6,212 research outputs found
On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings
This paper studies the relationships between the traditional Diffie-Hellman
key agreement protocol and the identity-based (ID-based) key agreement protocol
from pairings.
For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that
identical to the Diffie-Hellman protocol, the SOK key agreement protocol also
has three variants, namely \emph{ephemeral}, \emph{semi-static} and
\emph{static} versions. Upon this, we build solid relations between
authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key
agreement (IB-AK) protocols, whereby we present two \emph{substitution rules}
for this two types of protocols. The rules enable a conversion between the two
types of protocols. In particular, we obtain the \emph{real} ID-based version
of the well-known MQV (and HMQV) protocol.
Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key
transport protocol underlining the SK ID-based encryption scheme (which we call
the "SK protocol") has its non-ID counterpart, namely the Hughes protocol.
Based on this observation, we establish relations between corresponding
ID-based and non-ID-based protocols. In particular, we propose a highly
enhanced version of the McCullagh-Barreto protocol
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
An Authentication Protocol for Future Sensor Networks
Authentication is one of the essential security services in Wireless Sensor
Networks (WSNs) for ensuring secure data sessions. Sensor node authentication
ensures the confidentiality and validity of data collected by the sensor node,
whereas user authentication guarantees that only legitimate users can access
the sensor data. In a mobile WSN, sensor and user nodes move across the network
and exchange data with multiple nodes, thus experiencing the authentication
process multiple times. The integration of WSNs with Internet of Things (IoT)
brings forth a new kind of WSN architecture along with stricter security
requirements; for instance, a sensor node or a user node may need to establish
multiple concurrent secure data sessions. With concurrent data sessions, the
frequency of the re-authentication process increases in proportion to the
number of concurrent connections, which makes the security issue even more
challenging. The currently available authentication protocols were designed for
the autonomous WSN and do not account for the above requirements. In this
paper, we present a novel, lightweight and efficient key exchange and
authentication protocol suite called the Secure Mobile Sensor Network (SMSN)
Authentication Protocol. In the SMSN a mobile node goes through an initial
authentication procedure and receives a re-authentication ticket from the base
station. Later a mobile node can use this re-authentication ticket when
establishing multiple data exchange sessions and/or when moving across the
network. This scheme reduces the communication and computational complexity of
the authentication process. We proved the strength of our protocol with
rigorous security analysis and simulated the SMSN and previously proposed
schemes in an automated protocol verifier tool. Finally, we compared the
computational complexity and communication cost against well-known
authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29
pages, 15 figure
Modelling and simulation of a biometric identity-based cryptography
Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols
Identifying Native Applications with High Assurance
The work described in this paper investigates the problem
of identifying and deterring stealthy malicious processes on
a host. We point out the lack of strong application iden-
tication in main stream operating systems. We solve the
application identication problem by proposing a novel iden-
tication model in which user-level applications are required
to present identication proofs at run time to be authenti-
cated by the kernel using an embedded secret key. The se-
cret key of an application is registered with a trusted kernel
using a key registrar and is used to uniquely authenticate
and authorize the application. We present a protocol for
secure authentication of applications. Additionally, we de-
velop a system call monitoring architecture that uses our
model to verify the identity of applications when making
critical system calls. Our system call monitoring can be
integrated with existing policy specication frameworks to
enforce application-level access rights. We implement and
evaluate a prototype of our monitoring architecture in Linux
as device drivers with nearly no modication of the ker-
nel. The results from our extensive performance evaluation
shows that our prototype incurs low overhead, indicating the
feasibility of our model
Biometric identity-based cryptography for e-Government environment
Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols
- …