A new authentication and key agreement protocol for 5G wireless networks

Telecommunication Systems - Authentication and key agreement (AKA) protocol is an important security mechanism for access services in mobile communication systems. The 3GPP group has standardized...     

A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks

The secure and reliable group communication gains popularity in imbalanced mobile networks due to the increase demand of the group-oriented applications such as teleconferences, collaborative workspaces, etc. For acquiring the group security objectives, many authenticated group key agreement (AGKA) protocols exploiting the public key infrastructure have been proposed, which require additional processing and storage space for validation of the public keys and the certificates. In addition, the most of the AGKA protocols are implemented using bilinear pairing and a map-to-point (MTP) hash function. The relative computation cost of the bilinear pairing is approximately two to three times more than the elliptic curve point multiplication (ECPM) and the MTP function has higher computation cost than an ECPM. Due to the limitation of communication bandwidth, computation ability, and storage space of the low-power mobile devices, these protocols are not suitable especially for insecure imbalanced mobile networks. To cope with the aforementioned problems, in this paper, we proposed a pairing-free identity-based authenticated group key agreement protocol using elliptic curve cryptosystem. It is found that the proposed protocol, compared with the related protocols, not only improves the computational efficiencies, but also enhances the security features.     

CL-AGKA: certificateless authenticated group key agreement protocol for mobile networks

Wireless Networks - Wireless group communication has gained much popularity recently due to the increase in portable, lightweight devices. These devices are capable of performing group...     

Provably secure hybrid key agreement protocols in cluster-based wireless ad hoc networks

Wireless ad hoc networks support rapid on-demand and adaptive communication among the nodes due to their self-configurable and autonomous nature and lack of fixed infrastructure. Security is a crucial factor for such systems. Since ad hoc networks rely on the collaboration principle, the issue of key distribution and efficient group key management in such networks represents two of the most important problems. We describe hybrid solutions to the problem of key distribution and key management by reflecting ad hoc networks in a topology composed of a set of clusters. To date no security proofs exist for these types of protocols. We present two dynamically efficient schemes. We show that both our hybrid schemes are provably secure in the standard model under Decision Diffie–Hellman (DDH) assumption. The proposed protocols avoid the use of a trusted third party (TTP) or a central authority, eliminating a single point of attack. We analyse the complexity of the schemes and differentiate between the two approaches based on performance in a wireless setting. In comparison with the existing cluster-based hybrid key agreement protocols, our proposed approaches individually provide better performance in terms of both communication and computation, handle dynamic events efficiently, and are supported by sound security analysis in formal security models under standard cryptographic assumptions.     

