scispace - formally typeset
Search or ask a question

Showing papers on "Message authentication code published in 2008"


Proceedings ArticleDOI
19 May 2008
TL;DR: This paper introduces a novel RSU-aided messages authentication scheme, called RAISE, which adopts the k-anonymity approach to protect user identity privacy, where an adversary cannot associate a message with a particular vehicle.
Abstract: Addressing security and privacy issues is a prerequisite for a market-ready vehicular communication network Although recent related studies have already addressed most of these issues, few of them have taken scalability issues into consideration When the traffic density becomes larger, a vehicle cannot verify all signatures of the messages sent by its neighbors in a timely manner, which results in message loss Communication overhead as another issue has also not been well addressed in previously reported studies To deal with these issues, this paper introduces a novel RSU-aided messages authentication scheme, called RAISE With RAISE, roadside units (RSUs) are responsible for verifying the authenticity of the messages sent from vehicles and for notifying the results back to vehicles In addition, our scheme adopts the k-anonymity approach to protect user identity privacy, where an adversary cannot associate a message with a particular vehicle Extensive simulations are conducted to verify the proposed scheme, which demonstrates that RAISE yields much better performance than any of the previously reported counterparts in terms of message loss ratio and delay

281 citations


Journal ArticleDOI
TL;DR: A novel roadside unit-aided message authentication scheme named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles, and adopts the k- anonymity property for preserving user privacy.
Abstract: In this paper, we introduce a novel roadside unit (RSU)-aided message authentication scheme named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k- anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. In the case of the absence of an RSU, we further propose a supplementary scheme, where vehicles would cooperatively work to probabilistically verify only a small percentage of these message signatures based on their own computing capacity. Extensive simulations are conducted to validate the proposed scheme. It is demonstrated that RAISE yields a much better performance than previously reported counterparts in terms of message loss ratio (LR) and delay.

251 citations


Journal ArticleDOI
TL;DR: A general analysis and design framework for authentication at the physical layer where the authentication information is transmitted concurrently with the data by superimposing a carefully designed secret modulation on the waveforms is introduced.
Abstract: Authentication is the process where claims of identity are verified. Most mechanisms of authentication (e.g., digital signatures and certificates) exist above the physical layer, though some (e.g., spread-spectrum communications) exist at the physical layer often with an additional cost in bandwidth. This paper introduces a general analysis and design framework for authentication at the physical layer where the authentication information is transmitted concurrently with the data. By superimposing a carefully designed secret modulation on the waveforms, authentication is added to the signal without requiring additional bandwidth, as do spread-spectrum methods. The authentication is designed to be stealthy to the uninformed user, robust to interference, and secure for identity verification. The tradeoffs between these three goals are identified and analyzed in block fading channels. The use of the authentication for channel estimation is also considered, and an improved bit-error rate is demonstrated for time-varying channels. Finally, simulation results are given that demonstrate the potential application of this authentication technique.

236 citations


Book ChapterDOI
10 Aug 2008
TL;DR: In this paper, the authors consider the options available, including constructions based around compact block ciphers, and highlight the difficulties in designing lightweight hash functions and urge caution when routinely appealing to a hash function in an RFID-tag protocol.
Abstract: The security challenges posed by RFID-tag deployments are well-known. In response there is a rich literature on new cryptographic protocols and an on-tag hash function is often assumed by protocol designers. Yet cheap tags pose severe implementation challenges and it is far from clear that a suitable hash function even exists. In this paper we consider the options available, including constructions based around compact block ciphers. While we describe the most compact hash functions available today, our work serves to highlight the difficulties in designing lightweight hash functions and (echoing [17]) we urge caution when routinely appealing to a hash function in an RFID-tag protocol.

198 citations


Journal ArticleDOI
TL;DR: A more flexible authentication protocol that provides comparable protection without the need for a central database is proposed and a protocol for secure search for RFID tags is suggested.
Abstract: With the increased popularity of RFID applications, different authentication schemes have been proposed to provide security and privacy protection for users. Most recent RFID protocols use a central database to store the RFID tag data. The RFID reader first queries the RFID tag and returns the reply to the database. After authentication, the database returns the tag data to the reader. In this paper, we propose a more flexible authentication protocol that provides comparable protection without the need for a central database. We also suggest a protocol for secure search for RFID tags. We believe that as RFID applications become widespread, the ability to securely search for RFID tags will be increasingly useful.

