A Provably Secure and PUF-Based Authentication Key Agreement Scheme for Cloud-Edge IoT

With the exponential growth of intelligent Internet of Things(IoT) applications, Cloud-Edge(CE) paradigm is emerging as a solution that facilitates resource-efficient and timely services. However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel. Additionally, with the presence of resource-constrained devices, it’s imperative to conduct the secure communication mechanism, while still guaranteeing efficiency. Physical unclonab...     

基于PUF的低开销物联网安全通信方案

将物理不可克隆函数（Physical Unclonable Function,PUF）与椭圆曲线上的无证书公钥密码体制相结合,提出一种面向物联网的安全通信方案,在节点设备不存储任何秘密参数的情况下,实现设备间消息的安全传递.方案无需使用高计算复杂度的双线性对运算,并提供了消息认证机制.安全性分析表明,该方案不仅能够抵抗窃听、篡改、重放等传统攻击,而且可以有效防范节点设备可能遭到的复制攻击.对比结果显示,相较于同类方案,该方案明显降低了设备的资源开销.     

一种基于相互认证的安全RFID系统

论文分析了现在RFID面临的各种安全问题,然后在XingxinGao等给出的RFID系统的基础上,提出了一种基于相互认证的安全RFID系统。通过结合相互认证机制与随机读取访问控制,本系统可有效地抵御传统攻击,特别是解决了Gao系统的重放攻击漏洞,也保证了个人隐私安全。此外,通过数字证书加密,标签与读头之间的信息交互过程变得更加安全。     

Secure and Privacy-Preserving RFID Authentication Scheme for Internet of Things Applications

Wireless Personal Communications - Privacy issue has become a crucial concern in internet of things (IoT) applications ranging from home appliances to vehicular networks. RFID system has found...     

可证明安全的RFID通信安全协议

通过对RFID系统特殊安全问题的系统研究,从可证明安全论证的角度出发,本文提出了一种可证明安全的RFID通信安全协议——rPAP。在随机预言模型下,使用形式化描述方式,系统地建立了RFID通信安全模型,并在该模型下,形式化地论证了rPAP协议的安全性。该协议适用于一般的RFID系统。     

A Provably Secure Multi-server Based Authentication Scheme

With the rapid growth of electronic commerce and demand on variants of Internet based applications, the system providing resources and business services often consists of many servers around the world. So far, a variety of authentication schemes have been published to achieve remote user authentication on multi-server communication environment. Recently, Pippal et al. proposed a multi-server based authentication protocol to pursue the system security and computation efficiency. Nevertheless, based on our analysis, the proposed scheme is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this study, we first demonstrate how these malicious attacks can be invoked by an adversary. Then, a security enhanced authentication protocol is developed to eliminate all identified weaknesses. Meanwhile, the proposed protocol can achieve the same order of computation complexity as Pippal et al.’s protocol does.     

A Secure and Efficient Authentication Scheme for E-coupon Systems

Through the explosive growth of network technologies, electronic commercial businesses have made our lives easier and more convenient. The application of e-coupons is quite a novel issue but is becoming increasingly popular among electronic commercial businesses because the extensive use of e-coupons can help consumers to save money; however, the e-coupon has also brought security issues as attackers can obtain illegitimate benefits from imperfections of the design. Hence, the security of the e-coupon system has become important as well. In this paper, we propose a novel and complete chaotic maps-based authentication scheme for e-coupon systems. Security analysis shows that our scheme satisfies essential security and functionality requirements. Furthermore, performance analysis shows that the execution time of our scheme is efficient and suitable for practical implementation in real life. In other words, users such as shops and customers can use our e-coupon system conveniently and securely.     

A Secure Authentication Scheme with Anonymity for Wireless Communications

Recently, a new authentication scheme with anonymity for wireless communications has been proposed, and then some security problems have been demonstrated. In this paper, we will discuss a few problems found in the enhanced scheme and then propose how to overcome them, regarding the properties of anonymity and backward secrecy.     

IoT Enabled RFID Authentication and Secure Object Tracking System for Smart Logistics

Wireless Personal Communications - Object tracking is a fundamental problem in Supply Chain Management (SCM). Recent innovations eliminate the difficulties in traditional approach such as manual...     

