摘要:
With the rapid development of IoT technology, smart homes have emerged. At the same time, data security and privacy protection are also of great concern. However, the traditional centralized authentication scheme has defects such as single point of failure, poor scalability, center dependence, vulnerability to attacks, etc., and is not suitable for the distributed and dynamically changing smart home environment. Thus, many researchers have proposed decentralized authentication schemes based on blockchain technology. Although many characteristics of blockchain technology such as decentralization, non -tampering, and solving single point of failure have good application scenarios in authentication, the mature integration of the two applications has to be further explored. For example, the introduction of blockchain also brings security issues; the balance between security and performance in most blockchain-based authentication schemes remains to be investigated; and resource -constrained IoT devices tend to perform a large number of intensive computations, which is clearly inappropriate. Consequently, this paper introduces fog computing in blockchain-based authentication schemes, proposes a network architecture in which cloud and fog computing work together, and investigates the security and performance issues of authentication schemes under this architecture. Finally, formal and informal security analysis show that our scheme has multiple security properties, and our scheme has better performance than existing solutions.
作者机构:
[Guo, Yajun; Duan, Xinrui] Cent China Normal Univ, Sch Comp Sci, Luoyu Rd, Wuhan 430079, Hubei, Peoples R China.;[Guo, Yimin] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, South Lake Ave, Wuhan 430073, Hubei, Peoples R China.
通讯机构:
[Guo, YJ ] C;Cent China Normal Univ, Sch Comp Sci, Luoyu Rd, Wuhan 430079, Hubei, Peoples R China.
关键词:
Authentication protocol;Vehicular ad hoc networks;Blockchain;Physically unclonable function;Vehicular fog services;Conditional anonymity
摘要:
With the advances in smart vehicles and fog computing, Fog computing is extended to traditional Vehicular Ad Hoc Networks (VANETs). As a geographically distributed paradigm, Vehicle Fog Service (VFS) overcomes the limitations of VANETs in real-time response and location awareness. It supports a wide range of traffic information services, such as road warnings, congestion control, and autonomous driving. Secure communication between VFS entities is a critical problem in an open network. Meanwhile, most fog nodes are deployed in the public domain and are vulnerable to physical attacks. This paper proposes a secure authentication scheme for VFS to address the above issues. The scheme combines blockchain and physical unclonable function (PUF) to achieve two-way authentication of on-board units (OBU) and road side units (RSU) with the untrusted fog nodes. Our scheme provides conditional anonymity and non-repudiation, offering recourse in case of malicious behavior. Unlike other schemes, the proposed scheme only needs to determine whether the pseudo-identity has a revocation tag instead of scanning the whole certificate revocation list (CLS), significantly reducing the computational overhead. In addition, we use the Real-Or-Random ROR model and formally prove that the proposed scheme is provably secure, and informal security analysis shows that the scheme is robust to various known attacks. Finally, compared with existing schemes, our scheme maintains lower communication and computation costs and provides more security features, which shows that our scheme is more suitable for secure VFS environments.
摘要:
Manned-unmanned teaming (MUM-T) is an emerging network system which interconnects manned aerial vehicles (MAVs) with unmanned aerial vehicles (UAVs) to enhance mission effectiveness and reduce workloads. Like other wireless systems, MUM-T is prone to attacks from the open communication channel. Therefore, an authentication scheme is required to establish secure and trusted communication between the MAV and the UAV. However, existing schemes fail to provide adequate security features and necessary efficiency, mostly due to their incomprehensive threat modeling and improper use of authentication techniques. Moreover, traditional centralized architecture of the authentication server leads to the single point of failure (SPOF) problem, which jeopardizes the robustness and scalability of MUM-T. In this paper, we propose a fault-tolerant authentication scheme for MUM-T that will solve these problems. To enhance its security, we construct a new threat model consisting of adversary's capabilities, security features, and security challenges to ensure the security of a scheme under combination attacks. To preserve the highest possible efficiency, we propose the design principle of using lightweight primitives for authentication and applying public key operations in key establishment. To address the SPOF problem, we employ a distributed fault-tolerant mechanism to share registration information within authentication servers and defend against faulty nodes. As is demonstrated by the security proof and performance comparison, our scheme succeeds in improving security and reducing overall costs, which provides a better solution than existing schemes.