189 citations


Proceedings ArticleDOI
17 May 2008
TL;DR: This work shows that pairwise-independent hash functions can be computed by linear-size circuits, disproving a conjecture of Mansour, Nisan, and Tiwari (STOC 1990), and suggests the intriguing possibility that the ultimate efficiency in this area of cryptography can be obtained via such techniques.
Abstract: Current constructions of cryptographic primitives typically involve a large multiplicative computational overhead that grows with the desired level of security. We explore the possibility of implementing basic cryptographic primitives, such as encryption, authentication, signatures, and secure two-party computation, while incurring only a constant computational overhead compared to insecure implementations of the same tasks. Here we make the usual security requirement that the advantage of any polynomial-time attacker must be negligible in the input length. We obtain affirmative answers to this question for most central cryptographic primitives under plausible, albeit sometimes nonstandard, intractability assumptions. We start by showing that pairwise-independent hash functions can be computed by linear-size circuits, disproving a conjecture of Mansour, Nisan, and Tiwari (STOC 1990). This construction does not rely on any unproven assumptions and is of independent interest. Our hash functions can be used to construct message authentication schemes with constant overhead from any one-way function. Under an intractability assumption that generalizes a previous assumption of Alekhnovich (FOCS 2003), we get (public and private key) encryption schemes with constant overhead. Using an exponentially strong version of the previous assumption, we get signature schemes of similar complexity. Assuming the existence of pseudorandom generators in NC z with polynomial stretch together with the existence of an (arbitrary) oblivious transfer protocol, we get similar results for the seemingly very complex task of secure two-party computation. More concretely, we get general protocols for secure two-party computation in the semi-honest model in which the two parties can be implemented by circuits whose size is a constant multiple of the size s of the circuit to be evaluated. In the malicious model, we get protocols whose communication complexity is a constant multiple of s and whose computational complexity is slightly super-linear in s. For natural relaxations of security in the malicious model that are still meaningful in practice, we can also keep the computational complexity linear in s. These results extend to the case of a constant number of parties, where an arbitrary subset of the parties can be corrupted. Our protocols rely on non-black-box techniques, and suggest the intriguing possibility that the ultimate efficiency in this area of cryptography can be obtained via such techniques.

188 citations


Journal ArticleDOI
TL;DR: This paper will discuss a few problems found in the enhanced scheme and then propose how to overcome them, regarding the properties of anonymity and backward secrecy.
Abstract: Recently, a new authentication scheme with anonymity for wireless communications has been proposed, and then some security problems have been demonstrated. In this paper, we will discuss a few problems found in the enhanced scheme and then propose how to overcome them, regarding the properties of anonymity and backward secrecy.

183 citations


Journal ArticleDOI
TL;DR: Simulation results demonstrate that TSVC maintains acceptable packet latency with much less packet overhead, while significantly reducing the packet loss ratio compared with that of the existing public key infrastructure (PKI) based schemes, especially when the road traffic is heavy.
Abstract: In this paper, we propose a timed efficient and secure vehicular communication (TSVC) scheme with privacy preservation, which aims at minimizing the packet overhead in terms of signature overhead and signature verification latency without compromising the security and privacy requirements. Compared with currently existing public key based packet authentication schemes for security and privacy, the communication and computation overhead of TSVC can be significantly reduced due to the short message authentication code (MAC) tag attached in each packet for the packet authentication, by which only a fast hash operation is required to verify each packet. Simulation results demonstrate that TSVC maintains acceptable packet latency with much less packet overhead, while significantly reducing the packet loss ratio compared with that of the existing public key infrastructure (PKI) based schemes, especially when the road traffic is heavy.

175 citations


Journal ArticleDOI
TL;DR: This paper proposes a robust and efficient user authentication and key agreement scheme using smart cards that can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.
Abstract: User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.

173 citations


Book ChapterDOI
08 Apr 2008
TL;DR: In this article, the authors investigate the notion of aggregate message authentication codes (MACs) which have the property that multiple MAC tags, computed by (possibly) different senders on multiple (possibly different) messages, can be aggregated into a shorter tag that can still be verified by a recipient who shares a distinct key with each sender.
Abstract: We propose and investigate the notion of aggregate message authentication codes (MACs) which have the property that multiple MAC tags, computed by (possibly) different senders on multiple (possibly different) messages, can be aggregated into a shorter tag that can still be verified by a recipient who shares a distinct key with each sender. We suggest aggregate MACs as an appropriate tool for authenticated communication in mobile ad-hoc networks or other settings where resource-constrained devices share distinct keys with a single entity (such as a base station), and communication is an expensive resource.

