Your search keyword '"Fushan WEI"' showing total 35 results

1. GRU-based multi-scenario gait authentication for smartphones

Author

Qi JIANG, Ru FENG, Ruijie ZHANG, Jinhua WANG, Ting CHEN, and Fushan WEI

Subjects

continuous authentication, gait behavior, multi-sensor, GRU, Electronic computers. Computer science, QA75.5-76.95

Abstract

At present, most of the gait-based smartphone authentication researches focus on a single controlled scenario without considering the impact of multi-scenario changes on the authentication accuracy.The movement direction of the smartphone and the user changes in different scenarios, and the user’s gait data collected by the orientation-sensitive sensor will be biased accordingly.Therefore, it has become an urgent problem to provide a multi-scenario high-accuracy gait authentication method for smartphones.In addition, the selection of the model training algorithm determines the accuracy and efficiency of gait authentication.The current popular authentication model based on long short-term memory (LSTM) network can achieve high authentication accuracy, but it has many training parameters, large memory footprint, and the training efficiency needs to be improved.In order to solve the above problems a multi-scenario gait authentication scheme for smartphones based on Gate Recurrent Unit (GRU) was proposed.The gait signals were preliminarily denoised by wavelet transform, and the looped gait signals were segmented by an adaptive gait cycle segmentation algorithm.In order to meet the authentication requirements of multi-scenario, the coordinate system transformation method was used to perform direction-independent processing on the gait signals, so as to eliminate the influence of the orientation of the smartphone and the movement of the user on the authentication result.Besides, in order to achieve high-accuracy authentication and efficient model training, GRUs with different architectures and various optimization methods were used to train the gait model.The proposed scheme was experimentally analyzed on publicly available datasets PSR and ZJU-GaitAcc.Compared with the related schemes, the proposed scheme improves the authentication accuracy.Compared with the LSTM-based gait authentication model, the training efficiency of the proposed model is improved by about 20%.

Published

2022

2. A Novel Estimator for TDOA and FDOA Positioning of Multiple Disjoint Sources in the Presence of Calibration Emitters

Author

Ding Wang, Peichang Zhang, Zeyu Yang, Fushan Wei, and Cheng Wang

Subjects

Target localization, unmanned aerial vehicle (UAV), time difference of arrival (TDOA), frequency difference of arrival (FDOA), multiple targets, Calibration emitters, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Multiple-target localization is extensively applied in wireless connected networks. However, sensor location uncertainty is known to degrade significantly the target localization accuracy. Fortunately, calibration emitters such as unmanned aerial vehicles (UAV) with known location can be used to reduce the loss in localization accuracy due to sensor location errors. This paper is devoted to the use of UAV calibration emitters for time differences of arrival (TDOA) and frequency differences of arrival (FDOA) positioning of multiple targets. The study starts with deriving the Cramér-Rao bound (CRB) for TDOA/FDOA-based target location estimate when several UAV calibration signals are available. Subsequently, the paper presents an iterative constrained weighted least squares (ICWLS) estimator for multiple-target joint localization using TDOA/FDOA measurements from both target sources and UAV calibration emitters. The newly proposed method consists of two stages. In the first phase, the sensor locations are refined based on the calibration measurements as well as the prior knowledge of sensor locations. The second step provides the estimate of multiple-target locations by combining the measurements of target signals as well as the estimated values in the first phase. An efficient ICWLS algorithm is presented at each stage. Both the two algorithms are implemented by using matrix singular value decomposition (SVD), which is able to provide a closed-form solution and update the weighting matrix at every iteration. Finally, the convergence behavior and estimation mean-square-error (MSE) of the new estimator are deduced. Both theoretical analysis and simulation results show that the developed method can improve the TDOA/FDOA localization accuracy obviously with the help of UAV calibration emitters.

Published

2020

3. On the use of calibration emitters for TDOA source localization in the presence of synchronization clock bias and sensor location errors

Author

Ding Wang, Jiexin Yin, Xin Chen, Changgui Jia, and Fushan Wei

Subjects

Emitter location, Time difference of arrival (TDOA), Synchronization clock bias, Sensor location uncertainty, Taylor-series, Cramér–Rao bound (CRB), Telecommunication, TK5101-6720, Electronics, TK7800-8360

Abstract

Abstract Time difference of arrival (TDOA) positioning is one of the widely applied techniques for locating an emitting source. Unfortunately, synchronization clock bias and random sensor location perturbations are known to significantly degrade the TDOA localization accuracy. This paper studies the use of a set of calibration sources, whose locations are accurately known to an estimator, to reduce the loss in localization accuracy caused by synchronization offsets and sensor location errors. Under the Gaussian noise assumption, we first derive the Cramér–Rao bound (CRB) for parametric estimation with the use of calibration emitters. Some explicit CRB expressions are obtained, and the performance improvement due to the introduction of the calibration sources is also quantified through the CRB analysis. In order to achieve the optimum localization accuracy, we proceed to propose new localization methods using the TDOA measurements from both target source and calibration emitters. Specifically, two dimension-reduction Taylor-series iterative algorithms are developed, and both of them have two stages. The first stage estimates the clock bias and refines the sensor positions by using the calibration TDOA measurements and the prior knowledge of sensor locations. The second stage provides the estimates of source location by combining the TDOA measurements of target signal and the estimated values in the first phase. The mean square errors (MSEs) of the proposed methods are shown analytically to achieve the corresponding CRB by applying the first-order perturbation analysis. Simulations are used to corroborate and support the theoretical development in this paper.