期刊:
IEEE Transactions on Information Forensics and Security,2024年19:4615-4627 ISSN:1556-6013
通讯作者:
Guo, YM
作者机构:
[Guo, Yimin; Zhang, Chengde; Guo, YM; Yang, Fan; Xiong, Ping] Zhongnan Univ Econ & Law, Sch Informat & Secur Engn, Wuhan 430073, Peoples R China.;[Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan 430079, Peoples R China.
通讯机构:
[Guo, YM ] Z;Zhongnan Univ Econ & Law, Sch Informat & Secur Engn, Wuhan 430073, Peoples R China.
关键词:
Authentication;explicit attack;implicit attack;security;Internet of Things (IoT)
摘要:
Designing an efficient and secure authentication scheme is a significant means to ensure the security of IoT systems. Hundreds of authentication schemes tailored for IoT environments have been proposed in recent years, and regrettably, many of them were soon found to have succumbed to security vulnerabilities. In an effort to investigate the underlying reason for this, Wang et al. (at TIFS'23) recently analyzed the vulnerability of authentication schemes from the perspective of provable security. However, we observe that some authentication schemes with sound security proofs and heuristic security analysis are also not resistant to certain attacks, and even those that have been improved several times are still not immune. To explore the deep-seated reasons for security vulnerabilities in IoT authentication schemes, we divide security attacks into explicit and implicit attacks and find that many authentication schemes exhibit security under explicit attacks but are rendered vulnerable under implicit attacks. Further, we propose the relationship between the design goals of security attributes of authentication schemes and implicit attacks, analyze the vulnerability of three typical authentication schemes under implicit attacks, and find that only the security attributes capable of resisting the strongest implicit attacks are secure. Finally, we offer some specific suggestions on how to achieve the security attribute goals.
期刊:
Pervasive and Mobile Computing,2024年98:101877 ISSN:1574-1192
通讯作者:
Guo, YM
作者机构:
[Guo, Yimin; Zhang, Chengde; Guo, YM; Yang, Fan; Xiong, Ping] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan, Peoples R China.;[Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan, Peoples R China.
通讯机构:
[Guo, YM ] Z;Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan, Peoples R China.
关键词:
Cryptography;Internet of things;Security systems;Authentication scheme;End to end;Haptic control;Haptics;Industrial internet of thing;Key agreement;Provably secure;Security;Security and privacy;Tactile internet;Authentication
期刊:
IEEE INTERNET OF THINGS JOURNAL,2024年11(2):3348-3361 ISSN:2327-4662
通讯作者:
Guo, YM
作者机构:
[Guo, Yimin; Guo, YM; Xiong, Ping] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan 430073, Peoples R China.;[Zhang, Zhenfeng] Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Inst Software, Beijing 100045, Peoples R China.;[Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan 430079, Hubei, Peoples R China.
通讯机构:
[Guo, YM ] Z;Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan 430073, Peoples R China.
关键词:
Authentication;blockchain;fog-enabled Internet of Things (IoT);key agreement;physical unclonable functions (PUFs)
摘要:
The insufficient trustworthiness of fog nodes in fog computing leads to new security and privacy problems in communication between entities. Existing authentication schemes rely on a trusted third party, or assume that fog nodes are trustworthy, or the authentication overhead is high, which is inconsistent with the characteristics of fog computing. To solve the problem of secure communication in the fog computing environment, we propose an efficient blockchain-based secure remote authentication protocol for the fog-enabled Internet of Things (BSRA). Specifically, blockchain is introduced to construct distributed trust for the fog computing environment. Only lightweight cryptographic primitives, such as physical unclonable functions (PUFs) and cryptographic hash functions, are exploited to design the authentication scheme. In addition, we use temporary identities and the authentication-piggybacking-synchronization to ensure the anonymity and effectiveness of the authentication scheme. We conduct security analysis to demonstrate that BSRA can provide guarantees against various known attacks. We also evaluate the performance of BSRA from several aspects, and the results show that BSRA is effective.