166 citations


Journal ArticleDOI
TL;DR: This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions.
Abstract: We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Our tool produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of examples of protocols from the literature.

Journal ArticleDOI
TL;DR: A location-aware end-to-end security framework in which secret keys are bound to geographic locations and each node stores a few keys based on its own location, which effectively limits the impact of compromised nodes only to their vicinity without affecting end- to-end data security.
Abstract: Providing desirable data security, that is, confidentiality, authenticity, and availability, in wireless sensor networks (WSNs) is challenging, as a WSN usually consists of a large number of resource constraint sensor nodes that are generally deployed in unattended/hostile environments and, hence, are exposed to many types of severe insider attacks due to node compromise. Existing security designs mostly provide a hop-by-hop security paradigm and thus are vulnerable to such attacks. Furthermore, existing security designs are also vulnerable to many types of denial of service (DoS) attacks, such as report disruption attacks and selective forwarding attacks and thus put data availability at stake. In this paper, we seek to overcome these vulnerabilities for large-scale static WSNs. We come up with a location-aware end-to-end security framework in which secret keys are bound to geographic locations and each node stores a few keys based on its own location. This location-aware property effectively limits the impact of compromised nodes only to their vicinity without affecting end-to-end data security. The proposed multifunctional key management framework assures both node-to-sink and node-to-node authentication along the report forwarding routes. Moreover, the proposed data delivery approach guarantees efficient en-route bogus data filtering and is highly robust against DoS attacks. The evaluation demonstrates that the proposed design is highly resilient against an increasing number of compromised nodes and effective in energy savings.

Proceedings ArticleDOI
24 Oct 2008
TL;DR: This paper proposes an efficient delayed data authentication using compound message authentication codes, calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication.
Abstract: Modern vehicles contain an in-vehicle network consisting of a number of electronic control units (ECUs). These ECUs are responsible for most of the functionality in the vehicle, including vehicle control and maneuverability. To date, no security features exist in this network since it has been isolated. However, an upcoming trend among automobile manufacturers is to establish a wireless connection to the vehicle to provide remote diagnostics and software updates. As a consequence, the in-vehicle network is exposed to external communication, and a potential entry point for attackers is introduced. Messages sent on the in-vehicle network lack integrity protection and data authentication; thus, the network is vulnerable to injection and modification attacks. Due to the real-time constraints and the limited resources in the ECUs, achieving data authentication is a challenge. In this paper, we propose an efficient delayed data authentication using compound message authentication codes. A message authentication code is calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication. This data authentication could be used to detect and possibly recover from injection and modification attacks in the in-vehicle network.

Proceedings ArticleDOI
16 Apr 2008
TL;DR: This paper designs a new authentication protocol named EC-RAC using EC (Elliptic Curve) cryptography, which can be proved for its security in the generic group model and is carefully designed to minimize its computational workload.
Abstract: Operational and security requirements for RFID systems such as system scalability, anonymity and anti-cloning are difficult to obtain due to constraints in area, memory, etc. Due to scarceness of resources most of the proposed protocols were designed using symmetric key cryptographic algorithms. However, it has been shown that it is inevitable to use public-key cryptographic algorithms to satisfy these requirements [1]. Moreover, general public-key cryptography based authentication protocols are vulnerable in terms of anonymity, which is shown in this paper. Accordingly, we design a new authentication protocol named EC-RAC using EC (Elliptic Curve) cryptography. EC-RAC can be proved for its security in the generic group model and is carefully designed to minimize its computational workload. Moreover, we present the implementation results of EC-RAC to show its feasibility for RFID systems.

Proceedings ArticleDOI
19 May 2008
TL;DR: This paper presents a protocol for secure firmware updates over the air, which provides data integrity, data authentication, data confidentiality, and freshness, and is well suited to the limited hardware resources in the wireless vehicle environment.
Abstract: Modern intelligent vehicles have electronic control units containing firmware that enables various functions in the vehicle. New firmware versions are constantly developed to remove bugs and improve functionality. Automobile manufacturers have traditionally performed firmware updates over cables but in the near future they are aiming at conducting firmware updates over the air, which would allow faster updates and improved safety for the driver. In this paper, we present a protocol for secure firmware updates over the air. The protocol provides data integrity, data authentication, data confidentiality, and freshness. In our protocol, a hash chain is created of the firmware, and the first packet is signed by a trusted source, thus authenticating the whole chain. Moreover, the packets are encrypted using symmetric keys. We discuss the practical considerations that exist for implementing our protocol and show that the protocol is computationally efficient, has low memory overhead, and is suitable for wireless communication. Therefore, it is well suited to the limited hardware resources in the wireless vehicle environment.