Published

2019

4. Model Learning and Model Checking of IPSec Implementations for Internet of Things

Author

Jiaxing Guo, Chunxiang Gu, Xi Chen, and Fushan Wei

Subjects

IPSec protocol, model learning, model checking, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the development of Internet of Things (IoT) technology, the demand for secure communication by smart devices has dramatically increased, and the security of the IoT protocol has become the focus of cyberspace. Recently, some scholars have attempted to extend the IPSec protocol to IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) to ensure end-to-end security, which makes it essential to analyze the vulnerability of the IPSec protocol to enhance the security of the IoT. In this study, we use a method combining model learning and model checking to analyze the dynamic vulnerability of IPSec protocol implementations. This method automatically infers the black-box model and compares it with the relevant specifications to expose the defects of the system implementation and search its logic vulnerabilities. We first employ model learning on three IPSec implementations to infer state machine models; then, we use model checking to verify that these models satisfy basic security properties and conform to the RFCs. Our analysis reveals three new security issues: a wrong interaction causing server exception and two violations of the standard.

Published

2019

5. CBD: A Deep-Learning-Based Scheme for Encrypted Traffic Classification with a General Pre-Training Method

Author

Xinyi Hu, Chunxiang Gu, Yihang Chen, and Fushan Wei

Subjects

encrypted traffic classification, deep learning, transfer learning, nature language processing, unlabeled pre-training, Chemical technology, TP1-1185

Abstract

With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model.

Published

2021

6. A Secure User Authentication Scheme against Smart-Card Loss Attack for Wireless Sensor Networks Using Symmetric Key Techniques

Author

Lei Chen, Fushan Wei, and Chuangui Ma

Subjects

Electronic computers. Computer science, QA75.5-76.95

Abstract

User authentication in wireless sensor networks (WSNs) is a critical security issue due to their unattended and hostile deployment in the field. In order to protect the security of real-time data query from an external user, many two-factor (password and smart-card) user authentication schemes are proposed. However, most of them are insecure against various attacks. This paper summarizes attacks and security requirements for two-factor user authentication in WSNs. Based on security requirements, a user authentication and session key establishment scheme is also proposed, and this scheme can resist smart-card loss attack merely by using symmetric key techniques. Security and performance analysis demonstrate that, compared to the existing schemes, the proposed approach is more secure and highly efficient.

Published

2015

7. LightSEEN: Real-Time Unknown Traffic Discovery via Lightweight Siamese Networks

Author

Jiaxing Guo, Xieli Zhang, Chunxiang Gu, Ji Li, Fushan Wei, Xinyi Hu, and Wenfen Liu

Subjects

Science (General), Article Subject, Computer Networks and Communications, Computer science, Network packet, business.industry, Feature vector, Encryption, computer.software_genre, Q1-390, Network management, Closed-world assumption, Traffic classification, Convergence (routing), T1-995, Data mining, business, Baseline (configuration management), computer, Technology (General), Information Systems

Abstract

With the increase in the proportion of encrypted network traffic, encrypted traffic identification (ETI) is becoming a critical research topic for network management and security. At present, ETI under closed world assumption has been adequately studied. However, when the models are applied to the realistic environment, they will face unknown traffic identification challenges and model efficiency requirements. Considering these problems, in this paper, we propose a lightweight unknown traffic discovery model LightSEEN for open-world traffic classification and model update under practical conditions. The overall structure of LightSEEN is based on the Siamese network, which takes three simplified packet feature vectors as input on one side, uses the multihead attention mechanism to parallelly capture the interactions among packets, and adopts techniques including 1D-CNN and ResNet to promote the extraction of deep-level flow features and the convergence speed of the network. The effectiveness and efficiency of the proposed model are evaluated on two public data sets. The results show that the effectiveness of LightSEEN is overall at the same level as the state-of-the-art method and LightSEEN has even better true detection rate, but the parameter used in LightSEEN is 0.51 % of the baseline and its average training time is 37.9 % of the baseline.

Published

2021

8. Automated State-Machine-Based Analysis of Hostname Verification in IPsec Implementations

Author

Jiaxing Guo, Chunxiang Gu, Xi Chen, Siqi Lu, and Fushan Wei

Subjects

Hostname, Authentication, Network security, business.industry, computer.internet_protocol, Computer science, Cryptography, Cryptographic protocol, Certificate, Computer security, computer.software_genre, Security testing, Computer Science Applications, Control and Systems Engineering, IPsec, Electrical and Electronic Engineering, business, computer

Abstract

Owing to the advent and rapid development of Internet communication technology, network security protocols with cryptography as their core have gradually become an important means of ensuring secure communications. Among numerous security protocols, certificate authentication is a common method of identity authentication, and hostname verification is a critical but easily neglected process in certificate authentication. Hostname verification validates the identity of a remote target by checking whether the hostname of the communication partner matches any name in the X.509 certificate. Notably, errors in hostname verification may cause security problems with regard to identity authentication. In this study, we use a model-learning method to conduct security testing for hostname verification in internet protocol security (IPsec). This method can analyze the problems entailed in implementing hostname verification in IPsec by effectively inferring the deterministic finite automaton model that can describe the matching situation between the certificate subject name and the hostname for different rules. We analyze two popular IPsec implementations, Strongswan and Libreswan, and find five violations. We use some of these violations to conduct actual attack tests on the IPsec implementation. The results show that under certain conditions, attackers can use these flaws to carry out identity impersonation attacks and man-in-the-middle attacks.

