Anmin Fu

A Fast Handover Authentication Mechanism Based on Ticket for IEEE 802.16m

IEEE 802.16 m is now under consideration by the ITU to become the IMT-Advanced standard. However, handover authentication is a critical issue in this area. In this letter, we propose a fast handover authentication mechanism based on ticket for IEEE 802.16 m. The credential ticket of Mobile Station (MS) is issued by the access Base Station (BS) using a multi-BS group key during the initial authentication. When the MS moves from the service BS to a target BS, it can show its ticket to the target BS and this BS can authenticate the MS without communicating with any other third party (e.g., previous BS and authentication server). Our analysis shows that the proposed scheme meets the security requirements in handover authentication semantics and provides robust efficiency in terms of communication overhead and computational cost.

An efficient handover authentication scheme with privacy preservation for IEEE 802.16m network

IEEE 802.16m is now under consideration by the International Telecommunication Union (ITU) to become the International Mobile Telecommunications (IMT)-Advanced standard. However, seamless and secure handover is one of the most challenging issues. Taking as reference our previous work, this paper presents a privacy-preserving fast handover authentication scheme based on pseudonym for IEEE 802.16m network. Since Mobile Station (MS) only provides a pseudonym in the initial authentication phase and changes its pseudonym in each handover authentication phase, this can protect the MSs identity privacy and allow MS to be untraceable. Moreover, each pseudonym is corresponding to a credential ticket generated by the previous service Base Station (BS) using a multi-BS group key, thus MS and the target BS can easily accomplish mutual authentication. In addition, our theoretical analysis and simulation indicate that our scheme outperforms previously reported schemes in terms of computation and communication overhead.

A Privacy Preserving Handover Authentication Scheme for EAP-Based Wireless Networks

Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. Due to the involvement of an EAP server and several round trips between a mobile node (MN) and the EAP server, a full EAP authentication takes about 1000ms which is unacceptable in a handover process. This paper proposes a privacy preserving handover authentication scheme for EAP-based wireless networks. We use the proxy signature scheme to accomplish authentication between MN and an access point (AP) without involving the third party. The detailed security analysis shows that our scheme can achieve the privacy preserving and forward/backward security. In addition, we evaluate the latency performance of the proposed scheme by the analysis and simulation. The results demonstrate that our scheme is more efficient in terms of computation and communication overheads.

RepHi: A novel attack against P2P reputation systems

Reputation systems are having increasing influence on guarding P2P networks. However, reputation systems themselves are vulnerable to attack. Due to the nature of aggregating ratings, the reputation scores of certain peers can be manipulated intentionally by adversaries. In this paper, we report the discovery of a novel attack, named RepHi (Reputation Hijack), against rating-based reputation systems, such as those used in P2P networks. In RepHi, attackers disguise as routers to hijack and modify ratings. This attack can cause multi-dimensional damage, that is, undermining reputation systems, manipulating reputation and hurting the credibility of raters. We conduct an investigation on RepHi, including basic ideas and case studies. Compared with other known attacks, the RepHi attackers require less efforts to achieve the similar goals.

A privacy-preserving group authentication protocol for machine-type communication in LTE/LTE-A networks

Machine-type communication MTC is a very important application of the Internet of things. It has a vast market and application scenarios. However, supporting a large number of low-power devices transmission is an important issue in long-term evolution/long-term evolution advanced LTE/LTE-A networks. Specifically, when a large number of machine-type communication devices MTCDs with low-power consumption requirements simultaneously request access to the LTE/LTE-A networks, each MTCD needs an independent complete access authentication process with core network, which may cause a serious signaling congestion in the core network. To solve this problem, in this paper, we propose a novel group authentication protocol with privacy-preserving for MTC in the LTE/LTE-A networks. The proposed protocol cannot only simultaneously authenticate a group of MTCDs and minimize the signaling overhead but also provide robust privacy-preserving for each MTCD including anonymity, unlinkability, and traceability. In particular, our scheme can avoid denial of service attack by filtering some illegal devices in the first four procedures of the mutual authentication. Moreover, our scheme fulfills all the security requirements of the MTC in LTE/LTE-A networks. In addition, the formal verification by the ProVerif tool shows that the proposed scheme is secure against various malicious attacks, and the performance evaluation indicates that it achieves outstanding results in terms of signaling and computation overhead. Copyright

GHAP: An Efficient Group-based Handover Authentication Mechanism for IEEE 802.16m Networks

