Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several securi...Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.展开更多
An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-e...An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.展开更多
An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is propo...An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.展开更多
When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authen...When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et aL's scheme, we propose an improvement in this paper.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentica...In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentication that exploits the measurement correlation of six-particle entangled states is proposed. In contrast to some recently proposed quantum key agreement protocols with authentication, this protocol requires neither a semi-trusted third party nor additional private keys in the authentication process. The entire process of authentication and key agreement can be achieved using only n six-particle entangled states, which saves communication costs and reduces the complexity of the authentication process.Finally, security analysis shows that this scheme is resistant to some important attacks.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
An authenticated group key agreement protocol suite (PAGKA) based on pairings is presented in this paper. This suite extends an efficient Diffie-Hellman-based protocol suite by introducing parings on elliptic curves a...An authenticated group key agreement protocol suite (PAGKA) based on pairings is presented in this paper. This suite extends an efficient Diffie-Hellman-based protocol suite by introducing parings on elliptic curves and public-key certificates. The result suite builds its security on the hardness of the bilinear Diffie-Hellman (BDH) problem in the random oracle model, and provides implicit key authentication, perfect forward secrecy and unknown key-share secrecy.展开更多
Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the ...Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.展开更多
基金supported by National Key Research and Development Program of China under Grant 2021YFE0205300Tianjin Natural Science Foundation(19JCYBJC15700)。
文摘Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.
基金Sponsored bythe National Natural Science Foundation of China(60203012)
文摘An enhanced definition of implicit key authentication and a secure group key agreement scheme from pairings are presented. This scheme combines the merits of group public key and key trees to achieve a communication-efficient and authenticated group key agreement protocol. Besides, it avoids dependence on signature or MAC by involving member's long-term keys and short-term keys in the group key. Furthermore, the idea behind this design can be employed as a general approach to extend the authenticated two-party Diffie-Hellman protocols to group settings.
基金supported by a grant from the National Natural Science Foundation of China (10961013)
文摘An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.
基金supported by National Science Council under Grant No. 98-2221-E-025-007- and 99-2410-H-025-010-MY2
文摘When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et aL's scheme, we propose an improvement in this paper.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
基金the National Science Foundation of Sichuan Province, China (Grant No. 2022NSFSC0534)Major Science, and Techonolgy Application Demonstration Project in Chengdu (Grant No. 2021-YF09-0116-GX)。
文摘In order to make the quantum key agreement process immune to participant attacks, it is necessary to introduce the authentication in the communication process. A quantum key agreement protocol with identity authentication that exploits the measurement correlation of six-particle entangled states is proposed. In contrast to some recently proposed quantum key agreement protocols with authentication, this protocol requires neither a semi-trusted third party nor additional private keys in the authentication process. The entire process of authentication and key agreement can be achieved using only n six-particle entangled states, which saves communication costs and reduces the complexity of the authentication process.Finally, security analysis shows that this scheme is resistant to some important attacks.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
文摘An authenticated group key agreement protocol suite (PAGKA) based on pairings is presented in this paper. This suite extends an efficient Diffie-Hellman-based protocol suite by introducing parings on elliptic curves and public-key certificates. The result suite builds its security on the hardness of the bilinear Diffie-Hellman (BDH) problem in the random oracle model, and provides implicit key authentication, perfect forward secrecy and unknown key-share secrecy.
基金supported by the National Key Research and Development Program of China (No. 2017YFC0820603)
文摘Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.