Published

2021

9. CLD-Net: A Network Combining CNN and LSTM for Internet Encrypted Traffic Classification

Author

Xinyi Hu, Chunxiang Gu, and Fushan Wei

Subjects

Science (General), Article Subject, Artificial neural network, Computer Networks and Communications, business.industry, Network packet, Computer science, Encryption, computer.software_genre, Convolutional neural network, Q1-390, Traffic classification, Feature (machine learning), T1-995, The Internet, Data mining, business, computer, Technology (General), Information Systems, Private network

Abstract

The development of the Internet has led to the complexity of network encrypted traffic. Identifying the specific classes of network encryption traffic is an important part of maintaining information security. The traditional traffic classification based on machine learning largely requires expert experience. As an end-to-end model, deep neural networks can minimize human intervention. This paper proposes the CLD-Net model, which can effectively distinguish network encrypted traffic. By segmenting and recombining the packet payload of the raw flow, it can automatically extract the features related to the packet payload, and by changing the expression of the packet interval, it integrates the packet interval information into the model. We use the ability of Convolutional Neural Network (CNN) to distinguish image classes, learn and classify the grayscale images that the raw flow has been preprocessed into, and then use the effectiveness of Long Short-Term Memory (LSTM) network on time series data to further enhance the model’s ability to classify. Finally, through feature reduction, the high-dimensional features learned by the neural network are converted into 8 dimensions to distinguish 8 different classes of network encrypted traffic. In order to verify the effectiveness of the CLD-Net model, we use the ISCX public dataset to conduct experiments. The results show that our proposed model can distinguish whether the unknown network traffic uses Virtual Private Network (VPN) with an accuracy of 98% and can accurately identify the specific traffic (chats, audio, or file) of Facebook and Skype applications with an accuracy of 92.89%.

Published

2021

10. Efficient cloud-aided verifiable secret sharing scheme with batch verification for smart cities

Author

Jian Shen, Fushan Wei, Xingming Sun, Dengzhi Liu, and Yang Xiang

Subjects

Scheme (programming language), Security analysis, Computer Networks and Communications, business.industry, Electronic voting, Computer science, Electronic cash, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Secret sharing, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, business, computer, Software, computer.programming_language

Abstract

With the wide usage of the information and communication technology (ICT) in smart cities, people’s lives become easier and more convenient. Cloud computing, as a burgeoning technology of the ICT, provides consumers with unlimited computing capabilities and storage resources. Using the cloud to promote the progress of the ICT-based applications meets the requirement of the practical usage, and is also in line with the sustainable development. As we all know, the secret sharing is a hot topic in the security community. Many security-assurance applications can be realized with the assistance of secret sharing. In this paper, an efficient cloud-aided verifiable secret sharing scheme is proposed based on the polynomial commitment for smart cities, which can be used in a variety of practical applications such as electronic voting and revocable electronic cash. In the proposed scheme, users can verify the received shares from the cloud. Moreover, in order to meet the requirement of the real-world usage, we extend our scheme to support the batch verification with the aid of a third-party arbitration center. In addition, the aggregate signature is used to verify whether a subset of users possess the shares that indeed sent by the cloud. The security analysis shows that the proposed scheme can satisfy the security requirements of the verifiable secret sharing (VSS) and the performance analysis shows that our scheme is more efficient than previous schemes in terms of the communication and the computation.

Published

2020

11. A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

Author

Ma Jun, Ziwei Ye, Yuanbo Guo, Zhang Ruijie, Fushan Wei, and Ankang Ju

Subjects

Human-Computer Interaction, Risk analysis, 021103 operations research, Risk analysis (engineering), Computer science, Strategy and Management, 0211 other engineering and technologies, 0202 electrical engineering, electronic engineering, information engineering, Profiling (information science), 020201 artificial intelligence & image processing, 02 engineering and technology, Computer Science Applications

Abstract

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.

Published

2020

12. OpenCBD: A Network-Encrypted Unknown Traffic Identification Scheme Based on Open-Set Recognition

Author

Xinyi Hu, Chunxiang Gu, Yihang Chen, Xi Chen, and Fushan Wei

Subjects

Article Subject, Computer Networks and Communications, Electrical and Electronic Engineering, Information Systems

Abstract

The encryption of network traffic promotes the development of encrypted traffic classification and identification research. However, many existing studies are only effective for closed-set experimental data, that is to say, only for traffic of known classes, while there are often lots of unknown classes traffic in the real environment of open sets, and many studies have difficulty identifying the traffic of unknown classes and can only misclassify them as known classes. How to identify unknown traffic and classify known traffic in an open-collection environment is one of the focuses of traffic analysis research. Considering these problems, this paper proposes a novel solution, which applies the open-set recognition method to the unknown traffic identification, and constructs a model based on deep learning and ensemble learning. The method constructs a model based on a convolutional neural network and a transformer encoder and then uses a three-stage training and testing process, combined with a novel loss function, to generalize to the open space to form OpenCBD. Experiments on public datasets show that the proposed method is significantly better than other open-set identification methods. It can not only distinguish known traffic from unknown traffic but also identify specific classes of known traffic.

Published

2022

13. A Certificateless-Based Authentication and Key Agreement Scheme for IIoT Cross-Domain

Author

Xiangyang Wang, Chunxiang Gu, Fushan Wei, Siqi Lu, and Zhaoxuan Li

Subjects

Article Subject, Computer Networks and Communications, Information Systems

Abstract

The Industrial Internet of Things (IIoT) improves productivity and intelligent manufacturing process through revolutionary technology. Due to the complexity of the manufacturing process, cross-domain access is inevitable. Recently, Meng et al. proposed a secure and efficient blockchain-assisted entity authentication mechanism BASA for IIoT cross-domain. In the BASA scheme, the authors utilized identity-based signature (IBS) to realize mutual authentication and the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) exchange mechanism to negotiate the session key. Due to the inherent key escrow problem of identity-based cryptography (IBC), the key generation center (KGC) can obtain the session key negotiated between two entities distributed in different domains. When KGC is threatened, the security of the session key is worrying. Considering this security concern, based on the BASA scheme, in this article, we first show a secure and efficient certificateless public-key signature (CL-PKS) scheme with anonymity. Then, combined with the ECDHE key exchange mechanism, we give an efficient cross-domain authentication and key agreement scheme CL-BASA with the aid of consortium blockchain. After that, we make security verification by the formal analysis tool, Tamarin, which shows that our CL-BASA is secure. The evaluation demonstrates that our CL-BASA may have a slight disadvantage in storage overhead, but it has obvious advantages than competitor schemes in terms of communication overhead and computational overhead.

