Search Results (10)

In the advanced metering infrastructure (AMI), impersonation, eavesdropping, man-in-the-middle and other attacks occur in the process of communication between entities through public channels, which will lead to the leakage of user privacy or the incorrect issuance of control instructions, resulting in economic losses and even power system operation failures. In view of this situation, we design a lightweight key agreement scheme based on a chaotic map for the AMI. We use the chaotic map to replace the time-consuming bilinear pairing and elliptic curve method and establish a secure communication channel between legal entities. In addition, we also design a multicast key generation mechanism for message transmission in AMI. The security analysis proves the security of the proposed scheme in the random oracle model, which can meet the security characteristics of anonymity and forward secrecy, and can effectively resist common attacks such as impersonation, replay and man-in-the-middle. The performance analysis results show that the proposed scheme requires lower computational and communication costs than related schemes, so it is more suitable for AMI scenarios with limited resources. Full article

To achieve flexible sensing coverage with low deployment costs, mobile users need to contribute their equipment as sensors. Data integrity is one of the most fundamental security requirements and can be verified by digital signature techniques. In the mobile crowdsensing (MCS) environment, most sensors, such as smartphones, are resource-limited. Therefore, many traditional cryptographic algorithms that require complex computations cannot be efficiently implemented on these sensors. In this paper, we study the security of certificateless signatures, in particular, some constructions without pairing. We notice that there is no secure pairing-free certificateless signature scheme against the super adversary. We also find a potential attack that has not been fully addressed in previous studies. To handle these two issues, we propose a concrete secure construction that can withstand this attack. Our scheme does not rely on pairing operations and can be applied in scenarios where the devices’ resources are limited. Full article

Vehicular Ad Hoc Networks (VANETs) take moving vehicles and transport facilities as nodes to form mobile networks through wireless communication technology. Its application increases traffic safety and promotes the development of intelligent transport. However, VANETs have security concerns in data transmission. Fortunately, aggregate signature schemes can enhance security and efficiency in the VANETs. Nevertheless, some aggregated signature schemes for VANETs still have security concerns. In this paper, we conduct a security analysis of a conditional privacy-preserving CLAS scheme for VANETs proposed recently. The analysis reveals that the scheme exhibits vulnerabilities to the KGC attack and public key replacement attack. We propose an improved scheme to fix security vulnerabilities in response to these issues. Subsequently, formal and informal security assessments are conducted for the improved scheme, demonstrating that it fulfills security requisites. Furthermore, performance assessment demonstrates the practical viability of the refined scheme. Full article

Ensuring the secure sharing of privacy-sensitive healthcare data is attracting considerable interest from researchers. Recently, Ogundoyin et al. designed a lightweight privacy-preserving authentication scheme named PAASH for smart health applications. Benil et al. proposed a public verification and auditing scheme named ECACS for securing e-health systems. Ogundoyin et al. and Benil et al. proposed an efficient certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They declared that their constructions were provably secure under the hardness assumption of cryptographic problems. In this work, we disprove their claim by analyzing the correctness and security of their underlying CLAS schemes. We first show that the batch verification process of n signatures for the CLAS scheme in PAASH is incorrect, and any public-key replacement attacker can easily break the scheme. We analyze the reasons for our attack and propose an improved scheme, named PAASH${}^{+}$. We then show that the CLAS scheme in ECACS fails to achieve correctness, an essential property that a cryptographic scheme should provide. As a result, it is impractical to deploy the designed PAASH and ECACS constructions in any real smart health applications. Full article

In the cloud, uploading encrypted data is the most effective way to ensure that the data are not leaked. However, data access control is still an open problem in cloud storage systems. To provide an authorization mechanism to limit the comparison of a user’s ciphertexts with those of another, public key encryption supporting the equality test with four flexible authorizations (PKEET-FA) is presented. Subsequently, more functional identity-based encryption supporting the equality test (IBEET-FA) further combines identity-based encryption with flexible authorization. The bilinear pairing has always been intended to be replaced due to the high computational cost. Hence, in this paper, we use general trapdoor discrete log groups to construct a new and secure IBEET-FA scheme, which is more efficient. The computational cost for the encryption algorithm in our scheme was reduced to 43% of that of the scheme of Li et al. In Type 2 and 3 authorization algorithms, the computational cost of both was reduced to 40% of that of the scheme of Li et al. Furthermore, we give proof that our scheme is secure against one-wayness under the chosen identity and chosen ciphertext attacks (OW-ID-CCA), and indistinguishable against chosen identity and chosen ciphertext attacks (IND-ID-CCA). Full article

