A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks

Designated server public key encryption with keyword search (dPEKS) removes the secure channel requirement in public key encryption with keyword search (PEKS). With the dPEKS mechanism, a user is able to delegate the search tasks on the ciphertexts sent to him/her to a designated storage server without leaking the corresponding plaintexts. However, the current dPEKS framework inherently suffers from the security vulnerability caused by the keyword guessing (KG) attack. How to build the dPEKS schemes withstanding the KG attacks is still an unsolved problem up to now. In this work, we introduce an enhanced dPEKS (edPEKS) framework to remedy the security vulnerability in the current dPEKS framework. The edPEKS framework provides resistance to the KG attack by either the outside attacker or the malicious designated server. We provide a semi‐generic edPEKS construction that exploits the existing dPEKS schemes. Our security proofs demonstrate that the derived edPEKS scheme achieves the keyword ciphertext indistinguishability, the keyword ciphertext unforgeability, and the keyword trapdoor indistinguishability if the underlying dPEKS scheme satisfies the keyword ciphertext indistinguishability and the hash Diffie‐Hellman problem is intractable. In addition, a concrete edPEKS scheme is presented to show the instantiation of the proposed semi‐generic construction.     

Energy‐efficient multi‐level and distance‐aware clustering mechanism for WSNs

Most sensor networks are deployed at hostile environments to sense and gather specific information. As sensor nodes have battery constraints, therefore, the research community is trying to propose energy‐efficient solutions for wireless sensor networks (WSNs) to prolong the lifetime of the network. In this paper, we propose an energy‐efficient multi‐level and distance‐aware clustering (EEMDC) mechanism for WSNs. In this mechanism, the area of the network is divided into three logical layers, which depends upon the hop‐count‐based distance from the base station. The simulation outcomes show that EEMDC is more energy efficient than other existing conventional approaches. Copyright © 2013 John Wiley & Sons, Ltd.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

Designing a secure designated server identity-based encryption with keyword search scheme: still unsolved

There exist only a few papers in the literature which target the problem of “proposing a secure designated server identity-based encryption with keyword search scheme.” In this paper, we prove that they all suffer from security issues, and therefore, this challenging problem still remains open.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture

From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.     

Improving MANET performance by a hop‐aware and energy‐based buffer management scheme

A hop‐aware and energy‐based buffer management scheme (HEB) is proposed in this paper. HEB can provide better quality of service to packets with real‐time requirements and improve MANET power efficiency. In our algorithm, the buffer is divided into real‐time and non‐real‐time partitions. We consider the number of hops passed, the power levels of the transmitting node, the predicted number of remaining hops, and waiting time in the buffer to determine packet transmission priority. In addition, specialized queue management and a probabilistic scheduling algorithm are proposed to decrease retransmissions caused by packet losses. Mathematical derivations of loss rates and end‐to‐end delays are also proposed. Coincidence between mathematical and simulation results is also shown. Finally, the HEB is compared with first in first out, random early detection, and hop‐aware buffering scheme. Simulation results show that the proposed algorithm reduces loss rates, power consumption, and end‐to‐end delays for real‐time traffic, considerably improving the efficiency of queue management in MANET. Copyright © 2012 John Wiley & Sons, Ltd.     

The weighted shortest path search based on multi‐agents in mobile GIS management services

In this paper we focus on the mobile GIS management system based on multi‐agents, and wider range of client devices with J2ME‐MIDP kernel are supported in it. A kit (Map Database Manager) is developed and described in detail. The kit can convert GIS data of commercial formats such as ArcGIS and Mapinfo into Geospatial data in GML, and provide Geospatial data for handheld devices freely without commercial plug‐in software. A peer to peer multi‐agents mechanism on mobile GIS services is the main subject of this paper. According to user's requirement and known buffer area radius on map, agent can define the factors to calculate the optimal path from one node to target node in a map, which considers not only the length of the road but also traffic flow, road cost, and other factors. We use the integrated cost to re‐define the road path weights, and select the optimal path among the road based on the minimum weight. The actual experimental results shown that in the quantified traffic flow and road condition, from node to other target nodes, we can get an optimal path on map, which satisfies the condition mostly. The results can greatly assist the searching of the optimal path in GIS services. Copyright © 2010 John Wiley & Sons, Ltd.     