Published

2022

14. Iterative constrained weighted least squares estimator for TDOA and FDOA positioning of multiple disjoint sources in the presence of sensor position and velocity uncertainties

Author

Tao Zhang, Changgui Jia, Jiexin Yin, Fushan Wei, and Ding Wang

Subjects

Optimization problem, Computer science, Iterative method, Applied Mathematics, Estimator, 020206 networking & telecommunications, 02 engineering and technology, Multilateration, QR decomposition, symbols.namesake, Computational Theory and Mathematics, Artificial Intelligence, Gaussian noise, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, symbols, FDOA, 020201 artificial intelligence & image processing, Computer Vision and Pattern Recognition, Quadratic programming, Electrical and Electronic Engineering, Statistics, Probability and Uncertainty, Algorithm

Abstract

Sensor position and velocity uncertainties are known to be able to degrade the source localization accuracy significantly. This paper focuses on the problem of locating multiple disjoint sources using time differences of arrival (TDOAs) and frequency differences of arrival (FDOAs) in the presence of sensor position and velocity errors. First, the explicit Cramer–Rao bound (CRB) expression for joint estimation of source and sensor positions and velocities is derived under the Gaussian noise assumption. Subsequently, we compare the localization accuracy when multiple-source positions and velocities are determined jointly and individually based on the obtained CRB results. The performance gain resulted from multiple-target cooperative positioning is also quantified using the orthogonal projection matrix. Next, the paper proposes a new estimator that formulates the localization problem as a quadratic programming with some indefinite quadratic equality constraints. Due to the non-convex nature of the optimization problem, an iterative constrained weighted least squares (ICWLS) method is developed based on matrix QR decomposition, which can be achieved through some simple and efficient numerical algorithms. The newly proposed iterative method uses a set of linear equality constraints instead of the quadratic constraints to produce a closed-form solution in each iteration. Theoretical analysis demonstrates that the proposed method, if converges, can provide the optimal solution of the formulated non-convex minimization problem. Moreover, its estimation mean-square-error (MSE) is able to reach the corresponding CRB under moderate noise level. Simulations are included to corroborate and support the theoretical development in this paper.

Published

2019

15. Model Learning and Model Checking of IPSec Implementations for Internet of Things

Author

Xi Chen, Jiaxing Guo, Chunxiang Gu, and Fushan Wei

Subjects

Model checking, Finite-state machine, General Computer Science, IPSec protocol, business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, General Engineering, Computer security, computer.software_genre, model checking, IPv6, Secure communication, model learning, IPsec, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, 6LoWPAN, Implementation, Protocol (object-oriented programming), computer, lcsh:TK1-9971

Abstract

With the development of Internet of Things (IoT) technology, the demand for secure communication by smart devices has dramatically increased, and the security of the IoT protocol has become the focus of cyberspace. Recently, some scholars have attempted to extend the IPSec protocol to IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) to ensure end-to-end security, which makes it essential to analyze the vulnerability of the IPSec protocol to enhance the security of the IoT. In this study, we use a method combining model learning and model checking to analyze the dynamic vulnerability of IPSec protocol implementations. This method automatically infers the black-box model and compares it with the relevant specifications to expose the defects of the system implementation and search its logic vulnerabilities. We first employ model learning on three IPSec implementations to infer state machine models; then, we use model checking to verify that these models satisfy basic security properties and conform to the RFCs. Our analysis reveals three new security issues: a wrong interaction causing server exception and two violations of the standard.

Published

2019

16. Bitcoin Theft Detection Based on Supervised Machine Learning Algorithms

Author

Binjie Chen, Fushan Wei, and Chunxiang Gu

Subjects

Boosting (machine learning), Science (General), Article Subject, Computer Networks and Communications, Computer science, 02 engineering and technology, Machine learning, computer.software_genre, Q1-390, 0202 electrical engineering, electronic engineering, information engineering, T1-995, AdaBoost, Technology (General), Mahalanobis distance, Local outlier factor, business.industry, Supervised learning, 020207 software engineering, Perceptron, Random forest, Support vector machine, ComputingMethodologies_PATTERNRECOGNITION, 020201 artificial intelligence & image processing, Artificial intelligence, business, Algorithm, computer, Information Systems

Abstract

Since its inception, Bitcoin has been subject to numerous thefts due to its enormous economic value. Hackers steal Bitcoin wallet keys to transfer Bitcoin from compromised users, causing huge economic losses to victims. To address the security threat of Bitcoin theft, supervised learning methods were used in this study to detect and provide warnings about Bitcoin theft events. To overcome the shortcomings of the existing work, more comprehensive features of Bitcoin transaction data were extracted, the unbalanced dataset was equalized, and five supervised methods—the k-nearest neighbor (KNN), support vector machine (SVM), random forest (RF), adaptive boosting (AdaBoost), and multi-layer perceptron (MLP) techniques—as well as three unsupervised methods—the local outlier factor (LOF), one-class support vector machine (OCSVM), and Mahalanobis distance-based approach (MDB)—were used for detection. The best performer among these algorithms was the RF algorithm, which achieved recall, precision, and F1 values of 95.9%. The experimental results showed that the designed features are more effective than the currently used ones. The results of the supervised methods were significantly better than those of the unsupervised methods, and the results of the supervised methods could be further improved after equalizing the training set.