Proceedings ArticleDOI
17 Mar 2008
TL;DR: This paper presents a lightweight challenge response authentication scheme based on noisy physical unclonable functions (PUF) that allows for extremely efficient implementations and provides cryptographically strong tamper resilience in a network setting.
Abstract: Low cost devices such as RFIDs, sensor network nodes, and smartcards are crucial for building the next generation pervasive and ubiquitous networks. The inherent power and footprint limitations of such networks, prevent us from employing standard cryptographic techniques for authentication which were originally designed to secure high end systems with abundant power. Furthermore, the sharp increase in the number, diversity and strength of physical attacks which directly target the implementation may have devastating consequences in a network setting creating a single point of failure. A compromised node may leak a master key, or may give the attacker an opportunity for injecting faulty messages. In this paper we present a lightweight challenge response authentication scheme based on noisy physical unclonable functions (PUF) that allows for extremely efficient implementations. Furthermore, the inherent properties of PUFs provide cryptographically strong tamper resilience. In a network setting this means that a tampered device will no longer authenticate and in a sense will be isolated from the network.

Book ChapterDOI
17 Aug 2008
TL;DR: In this paper, the authors discuss key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions, and show that while universal hash function offers provable security, their simple combinatorial properties make them less robust than conventional message authentication primitives.
Abstract: This paper discusses key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions. The attacks use a substantial number of verification queries but eventually allow for universal forgeries instead of existential or multiple forgeries. This means that the security of the algorithms completely collapses once a few forgeries are found. Some of these attacks start off by exploiting a weak key property, but turn out to become full-fledged divide and conquer attacks because of the specific structure of the universal hash functions considered. Partial information on a secret key can be exploited too, in the sense that it renders some key recovery attacks practical as soon as a few key bits are known. These results show that while universal hash functions offer provable security, high speeds and parallelism, their simple combinatorial properties make them less robust than conventional message authentication primitives.

Journal ArticleDOI
TL;DR: This paper proposes an end-to-end, statistical approach for data authentication that provides inherent support for in-network processing and shows that the proposed scheme can successfully authenticate the sensory data with high confidence.

Patent
Masato Kitazoe1, Arnaud Meylan1
19 Dec 2008
TL;DR: In this article, the UE may send the message in a protocol data unit (PDU) and may send additional information (e.g., buffer status report) in the PDU if it can accommodate the additional information.
Abstract: Techniques for sending a message for random access by a user equipment (UE) are described. In an aspect, the UE may send the message on a control channel for random access and may send a reserved channel identifier to indicate the message being sent on the control channel. In another aspect, the UE may send the message in a protocol data unit (PDU) and may send additional information (e.g., a buffer status report) in the PDU if it can accommodate the additional information. In yet another aspect, the UE may generate a short message authentication code for integrity protection (MAC-I) for the message. The short MAC-I may have a smaller size and may be used to authenticate the UE. In yet another aspect, the UE may send a UE ID of one of multiple types for random access and may convey the UE ID type via a format field in the message.

Posted Content
TL;DR: An authentication counterpart of Wyner's study of the wiretap channel is developed, in which shared key information is used to provide simultaneous protection against both types of attacks and fundamental limits on message authentication over noisy channels are fully characterized.
Abstract: In this work, message authentication over noisy channels is studied. The model developed in this paper is the authentication theory counterpart of Wyner's wiretap channel model. Two types of opponent attacks, namely impersonation attacks and substitution attacks, are investigated for both single message and multiple message authentication scenarios. For each scenario, information theoretic lower and upper bounds on the opponent's success probability are derived. Remarkably, in both scenarios, lower and upper bounds are shown to match, and hence the fundamental limit of message authentication over noisy channels is fully characterized. The opponent's success probability is further shown to be smaller than that derived in the classic authentication model in which the channel is assumed to be noiseless. These results rely on a proposed novel authentication scheme in which key information is used to provide simultaneous protection again both types of attacks.