Strongly unforgeable threshold multi‐proxy multi‐signature scheme with different proxy groups

In the majority of threshold multi‐proxy multi‐signature (TMPMS) schemes, only one proxy group is authorized to sign on behalf of all the original members. However, the original signers in various practical applications are often from different organizations. Each original signer should be able to designate a proxy group in his own organization; thus, each original signer could have distinct proxy members. However, this practical requirement of TMPMS schemes is seldom considered. To satisfy this requirement, we propose a new TMPMS scheme in which each original member can designate a proxy group in his own organization. Moreover, the threshold value of each proxy group is unique. We develop a security model to prove the high security and strong unforgeability of the proposed scheme. We analyze the security of our scheme based on the four types of adversaries tested in the security model. Compared with previous schemes, the new scheme offers higher security and superior computational efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

An improved anonymous multi‐receiver identity‐based encryption scheme

Anonymous receiver encryption is an important cryptographic primitive. It allows a sender to use the public identities of multiple receivers to encrypt messages so that only the authorized receivers or a privileged set of users can decrypt the messages, and the identities of the receivers are not revealed. Recently, Zhang et al. proposed a novel anonymous multi‐receiver encryption scheme and claimed that their scheme could realize the receiver's identity privacy. Unfortunately, in this paper, we pointed out that the scheme by Zhang et al. did not achieve the anonymity of the receiver identity after analyzing the security of the scheme. At the same time, we give the corresponding attack. After analyzing the reason to produce such attacks, a novel anonymous multi‐receiver encryption scheme is given to achieve the anonymity of the receiver's identities. And we formally prove that the proposed scheme is semantically secure for confidentiality and receiver identities’ anonymity. The security of the scheme is based on decisional bilinear Diffie‐Hellman problem. Compared with the scheme by Zhang et al., Fan et al., Wang et al., and Chien et al., our scheme is shown to be better performance and robust security. To the best of our knowledge, our scheme is most efficient in terms of computational cost and communication overhead. Copyright © 2013 John Wiley & Sons, Ltd.     

The capacity of multi‐channel multi‐interface wireless networks with multi‐packet reception and directional antenna

The capacity of wireless networks can be improved by the use of multi‐channel multi‐interface (MCMI), multi‐packet reception (MPR), and directional antenna (DA). MCMI can provide the concurrent transmission in different channels for each node with multiple interfaces; MPR offers an increased number of concurrent transmissions on the same channel; DA can be more effective than omni‐DA by reducing interference and increasing spatial reuse. This paper explores the capacity of wireless networks that integrate MCMI, MPR, and DA technologies. Unlike some previous research, which only employed one or two of the aforementioned technologies to improve the capacity of networks, this research captures the capacity bound of the networks with all the aforementioned technologies in arbitrary and random wireless networks. The research shows that such three‐technology networks can achieve at most capacity gain in arbitrary networks and capacity gain in random networks compared with MCMI wireless networks without DA and MPR. The paper also explored and analyzed the impact on the network capacity gain with different , θ, and k‐MPR ability. Copyright © 2012 John Wiley & Sons, Ltd.     

Analysis of multi‐user detection of multi‐rate transmissions in multi‐cellular CDMA

In this paper, we address the issue of multi‐user receiver design in realistic multi‐cellular and multi‐rate CDMA systems based on performance analysis. We consider the multi‐user detection (MUD) technique, denoted interference subspace rejection (ISR), because it offers a wide range of canonic suppression modes that range in performance and complexity between interference cancellers and linear receivers. To further broaden our study, we propose a modified ISR scheme called hybrid ISR to cope better with multi‐rate transmissions. The performance analysis, which is based on the Gaussian assumption (GA) and validated by simulations, takes into account data estimation errors, carrier frequency mismatch, imperfect power control, identification errors of time‐varying multipath Rayleigh channels and intercell interference. This analysis enables us to optimize the selection of the MUD mode for multi‐rate transmissions in different operating conditions. The effectiveness of interference cancellation is indeed investigated under different mobile speeds, numbers of receiving antennas, near‐far situations, channel estimation errors, and out‐cell to in‐cell interference ratios. This investigation suggests that the out‐of‐cell interference, the residual in‐cell interference, the noise enhancement as well as low mobility favor the simplest MUD modes as they offer the best performance/complexity tradeoffs. Copyright © 2008 John Wiley & Sons, Ltd.     

Forgery attacks of an identity‐based multi‐proxy signature scheme

Multi‐proxy signature is used to delegate a permission of an owner to at least two proxies in the digital world. Recently, Sahu and Padhye gave a new construction of identity‐based multi‐proxy signature. Their scheme's security was supported by a reduction proof against a hard mathematical problem. Even supported by such security proofs, we present some forgery attacks against Sahu and Padhye's scheme. We demonstrate that any dishonest insider or any malicious outsider can break the security of Sahu and Padhye's scheme by forging either a permission or a multi‐proxy signature. In fact, our forgery attacks exploit the security weakness in their underlying identity‐based signature scheme, which is the fundamental constructing component of their proposed scheme. Copyright © 2014 John Wiley & Sons, Ltd.     