Published

2021

17. Security and Privacy for Edge-Assisted Internet of Things Security Proof for the SKKE Protocol

Author

Xiangyang Wang, Chunxiang Gu, Fushan Wei, and Siqi Lu

Subjects

Q1-390, Science (General), Article Subject, Computer Networks and Communications, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, T1-995, Technology (General), Information Systems

Abstract

As an Internet of things (IoT) technology, the ZigBee has a wide range of applications in home automation, smart energy, commercial building automation, personal, home and hospital care, telecom, and wireless sensor. The ZigBee standard has the advantage of high reliability, which is based on the security of authentication key agreement protocol, namely, the SKKE protocol. In the ZigBee standard, this protocol based on shared symmetric-key is applied on the security protocol level. It is a full symmetric-key key agreement with key confirmation scheme, while the key confirmation mechanism is provided by a message authentication coding mechanism. In this paper, we consider the security of the SKKE protocol. In the random Oracle model, we reduce the security of the SKKE protocol to the collision of the hash function and the HMAC function and the indistinguishability between the output of the random Oracle and a random number. We also give a theoretical proof with the game-based method. To our knowledge, there is no research on the provable security of the ZigBee protocol at this stage, so it is helpful to promote further research of the ZigBee protocol security.

Published

2021

18. A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

Author

Ke Zhang, Kai Xu, and Fushan Wei

Subjects

Article Subject, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, lcsh:Technology, lcsh:Telecommunication, Public-key cryptography, lcsh:TK5101-6720, Default gateway, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 021110 strategic, defence & security studies, lcsh:T, business.industry, Node (networking), 020206 networking & telecommunications, Computer security model, Authenticated Key Exchange, Authentication protocol, business, Wireless sensor network, Information Systems, Computer network, Anonymity

Abstract

In wireless sensor networks, users sometimes need to retrieve real-time data directly from the sensor nodes. Many authentication protocols are proposed to address the security and privacy aspects of this scenario. However, these protocols still have security loopholes and fail to provide strong user anonymity. In order to overcome these shortcomings, we propose an anonymous authenticated key exchange protocol based on Elliptic Curves Cryptography (ECC). The novel protocol provides strong user anonymity such that even the gateway node and the sensor nodes do not know the real identity of the user. The security of the proposed protocol is conducted in a well-defined security model under the CDH assumption. Compared with other related protocols, our protocol is efficient in terms of communication and enjoys stronger security. The only disadvantage is that our protocol consumes more computation resources due to the usage of asymmetric cryptography mechanisms to realize strong anonymity. Consequently, our protocol is suitable for applications which require strong anonymity and high security in wireless sensor networks.

Published

2018

19. Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks

Author

Bin Li, Yiming Zhao, Ping Wang, Wenting Li, and Fushan Wei

Subjects

Article Subject, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, lcsh:Technology, lcsh:Telecommunication, law.invention, law, Forward secrecy, lcsh:TK5101-6720, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Password, 021110 strategic, defence & security studies, Authentication, Cryptographic primitive, lcsh:T, business.industry, Password cracking, 020206 networking & telecommunications, Lightweight protocol, Smart card, business, Cryptanalysis, computer, Wireless sensor network, Information Systems, Anonymity

Abstract

Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the “perfect forward secrecy (PFS)” principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Published

2018

20. A general compiler for password-authenticated group key exchange protocol in the standard model

Author

Fushan Wei, Neeraj Kumar, Sang-Soo Yeo, and Debiao He

Subjects

Password, Computer science, business.industry, Applied Mathematics, Distributed computing, Hash function, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Oakley protocol, computer.software_genre, 01 natural sciences, Authenticated Key Exchange, 010201 computation theory & mathematics, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Discrete Mathematics and Combinatorics, Compiler, business, computer, Protocol (object-oriented programming), Computer network, Standard model (cryptography)

Abstract

Password-authenticated group key exchange (PGKE) protocols are critical for ensuring secure group communications for mobile devices. Until now, only few PGKE protocols have been proposed. However, literature about group key exchange (GKE) protocols consists of many research proposals in last few years. In this paper, we present a protocol compiler based on smooth projective hash functions. The proposed compiler can transform any GKE protocol into a secure PGKE protocol by adding 2 rounds of communication. We conduct the security of our compiler in the standard model without using various other assumptions. Our compiler is round-efficient in the sense that a constant-round PGKE can be derived from the proposal if the underlying protocol is a constant-round GKE protocol.

Published

2018

21. A provably secure password-based anonymous authentication scheme for wireless body area networks

Author

Jian Shen, Fushan Wei, Li Li, Ruijie Zhang, and Pandi Vijayakumar

Subjects

Password, Password policy, Zero-knowledge password proof, General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Random oracle, S/KEY, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Zero-knowledge proof, Electrical and Electronic Engineering, business, computer, Anonymity, Computer network

Abstract

Wireless body area networks (WBANs) comprise many tiny sensor nodes which are planted in or around a patient’s body. These sensor nodes can collect biomedical data of the patient and transmit these valuable data to a data sink or a personal digital assistant. Later, health care service providers can get access to these data through authorization. The biomedical data are usually personal and privacy. Consequently, data confidentiality and user privacy are primary concerns for WBANs. In order to achieve these goals, we propose an anonymous authentication scheme for WBANs based on low-entropy password and prove its security in the random oracle model. Our scheme enjoys strong anonymity in the sense that only the client knows his identity during the authentication phase of the scheme. Compared with other related proposals, our scheme is efficient in terms of computation. Moreover, the authentication of the client relies on human-rememberable password, which makes our scheme more suitable for applications in WBANs.

