MANET中高效的安全簇组密钥协商协议

针对移动自组网中组密钥管理面临的诸多挑战,提出一种高效的安全簇组密钥协商协议(ESGKAP,effi-cient and secure group key agreement protocol).ESGKAP基于提出的高性能层簇式CCQ_n网络模型,有效地减少了组密钥协商过程中的秘密贡献交互开销,增加了协议的灵活性、可扩展性和容错性.ESGKAP无需控制中心,由秘密分发中心构造门限秘密共享,所有成员通过协商生成簇组密钥,提高了方案的安全性,且基于ECC密码体制提高了簇组密钥生成的效率.同时,提出高效的签密及门限联合签名方案,确保簇组成员能够对接收的簇组密钥份额进行验证,进一步增加了方案的安全性.使用串空间模型对ESGKAP方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD、A-GDH和TGDH协议比较,表明ESGKAP能有效减少节点和网络资源消耗,很好地适用于特定的移动自组网环境,具有更为明显的安全和性能优势.     

An enhanced secure delegation-based anonymous authentication protocol for PCSs

Rapid development of wireless networks brings about many security problems in portable communication systems (PCSs), which can provide mobile users with an opportunity to enjoy global roaming services. In this regard, designing a secure user authentication scheme, especially for recognizing legal roaming users, is indeed a challenging task. It is noticed that there is no delegation-based protocol for PCSs, which can guarantee anonymity, untraceability, perfect forward secrecy, and resistance of denial-of-service (DoS) attack. Therefore, in this article, we put forward a novel delegation-based anonymous and untraceable authentication protocol, which can guarantee to resolve all the abovementioned security issues and hence offer a solution for secure communications for PCSs.     

A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SK-security along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.     

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.     

A2-MAKE: An efficient anonymous and accountable mutual authentication and key agreement protocol for WMNs

Multi-hop hybrid wireless mesh networks (WMNs) have recently attracted increasing attention and deployment. For easy acceptance and wide deployment of WMNs, security, privacy, and accountability issues have to be addressed by providing efficient, reliable, and scalable protocols. The fact that regular users, which may be resource-constrained wireless devices, are involved in routing activities highlights the need for efficiency and compactness. However, the said objectives, i.e., security, privacy, accountability, efficiency etc., are, most of the time, not compatible. So far no previous work has adequately reconciled these conflicting objectives in a practical framework. In this paper, we design and implement such a framework named as A²-MAKE, which is a collection of protocols. The framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked unwillingly. No single party (or authority, network operator, etc.) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private keys and corresponding credentials of the users are generated in a secure three-party protocol. User accountability is implemented via user identification and revocation protocols that can be executed by two semi-trusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed with respect to similar protocols. Our framework makes use of more efficient signature generation and verification algorithms in terms of computational complexity than their counterparts in literature, where signature size is almost the same as the shortest signatures proposed for similar purposes so far.     

An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure

Sprouting populace mass within the urban areas furnishes critical challenges of providing uninterruptible community services to fulfill the primitive needs of inhabitants in smart cities. Smart cities facilitate and uplift the living standards of inhabitants through various smart systems or infrastructures, and smart grid is one of them. Secure transmission is a key requirement in the advanced metering infrastructure (AMI) of most smart grids, and key establishment cryptographic protocols can be used to achieve such a requirement. Designing efficient and secure key establishment protocols for AMI remains challenging. For example, in this paper, we reveal several weaknesses in the identity‐based key establishment protocol of Mohammadali et al (published in IEEE Trans Smart Grid, 2017), which is based on elliptic curves. We then improve their protocol and prove its security in the random oracle model. We also demonstrate that the improved protocol achieves both anonymity and untraceability, before presenting a comparative summary of the security and computational overheads of the proposed protocol and several other existing protocols.     

An efficient group key agreement protocol

Group key agreement protocol is important for collaborative and group-oriented application. Recently, for a network that consists of devices with limited resource, group key management has become an issue for secure routing or multicast. In this letter, we present an efficient group key agreement protocol that is an improvement of the Burrnester-Desmedt algorithm. We generalize the Improvement, which doesn't need the same modulus group for discrete logarithm problem.     

AN IMPROVED AUTHENTICATED KEY AGREEMENT PROTOCOL

In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang＇s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang＇s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.     