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

To provide mutual authentication and communication confidentiality between mobile clients and servers, numerous identity‐based authenticated key agreement (ID‐AKA) protocols were proposed to authenticate each other while constructing a common session key. In most of the existing ID‐AKA protocols, ephemeral secrets (random values) are involved in the computations of the common session key between mobile client and server. Thus, these ID‐AKA protocols might become vulnerable because of the ephemeral‐secret‐leakage (ESL) attacks in the sense that if the involved ephemeral secrets are compromised, an adversary could compute session keys and reveal the private keys of participants in an AKA protocol. Very recently, 2 ID‐AKA protocols were proposed to withstand the ESL attacks. One of them is suitable for single server environment and requires no pairing operations on the mobile client side. The other one fits multi‐server environments, but requires 2 expensive pairing operations. In this article, we present a strongly secure ID‐AKA protocol resisting ESL attacks under mobile multi‐server environments. By performance analysis and comparisons, we demonstrate that our protocol requires the lowest communication overhead, does not require any pairing operations, and is well suitable for mobile devices with limited computing capability. For security analysis, our protocol is provably secure under the computational Diffie‐Hellman assumption in the random oracle model.     

Stability‐aware multi‐metric clustering in mobile ad hoc networks with group mobility

Clustering can help aggregate the topology information and reduce the size of routing tables in a mobile ad hoc network (MANET). The maintenance of the cluster structure should be as stable as possible to reduce overhead and make the network topology less dynamic. Hence, stability measures the goodness of clustering. However, for a complex system like MANET, one clustering metric is far from reflecting the network dynamics. Some prior works have considered multiple metrics by combining them into one weighted sum, which suffers from intrinsic drawbacks as a scalar objective function to provide solution for multi‐objective optimization. In this paper, we propose a stability‐aware multi‐metric clustering algorithm, which can (1) achieve stable cluster structure by exploiting group mobility and (2) optimize multiple metrics with the help of a multi‐objective evolutionary algorithm (MOEA). Performance evaluation shows that our algorithm can generate a stable clustered topology and also achieve optimal solutions in small‐scale networks. For large‐scale networks, it outperforms the well‐known weighted clustering algorithm (WCA) that uses a weighted sum of multiple metrics. Copyright © 2008 John Wiley & Sons, Ltd.     

CAKA: a novel cache‐aware K‐anycast routing scheme for publish/subscribe‐based information‐centric network

In the past few years, many publish/subscribe‐based information‐centric network (PS‐ICN) architectures have been proposed and investigated to efficiently deliver information from content publishers to subscribers. However, most existing studies on PS‐ICN have not considered how to utilize in‐network caches, which is a common but important feature in ICN. To address this issue, in this paper, we propose a novel cache‐aware K‐anycast routing scheme, namely, CAKA, that can significantly improve the performance of content delivery. Specifically, we choose PURSUIT, which is one of the most important PS‐ICN architectures, and leverage its bidirectional communication procedure to do the following: (1) enable multiple publishers to send probing messages to the same subscriber; and (2) allow the subscriber to retrieve content objects using K‐anycast routing and network coding. In this study, we extend the PURSUIT protocol to support cache‐aware K‐anycast routing and design the algorithms to choose multiple partially disjointed paths for probing, and to select paths for content retrieval. To evaluate the performance of the proposed scheme, we develop not only a simulation testbed, but also a prototype running in a realistic network environment. Our studies show that the proposed scheme can significantly reduce the average hops to retrieve content objects, with very small overheads. Copyright © 2015 John Wiley & Sons, Ltd.     

A coordinated multi‐point‐based quality of service provision resource allocation scheme with inter‐cell interference mitigation

The paper investigates resource allocation via power control for inter‐cell interference (ICI) mitigation in an orthogonal frequency division multiple access‐based cellular network. The proposed scheme is featured by a novel subcarrier assignment mechanism at a central controller for ICI, which is further incorporated with an intelligent power control scheme. We formulate the system optimization task into a constrained optimization problem for maximizing accepted users' requirements. To improve the computation efficiency, a fast yet effective heuristic approach is introduced for divide and conquer. Simulation results demonstrate that the proposed resource allocation scheme can significantly improve the network capacity compared with a common approach by frequency reuse. Copyright © 2014 John Wiley & Sons, Ltd.     

Secure and privacy‐preserving keyword search retrieval over hashed encrypted cloud data

Cloud computing (CC) is the universal area in which the data owners will contract out their pertinent data to the untrusted public cloud that permits the data users to retrieve the data with complete integrity. To give data privacy along with integrity, majority of the research works were concentrated on single data owner for secure searching of encrypted data via the cloud. Also, searchable encryption supports data user to retrieve the particular encrypted document from encrypted cloud data via keyword search (KS). However, these researches are not efficient for keyword search retrieval. To trounce such drawbacks, this paper proposes efficient secure and privacy‐preserving keyword search retrieval (SPKSR) system, in which the user retrieves the hashed encrypted documents over hashed encrypted cloud data. The proposed system includes three entities explicitly, (a) data owner (DO), (b) cloud server (CS), and (c) data users (DU). The owner outsources hashed encrypted documents set, along with generated searchable index tree to the CS. The CS hoards the hashed encrypted document collection and index tree structure. DU performs the “search” over the hashed encrypted data. Experimental results of the proposed system are analyzed and contrasted with the other existent system to show the dominance of the proposed system.