In the fifth generation of cellular networks (5G), data transmission with the highest possible speed and the lowest latency is one of the most essential 5G designing criteria. Furthermore, this ...generation is supposed to add new applications, features, and services to mobile phone networks with a high commitment to security and privacy. Hence, primitive protocols proposed for the 5G networks generally should be able to achieve the security requirements and also have low network overheads. In this paper, we focus on improving two primitive authentication and key agreement (AKA) protocols (5G AKA and EAP-AKA’). Our two improved protocols meet the security and performance requirements along with proper compatibility with the 3GPP security architecture. The paper’s security approach is to first construct a fixed-length key derivation scheme and show that it is strongly unforgeable under the adaptive chosen-ciphertext attack. Then, we demonstrate that, unlike the 3GPP AKA protocols, the message authentication codes (MACs) and session keys used in the improved protocols are also strongly unforgeable under the adaptive chosen-ciphertext attack. Moreover, we show that the improved protocols achieve some security requirements, such as mutual authentication, secure key agreement, and forward and backward secrecy of session keys. Furthermore, we explain informally that the improved protocols achieve other security requirements, such as following the 3GPP security architecture and resistance against known attacks. Finally, we compare the improved protocols with other AKA protocols regarding communication, computational, and storage overheads. This comparison shows that the improved protocols have appropriate overheads among other AKA protocols.
Due to the rapid development of wireless communication systems, authentication becomes a key security component in smart grid environments. Authentication then plays an important role in the smart ...grid domain by providing a variety of security services including credentials' privacy, session-key (SK) security, and secure mutual authentication. In this paper, we analyze the security of a recent relevant work in smart grid, and it is unfortunately not able to deal with SK-security and smart meter secret credentials' privacy under the widely accepted Canetti-Krawczyk adversary (CK-adversary) model. We then propose a new efficient provably secure authenticated key agreement scheme for smart grid. Through the rigorous formal security analysis, we show that the proposed scheme achieves the well-known security functionalities including smart meter credentials' privacy and SK-security under the CK-adversary model. The proposed scheme reduces the computation overheads for both smart meters and service providers. Furthermore, the proposed scheme offers more security functionalities as compared to the existing related schemes.
Feistel Ciphers Based on A Single Primitive TSUJI, Kento; IWATA, Tetsu
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences,
2024, 2024-00-00
Journal Article
Recenzirano
Odprti dostop
We consider Feistel ciphers instantiated with tweakable block ciphers (TBCs) and ideal ciphers (ICs). The indistinguishability security of the TBC-based Feistel cipher is known, and the ...indifferentiability security of the IC-based Feistel cipher is also known, where independently keyed TBCs and independent ICs are assumed. In this paper, we analyze the security of a single-keyed TBC-based Feistel cipher and a single IC-based Feistel cipher. We characterize the security depending on the number of rounds. More precisely, we cover the case of contracting Feistel ciphers that have d ≥ 2 lines, and the results on Feistel ciphers are obtained as a special case by setting d = 2. Our indistinguishability security analysis shows that it is provably secure with d + 1 rounds. Our indifferentiability result shows that, regardless of the number of rounds, it cannot be secure. Our attacks are a type of a slide attack, and we consider a structure that uses a round constant, which is a well-known counter measure against slide attacks. We show an indifferentiability attack for the case d = 2 and 3 rounds.
As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of ...schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory-either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating "honeywords", traditionally the purview of system security, with a "fuzzy-verifier", our scheme hits "two birds": it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.
The Information and Communication Technology (ICT) has been used in wide range of applications, such as smart living, smart health and smart transportation. Among all these applications, smart home ...is most popular, in which the users/residents can control the operations of the various smart sensor devices from remote sites also. However, the smart devices and users communicate over an insecure communication channel, i.e., the Internet. There may be the possibility of various types of attacks, such as smart device capture attack, user, gateway node and smart device impersonation attacks and privileged-insider attack on a smart home network. An illegal user, in this case, can gain access over data sent by the smart devices. Most of the existing schemes reported in the literature for the remote user authentication in smart home environment are not secure with respect to the above specified attacks. Thus, there is need to design a secure remote user authentication scheme for a smart home network so that only authorized users can gain access to the smart devices. To mitigate the aforementioned isses, in this paper, we propose a new secure remote user authentication scheme for a smart home environment. The proposed scheme is efficient for resource-constrained smart devices with limited resources as it uses only one-way hash functions, bitwise XOR operations and symmetric encryptions/decryptions. The security of the scheme is proved using the rigorous formal security analysis under the widely-accepted Real-Or-Random (ROR) model. Moreover, the rigorous informal security analysis and formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. Finally, the practical demonstration of the proposed scheme is also performed using the widely-accepted NS-2 simulation.