A secure incentive protocol for mobile ad hoc networks

The proper functioning of mobile ad hoc networks depends on the hypothesis that each individual node is ready to forward packets for others. This common assumption, however, might be undermined by the existence of selfish users who are reluctant to act as packet relays in order to save their own resources. Such non-cooperative behavior would cause the sharp degradation of network throughput. To address this problem, we propose a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation among mobile nodes with individual interests. SIP can be implemented in a fully distributed way and does not require any pre-deployed infrastructure. In addition, SIP is immune to a wide range of attacks and is of low communication overhead by using a Bloom filter. Detailed simulation studies have confirmed the efficacy and efficiency of SIP. This work was supported in part by the U.S. Office of Naval Research under Young Investigator Award N000140210464 and under grant N000140210554. Yanchao Zhang received the B.E. degree in Computer Communications from Nanjing University of Posts and Telecommunications, Nanjing, China, in July 1999, and the M.E. degree in Computer Applications from Beijing University of Posts and Telecommunications, Beijing, China, in April 2002. Since September 2002, he has been working towards the Ph.D. degree in the Department of Electrical and Computer Engineering at the University of Florida, Gainesville, Florida, USA. His research interests are network and distributed system security, wireless networking, and mobile computing, with emphasis on mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and heterogeneous wired/wireless networks. Wenjing Lou is an assistant professor in the Electrical and Computer Engineering department at Worcester Polytechnic Institute. She obtained her Ph.D degree in Electrical and Computer Engineering from University of Florida in 2003. She received the M.A.Sc degree from Nanyang Technological University, Singapore, in 1998, the M.E degree and the B.E degree in Computer Science and Engineering from Xi'an Jiaotong University, China, in 1996 and 1993 respectively. From Dec 1997 to Jul 1999, she worked as a Research Engineer in Network Technology Research Center, Nanyang Technological University. Her current research interests are in the areas of ad hoc and sensor networks, with emphases on network security and routing issues. Wei Liu received his B.E. and M.E. in Electrical and Information Engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001. In August 2005, he received his PhD in Electrical and Computer Engineering from University of Florida. Currently, he is a senior technical member with Scalable Network Technologies. His research interest includes cross-layer design, and communication protocols for mobile ad hoc networks, wireless sensor networks and cellular networks. Yuguang Fang received a Ph.D. degree in Systems Engineering from Case Western Reserve University in January 1994 and a Ph.D degree in Electrical Engineering from Boston University in May 1997. He was an assistant professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology from July 1998 to May 2000. He then joined the Department of Electrical and Computer Engineering at University of Florida in May 2000 as an assistant professor, got an early promotion to an associate professor with tenure in August 2003 and a professor in August 2005. He has published over 150 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He has served on many editorial boards of technical journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEE Transactions on Mobile Computing and ACM Wireless Networks. He is a senior member of the IEEE.     

A novel authenticated group key agreement protocol for mobile environment

An authenticated group key agreement protocol allows a group of parties to authenticate each other and then determine a group key via an insecure network environment. In 2009, Lee et al. first adopted bilinear pairings to propose a new nonauthenticated group key agreement protocol and then extend it to an authenticated group key agreement protocol. This paper points out that the authenticated protocol of Lee et al. is vulnerable to an impersonation attack such that any adversary can masquerade as a legal node to determine a group key with the other legal nodes and the powerful node. This paper shall employ the short signature scheme of Zhang et al. to propose a new authenticated group key agreement protocol. The short signature scheme of Zhang et al. is proven to be secure against the adaptive chosen-message attacks in the random oracle model, so the proposed protocol can withstand the possible attacks. Besides, compared with the authenticated protocol of Lee et al., the proposed protocol is more secure and efficient.     

Trust-aware secure routing protocol for wireless sensor networks

A trust-aware secure routing protocol (TSRP) for wireless sensor networks is proposed in this paper to defend against varieties of attacks. First, each node calculates the comprehensive trust values of its neighbors based on direct trust value, indirect trust value, volatilization factor, and residual energy to defend against black hole, selective forwarding, wormhole, hello flood, and sinkhole attacks. Second, any source node that needs to send data forwards a routing request packet to its neighbors in multi-path mode, and this continues until the sink at the end is reached. Finally, the sink finds the optimal path based on the path's comprehensive trust values, transmission distance, and hop count by analyzing the received packets. Simulation results show that TSRP has lower network latency, smaller packet loss rate, and lower average network energy consumption than ad hoc on-demand distance vector routing and trust based secure routing protocol.     

可证明安全的异构无线网络认证协议

异构无线网络中互连的安全问题是当前研究的关注点，针对3G网络和WLAN（无线局域网）所构成的异构互连网络中认证协议的安全和效率问题，提出了一种基于离线计费方法的认证协议。该协议通过对WLAN服务网络身份进行验证，抵御了重定向攻击的行为；采用局部化重认证过程，减少了认证消息的传输延时，提高了认证协议的效率。仿真结果表明，该协议的平均消息传输延时相对于EAP—AKA协议缩短了大约一半。通过Canetti—Krawczyk（CK）安全模型对新协议进行了安全性证明，证明该协议具有SK—secure安全属性。     

CAKA: a novel certificateless-based cross-domain authenticated key agreement protocol for wireless mesh networks

