Nan Guo

Delegation-Based Mutual Authentication Scheme for Multi-operator Wireless Mesh Network

In order to establish secure access for multi-operator wireless mesh network (WMN), this paper proposes a delegation-based authentication scheme under broker-based hierarchical security architecture and trust model. Mutual authentication is achieved directly between mesh client and access mesh router though ticket which is equipped with identity-based proxy signature. Fast authentication for different roaming scenarios is supported by using HMAC operations on both mesh client side and mesh router side. As a byproduct, key agreement among participants is also implemented to protect the subsequent communications. Security analysis demonstrates that our proposed scheme is resilient to various kinds of attacks.

An Emergency Communication System Based on UAV-assisted Self-Organizing Network

Emergency Communication System (ECS) becomes more and more important for certain emergency situations such as the affected mountainous areas, temporary battlefield, or filed of fire. Self-organizing network is proverbially adopted by ECS due to its flexible and robust architecture. However, the moving range and mode of mobile node in self-organizing network, especially mobile gateway, constrain the coverage and adaptability of self-organizing network in ECS. In this paper, we design an ECS based on UAV-assisted self-organizing network, which helps nodes on the ground form a self-organizing network automatically. In addition, the system adopts UAV as strong relay nodes to form relay network in the air. We also add some humanized functions in the system to adapt to the needs of different environment, which includes positioning and messages pushing service. The proposed ECS can be easily deployed in the emergency environment and owes high communication efficiency.

A Hybrid Approach to Secure Hierarchical Mobile IPv6 Networks

Establishing secure access and communications in a hierarchical mobile IPv6 (HMIPv6) network, when a mobile node is roaming into a foreign network, is a challenging task and has so far received little attention. Existing solutions are mainly based on public key infrastructure (PKI) or identity-based cryptography (IBC). However, these solutions suffer from either efficiency or scalability problems. In this paper, we leverage the combination of PKI and certificate-based cryptography and propose a hierarchical security architecture for the HMIPv6 roaming service. Under this architecture, we present a mutual authentication protocol based on a novel cross-certificate and certificate-based signature scheme. Mutual authentication is achieved locally during the mobile node’s handover. In addition, we propose a key establishment scheme and integrate it into the authentication protocol which can be utilized to set up a secure channel for subsequent communications after authentication. As far as we know, our approach is the first addressing the security of HMIPv6 networks using such a hybrid approach. In comparison with PKI-based and IBCbased schemes, our solution has better overall performance in terms of authenticated handover latency.

Anonymous Credential-Based Privacy-Preserving Identity Verification for Business Processes

During the execution of a business process users need to be authenticated by multiple component service providers, while their identities need to be shared and propagated across multi-domain in a privacy-preserving fashion. An anonymous credential-based identity verification scheme is proposed to address privacy issue. Users establish trust relationship with the federation by running the enrollment protocol, which is based on zero-knowledge proof of a set of committed attributes. The IdP cannot learn identity-related information about the user. Anonymous credentials issued by the IdP allow users to selectively disclose attributes as required and prove them in an untraceable and unlinkable way, where the IdP cannot trace the showing of credential and component service providers cannot address multiple transactions to the same user even if they collude either. With the proposed attributes proof protocols, users can prove AND and OR relation over multiple attributes, and interval and inequality relation over a single attribute as well.

PPS: A privacy-preserving security scheme for multi-operator wireless mesh networks with enhanced user experience

Multi-operator wireless mesh networks (WMNs) have attracted increasingly attentions as a low-cost accessing approach for future large-scale mobile network. Security and privacy are two important objectives during the deployment of multi-operator WMNs. Despite the necessity, limited literature research takes both privacy and user experience into account. This motivates us to develop PPS, a novel privacy-preserving security scheme, for multi-operator WMNs. On one hand, most of the privacy needs are satisfied with the hybrid utilization of a tri-lateral pseudonym and a ticket based on proxy blind signature. On the other hand, the sophisticated unlinkability is implemented where mobile user is able to keep his pseudonym unchanged within the same operator in order to gain better user experience. PPS is presented as a suite of authentication and key agreement protocols built upon the proposed three-tire hierarchical network architecture. Our analysis demonstrates that PPS is secure and outperforms other proposal in terms of communication and computation overhead.