Proceedings ArticleDOI
19 May 2008
TL;DR: Simulations in a typical indoor building show that the scheme based on the Neyman-Pearson test is more robust against terminal mobility, and is able to detect spoofing attacks efficiently with small system overhead when the terminal moves with a typical pedestrian speed.
Abstract: We propose an enhanced physical-layer authentication scheme for multi-carrier wireless systems, where transmission bursts consist of multiple frames. More specifically, it is based on the spatial variability characteristic of wireless channels, and able to work with moderate terminal mobility. For the authentication of the first frame in each data burst, the legal transmitter uses the saved channel response from the previous burst as the key for authentication of the first frame in the next burst. The key is obtained either via feedback from the receiver, or using the symmetric channel property of a TDD system. Then the authentication of the following frames in the burst is performed either by a Neyman-Pearson hypothesis test, or a least-squares adaptive channel estimator. Simulations in a typical indoor building show that the scheme based on the Neyman-Pearson test is more robust against terminal mobility, and is able to detect spoofing attacks efficiently with small system overhead when the terminal moves with a typical pedestrian speed.

Proceedings ArticleDOI
13 Apr 2008
TL;DR: A novel message authentication approach which adopts a perturbed polynomial-based technique to simultaneously accomplish the goals of lightweight, resilience to a large number of node compromises, immediate authentication, scalability, and non-repudiation is proposed.
Abstract: Numerous authentication schemes have been proposed in the past for protecting communication authenticity and integrity in wireless sensor networks. Most of them however have following limitations: high computation or communication overhead, no resilience to a large number of node compromises, delayed authentication, lack of scalability, etc. To address these issues, we propose in this paper a novel message authentication approach which adopts a perturbed polynomial-based technique to simultaneously accomplish the goals of lightweight, resilience to a large number of node compromises, immediate authentication, scalability, and non-repudiation. Extensive analysis and experiments have also been conducted to evaluate the scheme in terms of security properties and system overhead.

Proceedings ArticleDOI
13 May 2008
TL;DR: In this paper, a comprehensive study of the existing graphical password schemes is performed and they are compared and categorized into two groups; recognition- based scheme and recall-based scheme.
Abstract: Text-based passwords are ubiquitous authentication system. This traditional authentication system is well- known for its flaws in the aspects of usability and security issues that bring problems to users. Hence, there is a need for alternative mechanism to overcome these problems. Graphical passwords, which consist of clicking or dragging activities on the pictures rather than typing textual characters, might be the option to overcome the problems that arise from the text-based passwords system. In this paper, a comprehensive study of the existing graphical password schemes is performed. We compared and categorized these schemes into two groups; recognition-based scheme and recall-based scheme. We also list out several usability and security features for research continuity in this area.

Proceedings ArticleDOI
01 Dec 2008
TL;DR: This paper proposes a technique of processing the signature of a customer and then dividing it into shares, which is used to take the decision on acceptance or rejection of the output and authenticate the customer.
Abstract: Core banking is a set of services provided by a group of networked bank branches. Bank customers may access their funds and perform other simple transactions from any of the member branch offices. The major issue in core banking is the authenticity of the customer. Due to unavoidable hacking of the databases on the Internet, it is always quite difficult to trust the information on the Internet. To solve this problem of authentication, we are proposing an algorithm based on image processing and visual cryptography. This paper proposes a technique of processing the signature of a customer and then dividing it into shares. Total number of shares to be created is depending on the scheme chosen by the bank. When two shares are created, one is stored in the bank database and the other is kept by the customer. The customer has to present the share during all of his transactions. This share is stacked with the first share to get the original signature. The correlation method is used to take the decision on acceptance or rejection of the output and authenticate the customer.

Proceedings ArticleDOI
23 Jun 2008
TL;DR: This paper proposes a signature-based biometric authentication system, where signal processing techniques are applied to the acquired on-line signature in order to generate protected templates, from which retrieving the original data is computationally as hard as randomly guessing them.
Abstract: The security of biometric data is a very important issue in the deployment of biometric-based recognition systems. In this paper, we propose a signature-based biometric authentication system, where signal processing techniques are applied to the acquired on-line signature in order to generate protected templates, from which retrieving the original data is computationally as hard as randomly guessing them. A hidden Markov model (HMM)-based matching strategy is employed to compare the transformed signatures. The proposed protected authentication system generates a score as the result of the matching process, thus allowing to implement protected multibiometric recognition systems, through the application of score-fusion techniques. The experimental results show that, at the cost of only a slight performance reduction, the desired protection for the employed biometric templates can be properly achieved.

