic load in the network and thus improve the network performance. Location‐based routing is an effective routing paradigm for supporting sink mobility in WSNs with mobile sinks (mWSNs). To support efficient location‐based routing, scalable location service must be provided to advertise the location information of mobile sinks in an mWSN. In this paper, we propose a new hierarchical location service for supporting location‐based routing in mWSNs. The proposed location service divides an mWSN into a grid structure and exploits the characteristics of static sensors and mobile sinks in selecting location servers. It can build, maintain, and update the grid‐spaced network structure via a simple hashing function. To reduce the location update cost, a hierarchy structure is built by choosing a subset of location servers in the network to store the location information of mobile sinks. The simulation results show that the proposed location service can significantly reduce the communication overhead caused by sink mobility while maintaining high routing performance, and scales well in terms of network size and sink number. Copyright © 2009 John Wiley & Sons, Ltd.