A lightweight anonymous authentication scheme for secure cloud computing services

The Journal of Supercomputing - Cloud computing represents the latest technology that has revolutionized the world of business. It is a promising solution giving companies the possibility of...     

An identity authentication scheme based on cloud computing environment

In order to solve the shortcomings of traditional identity authentication technology, such as low security, low efficiency, a mobile terminal identity authentication scheme based on cloud computing environment is proposed in this paper. In addition, the two-dimensional code technology is used for identity authentication in the cloud computing environment, and the QR coding technology is also used. The dynamic authentication of the mobile terminal is realized by using the two-dimensional code as the information transmission carrier. According to the security analysis, the scheme has simple structure and no need to use the third party equipment, which has high security and adaptability. Finally, the two fusion of two-dimensional code proposed in this paper provides a new way of thinking for the identity authentication based on the cloud environment, and also promotes the development of the Internet of things.     

Provably secure authenticated key agreement scheme for distributed mobile cloud computing services

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.     

云计算中基于可转换代理签密的可证安全的认证协议

云用户与公有云之间的双向认证是云计算中用户访问公有云的重要前提.2011年,Juang等首次提出了云计算环境下采用代理签名的认证协议,其优点是用户只需到私有云中注册,然后在私有云的帮助下通过公有云的认证.但是,该方案存在3个缺陷:1)为保护用户的隐私,每次会话都需更新用户公钥;2)当私有云中的许多用户同时登录不同的公有云时,私有云会遭遇网络拥堵;3)用户的私有云与访问的公有云之间需要预先共享秘密.为弥补上述不足,提出了一种保护用户隐私的可证安全的可转换代理签密方案,基于该方案设计了一种一轮云计算认证协议.新方案的优点在于用户向私有云注册后,就能通过公有云的认证,而不需要私有云的帮助,并且它还能保护用户的隐私性、抗抵赖性.协议不需要在每次会话开始前更新用户公钥,同时私有云与访问的公有云之间不再需要预先共享秘密.在随机谕言机模型下证明了新协议的安全性,并且比较说明新协议在效率方面优于Juang等的协议.     

Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card

The Journal of Supercomputing - The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular...     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.     

基于安全多方计算的匿名认证方案

把匿名认证抽象为一个具体的安全多方计算问题,转而寻求对该具体问题的求解。基于线性方程组的求解理论,构建了一个匿名认证模型。继而设计了一个两方安全计算矩阵与向量乘积协议,并基于该协议提出了一个完整的匿名认证方案。该方案安全、高效,存储开销小,特别适宜于资源受限的设备或网络。     

一种强安全的WSN用户认证及密钥协商方案

针对无线传感器网络双因素用户认证方案中智能卡内敏感信息被破译、公共信道信息传输被侦听引起的匿名性隐患及密码猜测等攻击,在T-M方案的基础上,注册阶段采用哈希加密深度隐藏了用户隐私信息,增强智能卡中元素的抗猜测性;又将网关作为消息中转站提前对用户进行验证,调整了信息传输结构及认证方式,减少节点能耗且加强消息传输的安全防护;同时,在网关端添加写保护用户身份日志表,及时记录用户登录信息,以防资源滥用。理论分析及实验显示了所提方案有效抵御了T-M方案的不足,大大减少了传感节点的通信开销,提供更多的安全防护且具有计费功能。     

A novel NMF-based authentication scheme for encrypted speech in cloud computing

Multimedia Tools and Applications - Authentication of encrypted speeches is a technique that can judge the integrity of encrypted speech in cloud computing, even the encrypted speeches have been...     

An efficient and secure multi-server authentication scheme with key agreement

Remote user authentication is used to validate the legitimacy of a remote log-in user. Due to the rapid growth of computer networks, many network environments have been becoming multi-server based. Recently, much research has been focused on proposing remote password authentication schemes based on smart cards for securing multi-server environments. Each of these schemes used either a nonce or a timestamp technique to prevent the replay attack. However, using the nonce technique to withstand the replay attack is potentially susceptible to the man-in-the-middle attack. Alternatively, when employing the timestamp method to secure remote password authentication, it will require the cost of implementing clock synchronization. In order to solve the above two issues, this paper proposes a self-verified timestamp technique to help the smart-card-based authentication scheme not only effectively achieve password-authenticated key agreement but also avoid the difficulty of implementing clock synchronization in multi-server environments. A secure authenticated key agreement should accomplish both mutual authentication and session key establishment. Therefore, in this paper we further give the formal proof on the execution of the proposed authenticated key agreement scheme.     

可分发密钥的双向口令认证方案

研究在认证服务器拥有公私钥对和客户端有容易记忆的弱口令条件下,实现强认证和密钥交换的安全协议.对Wangr的方案进行了安全性分析,发现该协议不能抵抗许多种攻击方式.提出一种在不安全网络上集口令认证、口令更改和密钥建立的方案,通过对新方案与Hwang-Yeh方案、Peyravian-Zunic方案、Peyravian-Jeffries方案和Wang方案进行的安全性对比分析,分析结果表明新口令认证方案具有更高的安全性和实用性.     

New scheme for measurement-device-independent quantum key distribution

We propose a new scheme for measurement-device-independent quantum key distribution (MDI-QKD) with a two-mode state source. In this scheme, the trigger state is split into different paths and detected at both senders; thus, four types of detection events can be obtained. Based on these events, the signal state is divided into four non-empty sets that can be used for parameter estimation and key extraction. Additionally, we carry out a performance analysis on the scheme with two-intensity (vacuum state and signal state) heralded single-photon sources. We also numerically study the statistical fluctuation in the actual system. Our simulations show that the error rate and the secure transmission distance of our two-intensity scheme are better than those of existing three- and four-intensity MDI-QKD schemes with different light sources. Considering statistical fluctuations, the maximum secure distance of our scheme can reach 344 km when the data length is 10¹³ and remains as long as 250 km when the data length is 10¹⁰. Moreover, our scheme improves the system performance and reduces the challenges of implementing the system.     