Published

2018

22. A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks

Author

Jianfeng Ma, Meixia Miao, Fushan Wei, Limin Shen, and Ximeng Liu

Subjects

Computer Networks and Communications, Computer science, business.industry, Big data, 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, Random oracle, Public-key cryptography, Key distribution in wireless sensor networks, Hardware and Architecture, Data integrity, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), 020201 artificial intelligence & image processing, business, Wireless sensor network, Information Systems, Computer network

Abstract

Affording secure and efficient big data aggregation methods is very attractive in the field of wireless sensor networks (WSNs) research. In real settings, the WSNs have been broadly applied, such as target tracking and environment remote monitoring. However, data can be easily compromised by a vast of attacks, such as data interception and data tampering, etc. In this paper, we mainly focus on data integrity protection, give an identity-based aggregate signature (IBAS) scheme with a designated verifier for WSNs. According to the advantage of aggregate signatures, our scheme not only can keep data integrity, but also can reduce bandwidth and storage cost for WSNs. Furthermore, the security of our IBAS scheme is rigorously presented based on the computational Diffie–Hellman assumption in random oracle model.

Published

2017

23. An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks

Author

Yuanyuan Yang, Youliang Tian, Qi Jiang, Fushan Wei, Jian Shen, and Jianfeng Ma

Subjects

Scheme (programming language), Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Elliptic curve cryptography, business, computer, Wireless sensor network, Computer network, computer.programming_language

Abstract

Recently, He et al. proposed an anonymous two-factor authentication scheme following the concept of temporal-credential for wireless sensor networks (WSNs), which is claimed to be secure and capable of withstanding various attacks. However, we reveal that the authentication phase of their scheme has several pitfalls. Firstly, their scheme is susceptible to malicious user impersonation attack, in which a legal but malicious user can impersonate as other registered users. In addition, their scheme is also vulnerable to stolen smart card attack. Furthermore, the scheme cannot provide untraceability and is prone to tracking attack. Then we put forward an untraceable two-factor authentication scheme based on elliptic curve cryptography (ECC) for WSNs. Our new scheme makes up for the missing security features necessary for real-life applications while maintaining the desired features of the original scheme. We prove that the scheme fulfills mutual authentication in the Burrows-Abadi-Needham (BAN) logic. Moreover, by way of informal security analysis, we show that the proposed scheme can resist a variety of attacks and provide more security features than He et al.’s scheme.

Published

2016

24. On the use of calibration emitters for TDOA source localization in the presence of synchronization clock bias and sensor location errors

Author

Changgui Jia, Xin Chen, Ding Wang, Fushan Wei, and Jiexin Yin

Subjects

Calibration (statistics), Computer science, Emitter location, lcsh:Electronics, Phase (waves), Time difference of arrival (TDOA), lcsh:TK7800-8360, Estimator, 020206 networking & telecommunications, 02 engineering and technology, Multilateration, Synchronization, lcsh:Telecommunication, symbols.namesake, Synchronization clock bias, Gaussian noise, Taylor-series, lcsh:TK5101-6720, 0202 electrical engineering, electronic engineering, information engineering, symbols, 020201 artificial intelligence & image processing, Sensor location uncertainty, Cramér–Rao bound (CRB), Algorithm

Abstract

Time difference of arrival (TDOA) positioning is one of the widely applied techniques for locating an emitting source. Unfortunately, synchronization clock bias and random sensor location perturbations are known to significantly degrade the TDOA localization accuracy. This paper studies the use of a set of calibration sources, whose locations are accurately known to an estimator, to reduce the loss in localization accuracy caused by synchronization offsets and sensor location errors. Under the Gaussian noise assumption, we first derive the Cramér–Rao bound (CRB) for parametric estimation with the use of calibration emitters. Some explicit CRB expressions are obtained, and the performance improvement due to the introduction of the calibration sources is also quantified through the CRB analysis. In order to achieve the optimum localization accuracy, we proceed to propose new localization methods using the TDOA measurements from both target source and calibration emitters. Specifically, two dimension-reduction Taylor-series iterative algorithms are developed, and both of them have two stages. The first stage estimates the clock bias and refines the sensor positions by using the calibration TDOA measurements and the prior knowledge of sensor locations. The second stage provides the estimates of source location by combining the TDOA measurements of target signal and the estimated values in the first phase. The mean square errors (MSEs) of the proposed methods are shown analytically to achieve the corresponding CRB by applying the first-order perturbation analysis. Simulations are used to corroborate and support the theoretical development in this paper.

Published

2019

25. Efficient privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage

Author

Xu An Wang, Fushan Wei, Jianfeng Ma, Fatos Xhafa, Weiyi Cai, and Universitat Politècnica de Catalunya. Departament de Ciències de la Computació

Subjects

Cloud storage, Theoretical computer science, Computació en núvol, General Computer Science, Computer science, 02 engineering and technology, computer.software_genre, Encryption, Xifratge (Informàtica), Multiple encryption, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Filesystem-level encryption, 0202 electrical engineering, electronic engineering, information engineering, Cloud computing, Electrical and Electronic Engineering, Data encryption (Computer science), 020203 distributed computing, Database, Predicate encryption, business.industry, Data confidentiality, Cloud data search framework, Client-side encryption, Control and Systems Engineering, Probabilistic encryption, 40-bit encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, On-the-fly encryption, business, Data privacy, computer, Public-key encryption with fine-grained keyword search