Anonymous Authentication Scheme Based on Proxy Group Signature for Wireless MESH Network

Wireless MESH Network (WMN) has become an important technology and has been widely deployed due to its simplicity, low cost, and flexibility in implementation. WMN is a wireless multi-hop network, therefore the privacy protection is extremely important. This paper proposes an anonymous access authentication scheme based on the proxy group signature. The scheme completely protects users privacy during authentication. In order to improve the efficiency of our scheme, we further adopt certificate-based signature mechanism to design a highly efficient handover authentication protocol. Finally, we show the security analysis of our scheme.

LEAS: Localized efficient authentication scheme for multi-operator wireless mesh network with identity-based proxy signature

Abstract Aiming at establishing secure access and communications for a multi-operator wireless mesh network (WMN), this paper proposes a localized efficient authentication scheme (LEAS) under a broker-based hierarchical security architecture and trust model. Mutual authentication is achieved directly between mesh client and access mesh router through a ticket which is equipped with an identity-based proxy signature. Fast authentication for different roaming scenarios is supported by using HMAC operations on both the mesh client side and mesh router side. As a byproduct, key agreement among network entities is also implemented to protect the subsequent communications after authentication. Our performance and security analysis demonstrate that LEAS is efficient and resilient to various kinds of attacks.

An anonymous access authentication scheme for vehicular ad hoc networks under edge computing

With the rapid booming of intelligent traffic system, vehicular ad hoc networks have attracted wide attention from both academic and industry. However, security is the main obstacle for the wide deployment of vehicular ad hoc networks. Vehicular ad hoc networks security has two critical issues: access authentication and privacy preservation. How to ensure privacy preservation and improve the efficiency of authentication has become the urgent needs. However, the existing access authentication schemes for vehicular ad hoc networks with different flaws cannot maintain the balance between security and efficiency. Thus, an anonymous access authentication scheme for vehicular ad hoc networks under edge computing based on ID-based short group signature mechanism is proposed in this article to improve the efficiency and anonymity of access authentication. Multiple pseudonyms are presented to preserve the privacy of vehicle node. Besides, a new method is designed to identify and revoke malicious vehicles in the evaluation manner. The core protocols of the proposed scheme are proved to be secure by SVO logic. According to the computation cost and transmission overhead analysis, we indicate that our scheme owns better performance. Moreover, in this article, we combine vehicular ad hoc networks with edge computing together to provide a new clue for the development of mobile edge computing.

An Anonymous Access Authentication Scheme for VANETs Based on ISGS

With the rapid warming of intelligent traffic, VANETs is becoming a research hotspot. The access authentication and privacy preservation are the foundation of VANETs security. How to improve the efficiency of access authentication and guarantee the anonymity of the user has become an urgent needs. In this paper, we propose an anonymous access authentication scheme for VANETs based on identity-based short group signature mechanism (ISGS) to improve the efficiency of access authentication. Multiple pseudonyms mechanism is introduced to guarantee the privacy of user. In addition, the evaluation mechanism is designed for the identification and revocation of malicious nodes. Through performance analysis, we demonstrate that our scheme is efficient.

An Anonymous Authentication Scheme Based on Group IBS for PMIPv6 Network

With the rapid development of network infrastructure and the explosive growth of mobile devices, the construction of network architecture has been paid more and more attention, in which PMIPv6 network with its shorter handover delay and lower signaling overhead becomes one of the current research’s hotspots. However, most scholars’ research focus on the efficiency and security of the authentication process between the mobile node and the access network, while ignoring the privacy issues during authentication which may cause great impact for mobile users. In this paper, we put forward an anonymous authentication scheme for PMIPv6 based on group IBS. The scheme is equipped with pseudonyms and several salient authentication protocols. Brief analysis shows that the proposed scheme is more efficient than the typical ones.