IEEE 802.16m is now under consideration by the International Telecommunication Union (ITU) to become the International Mobile Telecommunications (IMT)-Advanced standard. However, handover authentication is a critical issue in this area. In this paper, we propose an efficient group-based handover authentication mechanism, named as GHAP, for correlated mobile stations (MSs) in IEEE 802.16m networks. In our scheme, the correlated MSs who have the similar Signal to Interference-plus-Noise Ratio and history handover information etc. are divided into the same handover group. When the first MS of the handover group members moves from the service base station (BS) to a target BS, the service BS transmits all the handover group members’ security context to the target BS utilizing the security context transfer (SCT) method and then all these MSs in the same handover group can easily perform the handover authentication with the target BS. Different from the conventional SCT schemes, our scheme uses the MSs’ security context as a symmetric key of Cipher-based message authentication code (CMAC) but not the key material of deriving new session key. Therefore, the proposed scheme can effectively resist the domino effect existing in the previous SCT schemes. Moreover, security analysis shows that the proposed scheme also meets the other security requirements in handover authentication semantics. Furthermore, performance analysis demonstrates that the proposed scheme is very efficient in reducing average handover latency.

An efficient handover authentication scheme with location privacy preserving for EAP-based wireless networks

In this paper, we propose a handover authentication scheme with location privacy preserving based on the proxy ring signature scheme for EAP-based wireless networks. First, we integrate an efficient ring signature and a proxy signature into a proxy ring signature scheme, which allows the mobile node (MN) to be authenticated without revealing its identity and location privacies due to the inherent anonymity of the proxy ring signature. Second, our scheme only requires point multiplication operations on the resource-constraints MN, thus, it is suitable for low-power mobile devices in the wireless networks. Finally, an extensive simulation is given to validate the performance of the proposed scheme. The results demonstrate that our scheme is relatively efficient in terms of computation and communication overhead.

Fast and Secure Handover Authentication Scheme Based on Ticket for WiMAX and WiFi Heterogeneous Networks

Integrated WiMAX and WiFi networks is of great potential for the future due to the wider coverage of WiMAX and the high data transport capacity of WiFi. However, seamless and secure handover (HO) is one of the most challenging issues in the WiMAX and WiFi heterogeneous networks. In this paper, we present a fast and secure HO authentication scheme based on credential ticket for WiMAX and WiFi heterogeneous networks. In the proposed scheme, Mobile Station (MS) shows its corresponding credential ticket generated by the previously visited Base Station (BS)/Access Point (AP) to the target BS/AP whenever an HO occurs, and then the MS and target BS/AP can complete the mutual authentication and derive their shared session key without interacting with the Authentication, Authorization, and Accounting server, which significantly reduces the HO authentication delay. Moreover, our scheme fulfills the essential security requirements in HO authentication semantics and the formal verification by the AVISPA tool shows that the proposed scheme is secure against various malicious attacks. In addition, the theoretical analysis and simulation indicate that our scheme outperforms the existing HO authentication schemes in terms of communication and computation cost.

Privacy-preserving public auditing for non-manager group

Cloud data privacy-preserving and integrity verification have become major research areas. Many existing schemes use group signatures to make sure that the data stored in cloud is unbroken for the purpose of privacy and anonymity. However, group signatures do not consider user equality and the framing caused by manager. Therefore, we propose data sharing scheme for non-manager groups, which reconstructs democratic group signature with threshold traceability to homomorphic authentication. We further present a public auditing scheme for non-manager shared data. In our scheme, group managers rights are distributed to all members equally and some of them can work together to trace the signer if it is necessary. Besides identity privacy, data privacy, traceability and non-frameability, our scheme also ensures the efficiency and the feasibility. The experimental results show the overhead of the auditing is independent of the group user numbers and effectiveness of our approach. And thanks to the low overhead, our scheme can be further used in mobile cloud storage.

A Privacy Preserving Vertical Handover Authentication Scheme for WiMAX-WiFi Networks

Integrated WiMAX and WiFi networks is of great potential for the future due to the wider coverage of WiMAX and the high data transport capacity of WiFi. However, seamless and secure handover (HO) is one of the most challenging issues in this field. In this paper, we present a novel vertical HO authentication scheme with privacy preserving for WiMAX-WiFi heterogeneous networks. Our scheme uses ticket-based and pseudonym-based cryptographic methods to secure HO process and to achieve high efficiency. The formal verification by the AVISPA tool shows that the proposed scheme is secure against various malicious attacks and the simulation result indicates that it outperforms the existing schemes in terms of communication and computation cost.