Lattice and code cryptography can replace existing schemes such as elliptic curve cryptography because of their resistance to quantum computers. In support of public key infrastructures, the distribution, validation and storage of the cryptographic keys is then more complex for handling longer keys. This paper describes practical ways to generate keys from physical unclonable functions, for both lattice and code-based cryptography. Handshakes between client devices containing the physical unclonable functions (PUFs) and a server are used to select sets of addressable positions in the PUFs, from which streams of bits called seeds are generated on demand. The public and private cryptographic key pairs are computed from these seeds together with additional streams of random numbers. The method allows the server to independently validate the public key generated by the PUF, and act as a certificate authority in the network. Technologies such as high performance computing, and graphic processing units can further enhance security by preventing attackers from making this independent validation when only equipped with less powerful computers. Full article

The Internet of Things (IoT) environment consists of numerous devices. In general, IoT devices communicate with each other to exchange data, or connect to the Internet through a gateway to provide IoT services. Most IoT devices participating in the IoT service are lightweight devices, in which the existing cryptographic algorithm cannot be applied to provide security, so a more lightweight security algorithm must be applied. Cryptographic technologies to lighten and provide efficiency for IoT environments are currently being studied a lot. In particular, it is necessary to provide efficiency for computation at a gateway, a point where many devices are connected. Additionally, as many devices are connected, data authentication and integrity should be fully considered at the same time, and thus digital signature schemes have been proposed. Among the recently studied signature algorithms, the certificateless signature (CLS) based on certificateless public key cryptography (CL-PKC) provides efficiency compared to existing public key-based signatures. However, in CLS, security threats, such as public key replacement attacks and signature forgery by the malicious key generation center (KGC), may occur. In this paper, we propose a new signature scheme using CL-PKC in generating and verifying the signature of a message in an IoT environment. The proposed scheme is a certificateless aggregate arbitrated signature, and the gateway aggregates the signatures of messages generated by the device group to reduce the size of the entire signature. In addition, it is designed to be safe from security threats by solving the problems caused by public key replacement attacks and malicious KGC, and adding arbitrated signatures of the gateway to strengthen non-repudiation. Full article

With the widespread application of the Internet of Things (IoT), ensuring communication security for IoT devices is of considerable importance. Since IoT data are vulnerable to eavesdropping, tampering, forgery, and other attacks during an open network transmission, the integrity and authenticity of data are fundamental security requirements in the IoT. A certificateless signature (CLS) is a viable solution for providing data integrity, data authenticity, and identity identification in resource-constrained IoT devices. Therefore, designing a secure and efficient CLS scheme for IoT environments has become one of the main objectives of IoT security research. However, the existing CLS schemes rarely focus on strong unforgeability and replay attacks. Herein, we design a novel CLS scheme to protect the integrity and authenticity of IoT data. In addition to satisfying the strong unforgeability requirement, the proposed scheme also resists public key replacement attacks, malicious-but-passive key-generation-centre attacks, and replay attacks. Compared with other related CLS schemes without random oracles, our CLS scheme has a shorter private key, stronger security, and lower communication and computational costs. Full article

The spoofing attack is one of the security threats of systems depending on the Global Navigation Satellite System (GNSS). There have been many GNSS spoofing detection methods, and each of them focuses on a characteristic of the GNSS signal or a measurement that the receiver has obtained. The method based on a single detector is insufficient against spoofing attacks in some scenarios. How to fuse multiple detections together is a problem that concerns the performance of GNSS anti-spoofing. Scholars have put forward a model to fuse different detection results based on the Dempster-Shafer theory (DST) of evidence combination. However, there are some problems in the application. The main challenge is the valuation of the belief function, which is a key issue in DST. This paper proposes a practical method of detections’ fusion based on an approach to assign the belief function for spoofing detections. The frame of discernment is simplified, and the hard decision of hypothesis testing is replaced by the soft decision; then, the belief functions for some detections can be evaluated. The method is discussed in detail, and a performance evaluation is provided, as well. Detections’ fusion reduces false alarms of detection and makes the result more reliable. Experimental results based on public test datasets demonstrate the performance of the proposed method. Full article

Limited energy is the most critical constraint that limits the capabilities of wireless sensor networks (WSNs). Most sensors operate on batteries with limited power. Battery recharging or replacement may be impossible. Security mechanisms that are based on public key cryptographic algorithms such as RSA and digital signatures are prohibitively expensive in terms of energy consumption and storage requirements, and thus unsuitable for WSN applications. This paper proposes a new fragile watermarking technique to detect unauthorized alterations in WSN data streams. We propose the FWC-D scheme, which uses group delimiters to keep the sender and receivers synchronized and help them to avoid ambiguity in the event of data insertion or deletion. The watermark, which is computed using a hash function, is stored in the previous group in a linked-list fashion to ensure data freshness and mitigate replay attacks, FWC-D generates a serial number SN that is attached to each group to help the receiver determines how many group insertions or deletions occurred. Detailed security analysis that compares the proposed FWC-D scheme with SGW, one of the latest integrity schemes for WSNs, shows that FWC-D is more robust than SGW. Simulation results further show that the proposed scheme is much faster than SGW. Full article