期刊:
Pervasive and Mobile Computing,2023年95:101843 ISSN:1574-1192
通讯作者:
Guo, YJ
作者机构:
[Guo, Yajun; Yang, Huan] Cent China Normal Univ, Sch Comp, Luoyu Rd 152, Wuhan 430079, Peoples R China.;[Guo, Yimin] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, South Lake Ave 182, Wuhan 430073, Peoples R China.
通讯机构:
[Guo, YJ ] C;Cent China Normal Univ, Sch Comp, Luoyu Rd 152, Wuhan 430079, Peoples R China.
关键词:
Authentication;Automation;Cryptography;Fog;Hardware security;Internet of things;Security systems;Authentication scheme;Home devices;Key establishment schemes;Low latency;Real time interactions;Security;Security datum;Smart homes;Smart-home system;Three party authentication;Fog computing
摘要:
With the rise of Internet of Things (IoT), the smart home is another emerging concept and application of IoT, where security and private data of devices are important. In this paper, fog computing is applied to the smart home environment, where fog can provide many smart features and services to the smart home. Fog computing has many advantages, such as low latency and real-time interaction. However, when fog computing is combined with smart home, it also faces some security threats: first, some fog nodes and smart home devices are deployed in public places, vulnerable to damage or theft by attackers, not considered fully trusted, and vulnerable to device loss/theft attacks, impersonation attacks, and message tampering attacks, etc. These threats can lead to adversaries controlling devices in the smart home or modifying messages to make smart home devices execute wrong commands, causing irreparable damage; Second, the smart home system should have good real-time interaction, and the authentication process using the low latency feature of fog computing should not be involved by the cloud. Considering these, it is necessary to design a secure and effective fog-enabled smart home authentication system that is secure against various known attacks, especially when the fog node is not fully trusted or the smart home device is captured as well. Finally, the authentication scheme should also be lightweight due to the limited resources of many smart home devices. To address these issues, this paper proposes a lightweight authentication scheme for the fog-enabled smart home system. It also employs a physical unclonable function to achieve mutual authentication among three parties: smart home devices, fog nodes and users. Formal security analysis under the Real-Or-Random model shows that this scheme is provably secure. And informal security analysis shows that our scheme is robust against various known attacks. At the same time, the proposed scheme requires less computation cost (8.239 ms) and is approximately 40% to 390% faster than existing related schemes. Although the communication cost is slightly higher (4512 bits), it is reasonable because the proposed scheme implements fog/gateway node compromised attack that has not been achieved by any other existing related schemes.
期刊:
Peer-to-Peer Networking and Applications,2023年16(3):1340-1353 ISSN:1936-6442
通讯作者:
Wu, AML
作者机构:
[Wu, AML; Wu, Anmulin; Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan 430079, Peoples R China.;[Guo, Yimin] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan 430073, Peoples R China.
通讯机构:
[Wu, AML ] C;Cent China Normal Univ, Sch Comp, Wuhan 430079, Peoples R China.