A secure image authentication scheme based on dual fragile watermark

Multimedia Tools and Applications - Both security and tamper localization are essential for fragile watermarking techniques. Embedded fragile watermark should be sensitive enough to cover images....     

基于CPK的可信平台用户登录认证方案

用户登录身份认证是建立操作系统可信性的一个非常重要的环节,是建立可信计算环境的基础。首先讨论了认证的相关技术,介绍了CPK（组合公钥）原理,然后根据可信计算组织的规范,利用CPK算法和动态验证码的技术,提出了一种基于CPK的可信平台用户登录认证方案,该方案属于双因素认证方案,将认证和授权严格分开,并启发式分析了方案的特色和安全,最后在串空间模型下证明了方案的安全性,取得了比TCG标准中引用的方案更好的性能。     

An anonymous and secure authentication and key agreement scheme for session initiation protocol

Multimedia Tools and Applications - In 2014, Arshad and Nikooghadam proposed an authentication and key agreement scheme for SIP to conquer the existing defects in Irshad et al.’s scheme. They...     

云计算身份认证模型研究

云计算是在继承和融合众多技术基础上的一个突破性创新,已成为当前应用和研究的重点与热点。其中,云用户与云服务之间以及云平台中不同系统之间的身份认证与资源授权是确保云计算安全性的前提。在简要介绍云计算信息基础架构的基础上,针对云计算统一身份认证的特点和要求,综合分析了SAML2.0、OAuth2.0和Open ID2.0等技术规范的功能特点,提出了一种开放标准的云计算身份认证模型,为云计算中逻辑安全域的形成与管理提供了参考。     

A secure biometric based multi-server authentication scheme for social multimedia networks

Social networking is one of the major source of massive data. Such data is not only difficult to store, manipulate and maintain but it’s open access makes it security prone. Therefore, robust and efficient authentication should be devised to make it invincible against the known security attacks. Moreover, social networking services are intrinsically multi-server environments, therefore compatible and suitable authentication should be designed accordingly. Sundry authentication protocols are being utilized at the moment and many of them are designed for single server architecture. This type of remote architecture resists each user to get itself register with each server if multiple servers are employed to offer online social services. Recently multi-server architecture for authentication has replaced the single server architecture, and it enable users to register once and procure services from multiple servers. A short time ago, Lu et al. presented two authentication schemes based on three factors. Furthermore, both Lu et al.’s schemes are designed for multi-server architecture. Lu et al. claimed the schemes to be invincible against the known attacks. However, this paper shows that one of the Lu et al.’s scheme is susceptible to user anonymity violation and impersonation attacks, whereas Lu et al.’s second scheme is susceptible to user impersonation attack. Therefore an enhanced scheme is introduced in this paper. The proposed scheme is more robust than subsisting schemes. The proposed scheme is thoroughly verified and validated with formal and informal security discussion, and through the popular automated tool ProVerif. The in-depth analysis affirms that proposed scheme is lightweight in terms of computations while attaining mutual authentication and is invincible against the known attacks, hence is more suitable for automated big data analysis for social multimedia networking environments.     

基于移动agent的云计算身份认证机制研究

针对当前云计算的安全需求,提出了一种适用于云计算环境下的身份认证方案。首先设计出适用于云计算身份认证场景的移动agent(mobile agent)结构模型,然后给出了基于mobile agent的云计算安全认证策略。该方案引入了可信第三方机构对认证agent建立定量信任评估,每次进行认证前通过信任度的判断对认证过程进行控制;在认证完成后,又进一步引入了信任反馈评价机制。理论分析和原型系统的实现表明,提出的云计算认证方案具有一定的可行性和可用性。     

云计算多授权中心CP-ABE代理重加密方案

代理重加密技术可使代理在不知道明文的条件下实现密文访问策略转换,这使代理重加密成为用户之间进行数据分享的重要技术。然而,代理重加密方案大多数是在单授权中心下构建的,存在授权机构权限大、易出现性能瓶颈和用户的计算开销大等问题。同时,大多数方案不满足代理重加密应具备的5个基本特性：单向性、可控性、非交互性、可重复性与可验证性。为解决以上问题,提出支持重复可控特性的云计算多授权中心CP-ABE(ciphertext-policy attribute-based encryption)代理重加密方案。在密文策略属性加密方案的基础上,引入代理加密和代理解密服务器从而减小用户客户端的计算开销,设置多个属性授权中心来分散中央机构权限。对代理重加密技术进行改进：在重加密密钥中设置随机因子和密文子项来实现单向性和可控性;设置的重加密密钥由客户端独立生成,不需要其他服务器参与,可实现非交互性,即可在数据拥有者为不在线状态时也可以进行数据分享;在初始密文中设置密文子项,对其多次加密即可实现重复性;在初始密文中设置验证子项,用户可验证外包以及重加密结果正确与否。通过与其他方案对比发现,所提方案的用户客户端计算...     

面向移动云的基于时间的增量备份方案

提出一种面向移动云计算的基于时间的数据安全增量备份方案,该方案针对移动设备的重要数据信息,将时间作为参数引入到数据加密中,依据时间阶段对用户上传的数据进行增量备份,既解决了对最新的敏感数据及时备份问题,又解决了由于备份密钥丢失造成的全部密文泄露问题。