Testing Methods for PUF-Based Secure Key Storage Circuits

Design for test is an integral part of any VLSI chip. However, for secure systems extra precautions have to be taken to prevent that the test circuitry could reveal secret information. This paper addresses secure test for Physical Unclonable Function based systems. It investigates two secure Built-In Self-Test (BIST) solutions for Fuzzy Extractor (FE) which is the main component of PUF-based systems. The schemes target high stuck-at-fault (SAF) coverage by performing scan-chain free functional testing, to prevent scan-chain abuse for attacks. The first scheme reuses existing FE blocks (for pattern generation and compression) to minimize the area overhead, while the second scheme tests all the FE blocks simultaneously to minimize the test time. The schemes are integrated in FE design and simulated; the results show that for the first test scheme, a SAF fault coverage of 95 % can be realized with no more than 47.1k clock cycles at the cost of a negligible area overhead of only 2.2 %; while for the second test scheme a SAF fault coverage of 95 % can be realized with 3.5k clock cycles at the cost of 18.6 % area overhead. Higher fault coverages are possible to realize at extra cost (i.e., either by extending the test time, or by adding extra hardware, or a combination of both).     

具有不可链接性的无线通信匿名认证

客户端-服务器认证协议的匿名性指服务器能够认证客户端的真实性,但无法获知客户端的身份。针对认证协议提出了新的安全性需求—不可链接性,该性质是对匿名性的有益补充。对已有文献中的认证协议进行修正,使其在不降低认证效率的前提下满足不可链接性。修正后的方案同时提供身份保护性、不可链接性、双向认证、密钥协商、密钥更新、会话密钥的后向保密性以及客户端的口令修改功能。     

Novel Sequence Number Based Secure Authentication Scheme for Wireless LANs

Authentication per frame is an implicit necessity for security in wireless local area networks (WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data f...     

Efficient and Secure Authentication Scheme with Conditional Privacy-Preserving for VANETs

The goal of authentication scheme for Vehicular ad hoc networks (VANETs) is to ensure reliability and integrity of message.Due to the timeliness of traffic-related messages and the highly dynamic nature of VANETs,it still is a challenge to solve the three key issues simultaneously,i.e.security,efficiency and conditional privacy-preserving,on the design of authentication scheme for VANETs.To address this challenge,an efficient Conditional privacy-preserving authentication (CPPA) scheme is proposed in this paper.Compared with the most recent proposed CPPA schemes,our proposed scheme markedly decreases the computation costs of the message-signing phase and the message verification phase,while satisfies all security requirements of VANETs and provides conditional privacy-preserving.     

基于混合加密的融合网络安全认证计费方案

蜂窝网和Ad Hoc网是提供接入服务的重要技术.由于两者互补的特性,融合蜂窝网和Ad Hoc网能提供在热点地区和通信盲区的持续接入.但两者的融合涉及到许多问题.针对安全问题,在Ad Hoc辅助式的融合网络模型上提出一种基于混合加密的安全认证计费方案.此方案使用对称加密和非对称加密的混合加密机制,另外还采用了散列函数和数字签名技术.安全分析表明所提方案可以防止扮演攻击、重播攻击和中间人攻击,并具有反拒认特性.     

Secure and Efficient Mutual Authentication Scheme for NFC Mobile Devices

As the technology of mobile devices spreads fast, the price of mobile devices is getting cheaper. Most of the people have mobile devices, and these devices have the technology of near field communication (NFC). With the long time development and research, the mobile devices use NFC technology on the payment and authentication applications, and replace the smartcard, the access control card, and the credit card by using the card emulation mode. It helps the development of NFC applications. In recent years, more and more users begin using NFC technology on mobile payment and authentication. Many researches have proposed the related NFC authentication protocols, but their schemes are still lack of some security properties and functions, which are necessary for NFC authentication protocols. In this paper, we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.     