关键词:
Internet of Vehicles;Blockchain;Mobile edge computing;Authentication mechanism;Privacy protection
摘要:
Blockchain technology can provide excellent support for identity authentication and access control mechanisms. In particular, blockchain technology can ensure that large amounts of confidential data generated by the Internet of Vehicles devices are stored and transmitted in a safe and reliable environment, which is the key to making system services optimal. In addition, mobile edge computing is the best solution for IoV applications to deal with low latency and limited computing and storage capacity of vehicle-mounted devices. Mobile edge computing can help IoV systems achieve a variety of functions and features, the most important of which is the ability to process terminal data in real-time. Even though the amount of data generated by IoV devices is growing rapidly, the system is still characterized by low latency and high efficiency. Because the communication between IoV devices is carried out in an untrusted environment, it is particularly important to design a secure and effective identity authentication scheme. Therefore, this paper proposes an efficient, safe, and time-sensitive authentication mechanism for devices on the Internet of Vehicles, which applies to a large number of scenarios. The mechanism is based on the blockchain concept and mobile edge computing technology. Security analysis shows that the proposed scheme meets the security requirements of the Internet of Vehicles and is resistant to many known attacks. By comparing with existing advanced IoT authentication schemes, the performance evaluation of the mechanism shows that the scheme enhances security features while reducing computation and communication overhead.
期刊:
IEEE TRANSACTIONS ON SERVICES COMPUTING,2023年16(6):4102-4114 ISSN:1939-1374
通讯作者:
Guo, YM
作者机构:
[Guo, Yimin; Guo, YM] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan 430073, Hubei, Peoples R China.;[Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan 430079, Hubei, Peoples R China.
通讯机构:
[Guo, YM ] Z;Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan 430073, Hubei, Peoples R China.
关键词:
Internet of Things (IoT);authentication;robust synchronization;anonymity;perfect forward secrecy
摘要:
Anonymity, robust synchronization, and perfect forward secrecy are the most important security properties of authenticated key agreement (AKA) protocols. Designing AKA protocols that simultaneously achieve these security properties and availability in the IoT environment is a challenging task. AKA protocols built using public key cryptographic primitives have advantages in achieving these critical security properties, but performing expensive public-key cryptographic operations is inefficient for resource-constrained IoT devices. The authentication protocols based on symmetric cryptographic primitives are often subject to various attacks. This paper proposes a secure lightweight AKA protocol with critical security properties (called CS-LAKA) for IoT environments without using public-key cryptographic primitives. LAKA cleverly achieves the security goals of anonymity, robust synchronization, and perfect forward secrecy by embedding dynamic identities in authenticators, and a few additional exchange messages are added. This enables LAKA to have both robust security and high efficiency. Subsequently, we perform a formal security analysis to prove that LAKA is secure, and compared with existing related schemes, LAKA has obvious advantages in terms of security, functionality and running performance.
摘要:
Wearable computing has been used in a wide range of applications. But wearable computing often suffers from various security and privacy issues. To solve these issues, many effective authentication schemes have been proposed. However, most of the existing schemes are vulnerable to various known attacks (such as desynchronization attack, privileged-insider attack, and anonymity attack), or require high computation and communication costs, and are not suitable for resource-constrained wearable devices, or simultaneous verification of multiple wearable devices is not supported. Therefore, in this paper, we propose a new anonymous authentication and group proof protocol for wearable computing, which achieves mutual authentication between the wearable device and user and between user and cloud server, and generates a group proof for multiple wearable devices. Further, we extend the Real-Or-Random (ROR) model to support anonymity and group proof, and formally prove that the proposed scheme is provably secure under the extended security model. In addition, the informal security analysis is demonstrated that the proposed scheme is more resilient against known attacks. Finally, compared with some existing schemes, the proposed scheme offers more functionality features and requires less communication and computation costs.
作者机构:
[Guo, Yimin; Guo, YM] Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan, Peoples R China.;[Zhang, Zhenfeng] Chinese Acad Sci, Inst Software, Trusted Comp & Informat Assurance Lab, Beijing, Peoples R China.;[Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan, Peoples R China.
通讯机构:
[Guo, YM ] Z;Zhongnan Univ Econ & Law, Sch Informat & Safety Engn, Wuhan, Peoples R China.