Abstract

We present an efficient predicate encryption system for the class of inner-product predicates that is fully secure without random oracles.PEFKS can not only test whether multiple keywords were present in the ciphertext, but also can evaluate the relations of the keywords, such as equal, disjunction/conjunction.We prove that IND-AH-CPA secure PE implies the existence of IND- PEFKS-CPA secure PEFKS, and develop a transformation of PE to PEFKS. The transformation is efficient. We also use it to construct a PEFKS scheme from our PE.We present a privacy preserving framework for implementing efficient predicate encryption with ne-grained searchable capability and roughly analysis its security. Display Omitted With the fast development in Cloud storage technologies and ever increasing use of Cloud data centres, data privacy and confidentiality has become a must. Indeed, Cloud data centres store each time more sensitive data such as personal data, organizational and enterprise data, transactional data, etc. However, achieving confidentiality with flexible searchable capability is a challenging issue. In this article, we show how to construct an efficient predicate encryption with fine-grained searchable capability. Predicate Encryption ( PE ) can achieve more sophisticated and flexible functionality compared with traditional public key encryption. We propose an efficient predicate encryption scheme by utilizing the dual system encryption technique, which can also be proved to be IND-AH-CPA (indistinguishable under chosen plain-text attack for attribute-hiding) secure without random oracle. We also carefully analyse the relationship between predicate encryption and searchable encryption. To that end, we introduce a new notion of Public-Key Encryption with Fine-grained Keyword Search ( PEFKS ). Our results show that an IND-AH-CPA secure PE scheme can be used to construct an IND-PEFKS-CPA (indistinguishable under chosen plain-text attack for public-key encryption with fine-grained keyword search) secure PEFKS scheme. A new transformation of PE-to-PEFKS is also proposed and used to construct an efficient PEFKS scheme based on the transformation from the proposed PE scheme. Finally, we design a new framework for supporting privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage. Compared to most prominent frameworks, our framework satisfies more features altogether and can serve as a basis for developing such frameworks for Cloud data centres.

Published

2016

26. DOAS: Efficient data owner authorized search over encrypted cloud data

Author

Yinbin Miao, Junwei Zhang, Fushan Wei, Zhiquan Liu, Jianfeng Ma, and Ximeng Liu

Subjects

020203 distributed computing, Security analysis, Cryptographic primitive, Database, Computer Networks and Communications, business.industry, Computer science, Data security, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Encryption, Computer security, Random oracle, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Chosen-plaintext attack, business, computer, Software

Abstract

Data outsourcing service can shift the local data storage and maintenance to cloud service provider (CSP) to ease the burden from data owner, but it brings the data security threats as CSP is always considered to honest-but-curious. Therefore, searchable encryption (SE) technique which allows cloud clients (including data owner and data user) to securely search over ciphertext through keywords and selectively retrieve files of interest is of prime importance. However, in practice, data user’s access permission always dynamically varies with data owner’s preferences. Moreover, existing SE schemes which are based on attribute-based encryption (ABE) incur heavy computational burden through attribution revocation and policy updating. To allow data owner to flexibly grant access permissions, we design a secure cryptographic primitive called as efficient data owner authorized search over encrypted data scheme through utilizing identity-based encryption (IBE) technique. The formal security analysis proves that our scheme is secure against chosen-plaintext attack (CPA) and chosen-keyword attack (CKA) without random oracle. Besides, empirical experiments over real-world dataset show that our scheme is efficient and feasible with regard to data access control.

Published

2016

27. VMKDO: Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner

Author

Zhiquan Liu, Jianfeng Ma, Fushan Wei, Ximeng Liu, Yinbin Miao, and Limin Shen

Subjects

020203 distributed computing, Cloud computing security, Cryptographic primitive, Database, Computer Networks and Communications, business.industry, Computer science, Dynamic data, Data_MISCELLANEOUS, Data security, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Data retrieval, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Cloud storage, Software

Abstract

The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.

Published

2016

28. Medical image classification based on multi-scale non-negative sparse coding

Author

Jian Shen, Ruijie Zhang, Arun Kumar Sangaiah, Fushan Wei, and Xiong Li

Subjects

Diagnostic Imaging, 020205 medical informatics, Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Medicine (miscellaneous), 02 engineering and technology, Pattern Recognition, Automated, Discriminative model, Artificial Intelligence, Predictive Value of Tests, Histogram, Image Interpretation, Computer-Assisted, 0202 electrical engineering, electronic engineering, information engineering, Humans, Computer vision, Medical diagnosis, Contextual image classification, business.industry, Pattern recognition, Sparse approximation, ROC Curve, Feature (computer vision), 020201 artificial intelligence & image processing, Artificial intelligence, business, Neural coding, Semantic gap

Abstract

With the rapid development of modern medical imaging technology, medical image classification has become more and more important in medical diagnosis and clinical practice. Conventional medical image classification algorithms usually neglect the semantic gap problem between low-level features and high-level image semantic, which will largely degrade the classification performance. To solve this problem, we propose a multi-scale non-negative sparse coding based medical image classification algorithm. Firstly, Medical images are decomposed into multiple scale layers, thus diverse visual details can be extracted from different scale layers. Secondly, for each scale layer, the non-negative sparse coding model with fisher discriminative analysis is constructed to obtain the discriminative sparse representation of medical images. Then, the obtained multi-scale non-negative sparse coding features are combined to form a multi-scale feature histogram as the final representation for a medical image. Finally, SVM classifier is combined to conduct medical image classification. The experimental results demonstrate that our proposed algorithm can effectively utilize multi-scale and contextual spatial information of medical images, reduce the semantic gap in a large degree and improve medical image classification performance.