An authentication and key agreement protocol for satellite communications

In 2009 and 2011, Chen et al. and Lasc et al. proposed two separate authentication schemes for mobile satellite communication systems. Unfortunately, their schemes are unable to protect security in the event of smart card loss. In this paper, we propose a novel version that resists common malicious attacks and improves both the schemes of Chen et al. and Lasc et al. The security of our scheme is based on the discrete logarithm problem and one‐way hash function. A nonce mechanism is also applied to prevent replay attack. Furthermore, our scheme is more efficient than related schemes and thus more suitable for being implemented in satellite communication systems. Copyright © 2012 John Wiley & Sons, Ltd.     

Design of a lightweight and anonymous authenticated key agreement protocol for wireless body area networks

Wireless body area networks (WBANs) are a network designed to gather critical information about the physical conditions of patients and to exchange this information. WBANs are prone to attacks, more than other networks, because of their mobility and the public channel they use. Therefore, mutual authentication and privacy protection are critical for WBANs to prevent attackers from accessing confidential information of patients and executing undetectable physical attacks. In addition, in the authentication and key agreement process, messages should be transferred anonymously such that they are not linkable. In this paper, we first indicate that one of the most recently introduced authentication protocol is vulnerable to the wrong session key agreement attack and desynchronization attack. Second, we propose a lightweight authentication and key agreement protocol, which can withstand the well‐known attacks and provide the anonymity feature. Eventually, we analyze the security of our proposed protocol using both Automated Validation of Internet Security Protocols and Applications (AVISPA) and random oracle model and compare its performance with the related works. The results demonstrate the superiority of our proposed protocol in comparison with the other protocols.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

一个高效的无证书两方认证密钥协商协议

由于双线性对有高昂的计算代价,无双线性对的密码系统在近年来得到了广泛的关注。各种无双线性对的两方认证密钥协商协议在公钥密码体制(PKC)下被研究。为了克服传统公钥密码体制下复杂的证书管理问题和基于身份的密码体制固有的密钥托管问题,一些无证书认证密钥协商协议被提出。文中提出了一个安全高效的无双线性对的基于无证书的两方认证密钥协商协议,与相关的协议相比,文中的协议具有较低的计算代价。     

An efficient authentication and key agreement scheme for secure smart grid communication services

The smart grid is a new and promising technology integrating new information and communication technologies to improve the distribution and consumption of electricity between energy suppliers and their end customers. However, this advanced solution is facing a serious security problem as regards the interception and falsification of power consumption data, hence generating falsified electricity consumption bills. This issue of security needs to be promptly and efficiently handled. Clearly, it is of paramount importance to have a security mechanism to avoid such losses. Our work focuses on this issue. It particularly concerns the development of a security mechanism to ensure a completely secure communication between energy suppliers and their consumers while preserving the privacy of end customers in terms of protection of their personal information including their identities. The experimental results underscore that our solution outperforms those of the literature in terms of computation cost and robustness against various types of attacks.     

An efficient and provably secure authenticated key agreement scheme for mobile edge computing

Wireless Networks - Though Mobile Cloud Computing (MCC) and Mobile Edge Computing (MEC) technologies have brought more convenience to mobile services over past few years, but security concerns like...     

可证明安全的随机密钥协商协议

主要研究随机密钥协商问题,针对Diffie-Hellman协议、SAKA协议和改进Lin协议、E-SAKA协议等存在的不具有认证功能和不能抵抗中间人攻击等缺陷,应用动态双向认证因子认证方法和非时间同步技术提出一种随机密钥协商协议,该协议适用于OTP动态口令系统设计,同时解决密钥协商过程中的动态认证和时间同步问题。最后,在标准模型下证明了方案的安全性。     

An efficient anonymous communication protocol for peer-to-peer applications over mobile ad-hoc networks

An efficient anonymous communication protocol, called MANET Anonymous Peer-to-peer Communication Protocol (MAPCP), for P2P applications over mobile ad-hoc networks (MANETs) is proposed in this work. MAPCP employs broadcasts with probabilistic-based flooding control to establish multiple anonymous paths between communication peers. It requires no hop-by-hop encrypt ion/decryption along anonymous paths and, hence, demands lower computational complexity and power consumption than those MANET anonymous routing protocols. Since MAPCP builds multiple paths to multiple peers within a single query phase without using an extra route discovery process, it is more efficient in P2P applications. Through analysis and extensive simulations, we demonstrate that MAPCP always maintains a higher degree of anonymity than a MANET anonymous single-path routing protocol in a hostile environment. Simulation results also show that MAPCP is resilient to passive attacks     

A secure and efficient key agreement framework for critical energy infrastructure using mobile device

Telecommunication Systems - Internet of Energy (IoE) provides two-way communication for reform of energy utilization between service providers and consumers. To provide secure, efficient, and...     

A secure authentication with key agreement scheme using ECC for satellite communication systems

Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.