关键词:
Authentication;Fog computing;Lightweight;Security;Smart home
摘要:
Fog computing is the best solution for IoT applications with low latency and real-time interaction. Fog can endow smart home with many smart functions and services. One of the most important services is that users can remotely access and control smart devices. Since remote users and smart homes communicate through insecure channels, it is necessary to design a secure and effective remote authentication scheme to guarantee secure communications. The existing authentication schemes designed for smart homes have some security issues and are not suitable for fog-enabled smart home environments. Therefore, this paper designs a secure remote user authentication scheme, SecFHome. It supports secure communication at the edge of the network and remote authentication in fog-enabled smart home systems. Specifically, We present an efficient authentication mode in the fog-enabled environment, which includes the edge negotiation phase and the authentication phase. SecFHome adds updated information to the authenticator, which can verify the message synchronization simultaneously with the authentication, thus improving the authentication efficiency. In addition, SecFHome does not store sensitive information of users and smart devices in the memory of the smart gateway, which can avoid various attacks caused by the compromised gateway. The formal security proof and informal security analysis show that the SecFHome is secure and can resist known attacks. Compared with the related authentication schemes, SecFHome only needs fewer communication costs and computation costs, and achieves more security features.
作者机构:
[郭奕旻; 熊平] School of Information and Safety Engineering, Zhongnan University of Economics and Law, Wuhan;430073, China;[张振峰] Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing;100190, China;[郭亚军] School of Computer, Central China Normal University, Wuhan
关键词:
Authentication;fog computing;Internet of Things;security
摘要:
Fog computing can effectively provide a variety of application support for the fast-growing number of Internet of Things devices. However, the unique characteristics of fog computing also bring new security problems, especially the identity authentication in fog computing will face new challenges: Low latency (cloud servers should not be involved in authentication); fog servers are not completely trusted; robustness (no user reregistration is required when a fog server leaves fog) and lightweight (fog devices have constrained resources). In order to solve these problems faced by identity authentication in fog computing, we propose an authentication scheme suitable for fog computing environment, which implements mutual authentication between fog users and fog devices with the cooperation of incompletely trusted fog servers. Formal security analysis using the extended real-or-random (ROR) model shows that the proposed scheme is provably secure, and informal security analysis shows that the proposed scheme can resist known attacks. Compared with existing schemes, the proposed scheme supports more functionality features. In addition, a comparative analysis of the communication costs and calculation costs of various schemes shows that our scheme is more suitable for application in fog computing environment than the existing schemes.
摘要:
Generating honeywords for each user's account is an effective way to detect whether password databases are compromised. However, there are several underlying security issues associated with honeyword techniques that need to be addressed, for example, (1) How to make it more difficult for an attacker to find an accurate match of "username-real password"? (2) How to prevent the intersection attack in multiple systems caused by password reuse without reducing usability? (3) How to reduce the success rate of targeted password guessing? In this study, we first propose a "matching attack" model and find that although Erguler's honeyword system can achieve perfect flatness, the success rate of the attacker is 100% under matching attack. Secondly, we propose a new honeyword approach named Superword that isolates the direct relationship between username and the corresponding hashed password in password files. Additional honeypots are mixed with real accounts to detect online guessing attacks. The analysis reveals that our approach makes a matching attacker difficult to find a real password from N password hashes. Since there is no connection between the username and password in password files, our honeyword system also alleviates the multiple systems intersection attack and targeted password guessing. (c) 2019 Elsevier Ltd. All rights reserved.
摘要:
Since Sweeney first proposed the k-anonymity algorithm to protect the security of published data, many researchers have proposed improved algorithms based on the framework of k-anonymity. However, the existing algorithms have not reached the optimal performance in anonymity. An effective anonymity algorithm should be able to solve a basic contradiction-optimal accuracy and security trade-off. To achieve the goal, this paper first develops a new quantitative criterion for the basic contradiction based on classical probability theory. Specifically, the criterion is used to measure the possibility that the individual might experience privacy disclosure and the degree of global security and global accuracy. Through this criterion, then we can derive an optimal division theory to obtain a certain global accuracy by the minimum global security loss. The experiment result shows that the performance of our new algorithm nearly reaches the optimal balance between accuracy and security.