Due to the flexibility of wireless mesh networks (WMNs) to form the backhaul subnetworks, future generation networks may have to integrate various kinds of WMNs under possibly various administrative domains. Aiming at establishing secure access and communications among the communication entities in a multi-domain WMN environment, in this paper, we intend to address the cross-domain authentication and key agreement problem. We present a light-weight cross-domain authentication and key agreement protocol, namely CAKA, under certificateless-based public key cryptosystem. CAKA has a few attractive features. First, mutual authentication and key agreement between any pair of users from different WMN domains can be easily achieved with two-round interactions. Second, no central domain authentication server is required and fast authentication for various roaming scenarios is supported by using a repeated cross-domain algorithm. Third, no revocation and renewal of certificates and key escrow are needed. Finally, it provides relatively more security features without increasing too much overhead of computation and storage. Our analysis shows that the proposed CAKA protocol is highly efficient in terms of communication overhead and resilient to various kinds of attacks.     

MANET中高效的安全簇组密钥协商协议

针对移动自组网中组密钥管理面临的诸多挑战,提出一种高效的安全簇组密钥协商协议(ESGKAP,effi-cient and secure group key agreement protocol).ESGKAP基于提出的高性能层簇式CCQ_n网络模型,有效地减少了组密钥协商过程中的秘密贡献交互开销,增加了协议的灵活性、可扩展性和容错性.ESGKAP无需控制中心,由秘密分发中心构造门限秘密共享,所有成员通过协商生成簇组密钥,提高了方案的安全性,且基于ECC密码体制提高了簇组密钥生成的效率.同时,提出高效的签密及门限联合签名方案,确保簇组成员能够对接收的簇组密钥份额进行验证,进一步增加了方案的安全性.使用串空间模型对ESGKAP方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD、A-GDH和TGDH协议比较,表明ESGKAP能有效减少节点和网络资源消耗,很好地适用于特定的移动自组网环境,具有更为明显的安全和性能优势.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

To provide mutual authentication and communication confidentiality between mobile clients and servers, numerous identity‐based authenticated key agreement (ID‐AKA) protocols were proposed to authenticate each other while constructing a common session key. In most of the existing ID‐AKA protocols, ephemeral secrets (random values) are involved in the computations of the common session key between mobile client and server. Thus, these ID‐AKA protocols might become vulnerable because of the ephemeral‐secret‐leakage (ESL) attacks in the sense that if the involved ephemeral secrets are compromised, an adversary could compute session keys and reveal the private keys of participants in an AKA protocol. Very recently, 2 ID‐AKA protocols were proposed to withstand the ESL attacks. One of them is suitable for single server environment and requires no pairing operations on the mobile client side. The other one fits multi‐server environments, but requires 2 expensive pairing operations. In this article, we present a strongly secure ID‐AKA protocol resisting ESL attacks under mobile multi‐server environments. By performance analysis and comparisons, we demonstrate that our protocol requires the lowest communication overhead, does not require any pairing operations, and is well suitable for mobile devices with limited computing capability. For security analysis, our protocol is provably secure under the computational Diffie‐Hellman assumption in the random oracle model.     

A trust enhanced secure clustering framework for wireless ad hoc networks

Secure clustering in Wireless Ad Hoc Networks is a very important issue. Traditional cryptographic solution is useless against threats from internal compromised nodes. In light of this, we propose a novel distributed secure trust aware clustering protocol that provides secure solution for data delivery. A trust model is proposed that computes the trust of a node using self and recommendation evidences of its one-hop neighbors. Therefore, it is lightweight in terms of computational and communication requirements, yet powerful in terms of flexibility in managing trust. In addition, the proposed clustering protocol organizes the network into one-hop disjoint clusters and elects the most qualified, trustworthy node as a Clusterhead. This election is done by an authenticated voting scheme using parallel multiple signatures. Analysis of the protocol shows that it is more efficient and secure compared to similar existing schemes. Simulation results show that proposed protocol outperforms the popular ECS, CBRP and CBTRP in terms of throughput and packet delivery ratio with a reasonable communication overhead and latency in presence of malicious nodes.     