Efficient searching on encrypted data outsourced to the cloud remains a research challenge. Identity-based encryption with equality test (IBEET) scheme has recently been identified as a viable ...solution, in which users can delegate a trapdoor to the server and the server then searches on user outsourced encrypted data to determine whether two different ciphertexts are encryptions of the same plaintext. Such schemes are, unfortunately, inefficient particularly for deployment on mobile devices (with limited power/battery life and computing capacity). In this paper, we propose an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function. We then prove the security of our scheme for one-way secure against chosen identity and chosen ciphertext attacks (OW–ID–CCA) in the random oracle model (ROM). The performance evaluation of our scheme demonstrates that in comparison to the scheme of Ma (2016), our scheme achieves a reduction of 36.7% and 39.24% in computation cost during the encryption phase and test phase, respectively, and that our scheme is suitable for (mobile) cloud deployment.
•We propose an identity-based encryption with equality test (IBEET) scheme using bilinear pairing for cloud storage.•We show that our proposed concrete scheme is provably secure. It satisfies required security properties.•Detailed performance analysis and experimental result are given.
Smart home is an emerging paradigm of the Internet of Things (IoT), which facilitates an individual to operate the smart home appliances remotely through the internet. Since the user and the smart ...devices communicate over insecure communication channels, the transmitted sensitive data collected by the smart devices may be intercepted and altered easily by a malicious adversary. Therefore, there is a great need to design an effective and anonymous authentication scheme to guarantee secure communications in smart home environment. In the past decade, extensive research has been carried out on this security issue, but most of them are not secure. As a step towards this direction, in this paper, we propose an efficient and anonymous authentication scheme for smart home environment using Elliptic Curve Cryptography (ECC). The proposed scheme avoids keeping the verification table for authentication purposes. In addition, random number method is adopted to resist replay attack, and it can avoid the clock synchronization problem. The rigorous formal proof and heuristic analysis show that the proposed scheme provides the desired security features and resists against all the possible attacks. Compared with the most representative related schemes, the proposed scheme achieves a delicate balance between security and efficiency, and it is more suitable for realistic environments.
In recent years, two technologies, the cloud computing and the Internet of Things (IoT), have a synergistic effect in the modern organizations as digitization is a new business trend for various ...industries. Therefore, many organizations outsource their crowdsourced industrial-IoT (IIoT) data in the cloud system to reduce data management overhead. However, data authentication is one of the fundamental security/trust requirements in such IIoT network. The certificateless signature (CLS) scheme is a cryptographic primitive that provides data authenticity in IIoT systems. Recently, CLS has become a prime research focus due to its ability to solve the key-escrow problem in a very recent identity-based signature technique. Many CLS schemes have already been developed using map-to-point (MTP) hash function and random oracle model (ROM). However, due to the implementation difficulty and probabilistic nature of MTP function and ROM, those CLSs are impractical. Hence, the development of a CLS for lightweight devices mounted in IIoT has become one of the most focused research trends. This paper presents a new pairing-based CLS scheme without MTP function and ROM. The new CLS scheme is secure against both the Type-I and Type-II adversaries under the hardness of extended bilinear strong Diffie-Hellman (BSDH) and BSDH assumptions, respectively. Performance evaluation and comparison proves that our scheme outperforms other CLS schemes.
A one-message unilateral entity authentication scheme allows one party, called the prover , to authenticate himself, i.e., to prove his identity, to another party, called the verifier , by sending a ...single authentication message . We consider schemes where the prover and the verifier do not share any secret information, such as a password, in advance. We propose the first theoretical characterization for one-message unilateral entity authentication schemes, by formalizing the security requirements for such schemes with respect to different kinds of passive and active adversarial behaviours. In particular, we consider both static and adaptive adversaries for each kind of attack (passive/active). Afterwards, we explore the relationships between the security notions resulting from different adversarial behaviours for one-message unilateral entity authentication schemes. Finally, we propose three different constructions for one-message unilateral entity authentication schemes and we analyze their security with respect to the different definitions introduced in this paper.