Proceedings ArticleDOI
Haojin Zhu1, Xiaodong Lin1, Rongxing Lu1, Pin-Han Ho1, Xuemin Shen1 
19 May 2008
TL;DR: This work introduces a novel aggregated emergency message authentication (AEMA) scheme to validate an emergency event that makes use of syntactic aggregation and cryptographic aggregation techniques to dramatically reduce the transmission cost, and adopt batch verification technique for efficient emergency messages verification.
Abstract: To achieve efficient authentication on emergency events in vehicular ad hoc networks, we introduce a novel aggregated emergency message authentication (AEMA) scheme to validate an emergency event. We make use of syntactic aggregation and cryptographic aggregation techniques to dramatically reduce the transmission cost, and adopt batch verification technique for efficient emergency messages verification. Compared with existing emergency message authentication approaches, our scheme shows the superiority on generality, enhanced security and efficiency.

Proceedings ArticleDOI
07 Jan 2008
TL;DR: The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions.
Abstract: In this paper, we propose a new user authentication (UA) scheme based on one-time password (OTP) protocol using smart cards for home networks. The proposed scheme is to authenticate home users who uses home devices. Several techniques using technology based on biometrics, passwords, certificates, and smart cards can be used for user authentication in the similar environments. However, such user authentication techniques must be examined before being employed in an environment where home devices have low efficiency and performance. Here, we present the important security functions of home networks. The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol. Also, it is a well suited solution and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions. Our proposed scheme can protect against illegal access for home services and devices and does not allow unnecessary service access by legitimate users. Therefore, it allows the user to provide real-time privilege control and good implementation in secure home networks.

Proceedings ArticleDOI
19 May 2008
TL;DR: This paper presents an effective and efficient scheme that can defend such DoS attack on broadcast authentication, and performance evaluation shows that the scheme is much more secure and efficient than an existing scheme.
Abstract: Security is critical for wireless sensor networks deployed in military, homeland security and other hostile environments. In this paper, we study a security issue related with broadcast in sensor networks. Due to the broadcast nature of wireless communications, often it is more efficient to broadcast packets to sensor nodes. Typically, broadcast authentication is achieved by digital signatures. Since digital signature operations are expensive for small sensor nodes, an attacker can launch a serious denial of service (DoS) attack. That is, an attacker may forge a large number of broadcast messages with digital signatures, and then force sensor nodes to verify these signatures, which can cause them run out of power. In this paper, we present an effective and efficient scheme that can defend such DoS attack on broadcast authentication. Our performance evaluation shows that the scheme is much more secure and efficient than an existing scheme.

Journal ArticleDOI
TL;DR: This correspondence analyzes security effects of using a key obtained from QC for authentication purposes in later rounds of QC and suggests a simple solution to this problem, and stresses usage of this or an equivalent extra security measure in QC.
Abstract: Unconditionally secure message authentication is an important part of quantum cryptography (QC). In this correspondence, we analyze security effects of using a key obtained from QC for authentication purposes in later rounds of QC. In particular, the eavesdropper gains partial knowledge on the key in QC that may have an effect on the security of the authentication in the later round. Our initial analysis indicates that this partial knowledge has little effect on the authentication part of the system, in agreement with previous results on the issue. However, when taking the full QC protocol into account, the picture is different. By accessing the quantum channel used in QC, the attacker can change the message to be authenticated. This, together with partial knowledge of the key, does incur a security weakness of the authentication. The underlying reason for this is that the authentication used, which is insensitive to such message changes when the key is unknown, becomes sensitive when used with a partially known key. We suggest a simple solution to this problem, and stress usage of this or an equivalent extra security measure in QC.

Proceedings ArticleDOI
11 Nov 2008
TL;DR: Although the protocols able to provide specific solution for RFID security and privacy problems, they fail to provide integrated solution and a survey to closely observe those protocols in terms of its focus and limitations is conducted.
Abstract: Security and privacy are the inherent problems in RFID communications. There are several protocols have been proposed to overcome those problems. Hash chain is commonly employed by the protocols to improve security and privacy for RFID authentication. Although the protocols able to provide specific solution for RFID security and privacy problems, they fail to provide integrated solution. This article is a survey to closely observe those protocols in terms of its focus and limitations.