Published

2016

29. m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting

Author

Fushan Wei, Zhiquan Liu, Yinbin Miao, Jianfeng Ma, Ximeng Liu, and Xu An Wang

Subjects

Security analysis, Cryptographic primitive, business.industry, Computer science, Medicine (miscellaneous), 020206 networking & telecommunications, Health Informatics, Access control, Cloud computing, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Health Information Management, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Confidentiality, Attribute-based encryption, business, Cloud storage, computer, Information Systems

Abstract

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

Published

2016

30. Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks

Author

Qi Jiang, Fushan Wei, Jianfeng Ma, Chuangui Ma, and Jian Shen

Subjects

Scheme (programming language), Biometrics, business.industry, Computer science, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, Computer Science Applications, law.invention, Control and Systems Engineering, law, Sensor node, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Electrical and Electronic Engineering, business, Cryptanalysis, Wireless sensor network, computer, computer.programming_language

Abstract

In order to address the scenario in which the user wants to access the real-time data directly from the sensor node in wireless sensor networks (WSNs), Das proposed a two-factor authentication scheme. In 2010, Khan et al. pointed out that Das's scheme has some security flaws and proposed an improved scheme. Recently, Yuan demonstrated that Khan et at.'s improvement is still insure against several attacks. Yuan also proposed an enhanced two-factor user authentication scheme using user's biometrics to fix the security flaws in Khan et al.'s scheme. In this paper, we show that Yuan's scheme still suffers from the stolen smart card attack and the GW-node impersonation attack. Moreover, biometric keys are misused in Yuan's scheme such that even the valid user cannot pass the biometric verification. To remedy these problems, we propose an improved two-factor authenticated key distribution scheme based on fuzzy extractors. Security and performance analysis demonstrates that our scheme is more secure and efficient thanprevious schemes. DOI: http://dx.doi.org/10.5755/j01.itc.45.1.11949

Published

2016

31. Gateway-oriented password-authenticated key exchange protocol in the standard model

Author

Zhenfeng Zhang, Chuangui Ma, and Fushan Wei

Subjects

Password, Dictionary attack, Computer science, Authentication server, Computer security, computer.software_genre, Random oracle, Authenticated Key Exchange, Hardware and Architecture, Default gateway, Session key, computer, Software, Key exchange, Information Systems, Standard model (cryptography)

Abstract

A gateway-oriented password-based authenticated key exchange (GPAKE) is a 3-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. GPAKE protocols are suitable for mobile communication environments such as GSM (Global System for Mobile Communications) and 3GPP (The Third Generation Partnership Project). To date, most of the published protocols for GPAKE have been proven secure in the random oracle model. In this paper, we present the first provably-secure GPAKE protocol in the standard model. It is based on the 2-party password-authenticated key exchange protocol of Jiang and Gong. The protocol is secure under the DDH assumption (without random oracles). Furthermore, it can resist undetectable on-line dictionary attacks. Compared with previous solutions, our protocol achieves stronger security with similar efficiency.

Published

2012

32. A Secure User Authentication Scheme against Smart-Card Loss Attack for Wireless Sensor Networks Using Symmetric Key Techniques

Author

Chuangui Ma, Fushan Wei, and Lei Chen

Subjects

Password, Password policy, Article Subject, Computer Networks and Communications, business.industry, Computer science, General Engineering, Multi-factor authentication, Computer security, computer.software_genre, lcsh:QA75.5-76.95, Symmetric-key algorithm, Authentication protocol, Network Access Control, Session key, Smart card, lcsh:Electronic computers. Computer science, Challenge–response authentication, business, Wireless sensor network, computer, Data Authentication Algorithm, Computer network

Abstract

User authentication in wireless sensor networks (WSNs) is a critical security issue due to their unattended and hostile deployment in the field. In order to protect the security of real-time data query from an external user, many two-factor (password and smart-card) user authentication schemes are proposed. However, most of them are insecure against various attacks. This paper summarizes attacks and security requirements for two-factor user authentication in WSNs. Based on security requirements, a user authentication and session key establishment scheme is also proposed, and this scheme can resist smart-card loss attack merely by using symmetric key techniques. Security and performance analysis demonstrate that, compared to the existing schemes, the proposed approach is more secure and highly efficient.

Published

2015

33. A Provably Secure Three-Party Password Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems

Author

FuShan, Wei, primary, Jianfeng, Ma, additional, Aijun, Ge, additional, Guangsong, Li, additional, and Chuangui, Ma, additional

Published

2015

34. Corrigendum to 'Gateway-oriented password-authenticated key exchange protocol in the standard model' [J. Syst. Softw. 85 (March (3)) (2012) 760–768]

Author

Chuangui Ma, Fushan Wei, and Zhenfeng Zhang

Subjects

Password, Authenticated Key Exchange, Operations research, Hardware and Architecture, business.industry, Computer science, Gateway (computer program), business, Protocol (object-oriented programming), Software, Information Systems, Standard model (cryptography), Computer network

Published

2012

35. Anonymous gateway-oriented password-based authenticated key exchange based on RSA

Author

Fushan Wei, Qingfeng Cheng, and Chuangui Ma

Subjects

Password, Dictionary attack, Computer science, Computer Networks and Communications, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Gateway (computer program), Computer security, computer.software_genre, Authentication server, Random oracle, Computer Science Applications, Authenticated Key Exchange, Default gateway, Signal Processing, Session key, computer, Key exchange, Anonymity

Abstract

A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published protocols for GPAKE have been based on Diffie-Hellman key exchange. In this article, we present the first GPAKE protocol based on RSA, then prove its security in the random oracle model under the RSA assumption. Furthermore, our protocol can resist both e-residue and undetectable on-line dictionary attacks. Finally, we investigate whether or not a GPAKE protocol can achieve both client anonymity and resistance against undetectable on-line dictionary attacks by a malicious gateway. We provide an affirmative answer by adding client anonymity with respect to the server. Preprint submitted to EURASIP JWCN October 16, 2011 to our basic protocol.