Secure Authentication System for Public WLAN Roaming

A serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes, which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their privacy information while roaming. In addition, we have developed a compound Layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show that the total authentication delay is about 2 seconds in the worst case. This time is dominated primarily by our use of industry-standard XML-based protocols, yet is still small enough for practical use. Ana Sanz Merino received her B.S. degree in Electrical Engineering from Universidad Politécnica de Madrid (Spain) in 1999. She was the recipient of the Fundación Telefónica award to the best final thesis in telecommunications networks and services published in Spain in the 1999–2000 academic year. Her area of expertise is data communications, a field in which she has worked in R&D since 1998, first at Universidad Politécnica de Madrid, and later for two companies in the telecom sector, Telefónica and Ericsson. Presently, she is a student of the M.S. in Computer Science and a researcher at University of California, Berkeley, where she works on wireless network security with Professor Randy H. Katz. Yasuhiko Matsunaga is a researcher at NEC Corporation, Japan. He specializes in resource and security management in wireless and broadband networks. He received B.S and M.S degrees from the University of Tokyo in 1992 and 1994. He was a visiting researcher at the computer science division at the University of California, Berkeley from Dec. 2002 to Dec. 2003. Manish Shah is a third year undergraduate student at University of California, Berkeley Computer Science Department. He has been doing research with Prof. Katz and the Sahara Group since May 2003. His research interests are networking related focusing on wireless systems and technologies. He has recently been involved in sensor network related research. Takashi Suzuki received B.E and M.E. degrees in communication engineering from Osaka University, Japan, in 1994 and 1996, respectively. In 1996, he joined NTT DoCoMo, Japan, where he was engaged in research and development of mobile multimedia communication protocols. He was a visiting industrial fellow at University of California, Berkeley from 2001 to 2003, where he worked on web service security and WLAN security. He is now engaged in research on secure mobile terminal architecture at Multimedia Laboratories of NTT DoCoMo. Randy Howard Katz received his undergraduate degree from Cornell University, and his M.S. and Ph.D. degrees from the University of California, Berkeley. He joined the faculty at Berkeley in 1983, where he is now the United Microelectronics Corporation Distinguished Professor in Electrical Engineering and Computer Science. He is a Fellow of the ACM and the IEEE, and a member of the National Academy of Engineering. He has published over 200 refereed technical papers, book chapters, and books. His hardware design textbook, Contemporary Logic Design, has sold over 85,000 copies worldwide, and has been in use at over 200 colleges and universities. He has supervised 35 M.S. theses and 21 Ph.D. dissertations, and leads a research team of over a dozen graduate students, technical staff, and industrial visitors. He has won numerous awards, including seven best paper awards, one “test of time” paper award, one paper selected for a 50 year retrospective on IEEE communications publications, three best presentation awards, the Outstanding Alumni Award of the Computer Science Division, the CRA Outstanding Service Award, the Berkeley Distinguished Teaching Award, the Air Force Exceptional Civilian Service Decoration, the IEEE Reynolds Johnson Information Storage Award, the ASEE Frederic E. Terman Award, and the ACM Karl V. Karlstrom Outstanding Educator Award. With colleagues at Berkeley, he developed Redundant Arrays of Inexpensive Disks (RAID), a $25 billion per year industry sector today. While on leave for government service in 1993–1994, he established whitehouse.gov and connected the White House to the Internet. His current research interests are Internet Services Architecture, Mobile Internet, and the technologies underlying the convergence of telecommunications and packet networks. Prior research interests have included: database management, VLSI CAD, and high performance multiprocessor and storage architectures.This revised version was published online in August 2005 with a corrected cover date.     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

基于身份认证的安全量子中继器网络编码方案

本文将量子一次一密通信方法引入到量子中继器网络中,提出了基于身份认证的安全量子中继器网络编码方案.针对编码过程中存在的主动攻击问题,用一次一密的方式实现任意相邻节点通信过程中的身份认证,优化编码算法,最终在源节点与目的节点间生成量子纠缠态作为信道,构成量子隐形传态网络.方案分析表明,这种方案可以实现高可靠性、高安全性的远程量子通信.     

一种移动通信系统中的用户认证方案

针对移动通信系统的安全特点,设计了一种基于C.Park数字签名方案和Rabin方案的用户认证方案。它在实时的用户鉴别过程中,用户端与网端只需一次交互过程。采用了一种同步数据生成函数,具有时间标记的作用。用户所需的计算都是在预计算阶段,实时通信时不需要任何计算。     

WLAN安全认证与管理方案的设计与实现

结合目前无线校园网成功建设基础上,对Web认证以及802.1x等认证技术进行分析,针对不同的认证方式结合不同管理策略,提出了解决无线校园网中安全认证与管理问题:综合安全认证与管理方案。该方案通过不同认证方式、管理策略以及模块化设计,能够有效地解决无线局域网的安全认证以及管理等问题,为深入研究和应用无线网络奠定了基础。