Design of a lightweight and anonymous authenticated key agreement protocol for wireless body area networks

Wireless body area networks (WBANs) are a network designed to gather critical information about the physical conditions of patients and to exchange this information. WBANs are prone to attacks, more than other networks, because of their mobility and the public channel they use. Therefore, mutual authentication and privacy protection are critical for WBANs to prevent attackers from accessing confidential information of patients and executing undetectable physical attacks. In addition, in the authentication and key agreement process, messages should be transferred anonymously such that they are not linkable. In this paper, we first indicate that one of the most recently introduced authentication protocol is vulnerable to the wrong session key agreement attack and desynchronization attack. Second, we propose a lightweight authentication and key agreement protocol, which can withstand the well‐known attacks and provide the anonymity feature. Eventually, we analyze the security of our proposed protocol using both Automated Validation of Internet Security Protocols and Applications (AVISPA) and random oracle model and compare its performance with the related works. The results demonstrate the superiority of our proposed protocol in comparison with the other protocols.     

A region-based routing protocol for wireless mobile ad hoc networks

Flooding-based route discovery is widely assumed in existing routing protocols of wireless ad hoc networks. Network-wide flooding enables the discovery of optimal routes from sources to destinations; however, as all network nodes are required to participate in the relays of route request packets, substantial control overhead is inevitable. Some efficient broadcast schemes can suppress redundant packet relays, but they often suppress the discovery of optimal routes, too. In this article we propose to dynamically create a prerouting region between each source-destination pair and limit the propagations of route request packets only within this region. The prerouting region effectively restricts route discovery activities to the nodes that most likely constitute the optimal or near-optimal routes. Consequently, not only is route construction overhead significantly reduced; route optimality is also guaranteed. The article presents a region-based routing (REGR) protocol covering both new route formation cases and route update cases. Simulations show that our protocol is particularly beneficial to dense and large-scale mobile ad hoc networks.     

Anonymous three-factor authenticated key agreement for wireless sensor networks

Wireless Networks - Secure information exchange in wireless sensor networks (WSN) is a continuing issue since the resource-constrained sensors generally deployed over an unattended environment. To...     

An Aloha protocol for multihop mobile wireless networks

An Aloha-type access control mechanism for large mobile, multihop, wireless networks is defined and analyzed. This access scheme is designed for the multihop context, where it is important to find a compromise between the spatial density of communications and the range of each transmission. More precisely, the analysis aims at optimizing the product of the number of simultaneously successful transmissions per unit of space (spatial reuse) by the average range of each transmission. The optimization is obtained via an averaging over all Poisson configurations for the location of interfering mobiles, where an exact evaluation of signal over noise ratio is possible. The main mathematical tools stem from stochastic geometry and are spatial versions of the so-called additive and max shot noise processes. The resulting medium access control (MAC) protocol exhibits some interesting properties. First, it can be implemented in a decentralized way provided some local geographic information is available to the mobiles. In addition, its transport capacity is proportional to the square root of the density of mobiles which is the upper bound of Gupta and Kumar. Finally, this protocol is self-adapting to the node density and it does not require prior knowledge of this density.     

一种新的适于Ad hoc网可认证密钥协商协议

提出一种新的适于Ad hoc网可认证密钥协商协议。基于签密技术。在同一逻辑步内同时实现了认证和加密功能,提高了密钥协商效率;基于身份的公钥密码系统,降低了建立和管理公钥基础设施的代价;应用椭圆曲线上双线性对,使得该协议能以短的密钥和小的计算量实现同等安全要求。与已有密钥协商协议相比,新协议计算和传输量小,带宽要求低,安全性高,适合能源和带宽受限的Ad hoc网络。     

Identity-based key agreement and encryption for wireless sensor networks

1 Introduction WSN has received considerable attention during last decade [1?4] (see, for example, the proceedings of the ACM and IEEE Workshops on WSN). It has wide variety of applications, including military sensing and tracking, environment and securit…