A Light and Anonymous Three-Factor Authentication Protocol for Wireless Sensor Networks

Recently, wireless sensor networks (WSNs) have been widely used in a variety of fields, and make people’s lives more convenient and efficient. However, WSNs are usually deployed in a harsh and insecure environment. Furthermore, sensors with limited hardware resources have a low capacity for data processing and communication. For these reasons, research on efficient and secure real-time authentication and key agreement protocols based on the characteristics of WSNs has gradually attracted the attention of academics. Although many schemes have been proposed, most of them cannot achieve all known security features with satisfactory performance, among which anonymity, N-Factor security, and forward secrecy are the most vulnerable. In order to solve these shortcomings, we propose a new lightweight and anonymous three-factor authentication scheme based on symmetric cryptographic primitives for WSNs. By using the automated security verification tool ProVerif, BAN-logic verification, and an informal security analysis, we prove that our proposed scheme is secure and realizes all known security features in WSNs. Moreover, we show that our proposed scheme is practical and efficient through the comparison of security features and performance.

Pragmatic authenticated key agreement for IEEE Std 802.15.6

The IEEE Std 802.15.6 is the latest international standard for Wireless Body Area Networks. The security of communication in this standard is based upon four elliptic-curve-based key agreement protocols. These protocols have been shown to exhibit serious security vulnerabilities but surprisingly, do not provision any privacy guarantees. To date, no suitable key agreement protocol has been proposed which fulfills all the requisite objectives for IEEE Std 802.15.6. In this paper, two key agreement protocols are presented which, in addition to being efficient and provisioning advance security properties, also offer the essential privacy attributes of anonymity and unlinkability. We develop a formal security and privacy model in an appropriate complexity-theoretic framework and prove the proposed protocols secure in this model.

QuickSilver: modeling and parameterized verification for distributed agreement-based systems

The last decade has sparked several valiant efforts in deductive verification of distributed agreement protocols such as consensus and leader election. Oddly, there have been far fewer verification efforts that go beyond the core protocols and target applications that are built on top of agreement protocols. This is unfortunate, as agreement-based distributed services such as data stores, locks, and ledgers are ubiquitous and potentially permit modular, scalable verification approaches that mimic their modular design. We address this need for verification of distributed agreement-based systems through our novel modeling and verification framework, QuickSilver, that is not only modular, but also fully automated. The key enabling feature of QuickSilver is our encoding of abstractions of verified agreement protocols that facilitates modular, decidable, and scalable automated verification. We demonstrate the potential of QuickSilver by modeling and efficiently verifying a series of tricky case studies, adapted from real-world applications, such as a data store, a lock service, a surveillance system, a pathfinding algorithm for mobile robots, and more.

REDUCING OVERHEAD OF SELF-STABILIZING BYZANTINE AGREEMENT PROTOCOLS FOR BLOCKCHAIN USING HTTP/3 PROTOCOL: A PERSPECTIVE VIEW

Today, there is a tendency to reduce the dependence on local computation in favor of cloud computing. However, this inadvertently increases the reliance upon distributed fault-tolerant systems. In a condition that forced to work together, these systems often need to reach an agreement on some state or task, and possibly even in the presence of some misbehaving Byzantine nodes. Although non-trivial, Byzantine Agreement (BA) protocols now exist that are resilient to these types of faults. However, there is still a risk for inconsistencies in the application state in practice, even if a BA protocol is used. A single transient fault may put a node into an illegal state, creating a need for new self-stabilizing BA protocols to recover from illegal states. As self-stabilization often comes with a cost, primarily in the form of communication overhead, a potential lowering of latency - the cost of each message - could significantly impact how fast the protocol behaves overall. Thereby, there is a need for new network protocols such as QUIC, which, among other things, aims to reduce latency. In this paper, we survey current state-of-the-art agreement protocols. Based on previous work, some researchers try to implement pseudocode like QUIC protocol for Ethereum blockchain to have a secure network, resulting in slightly slower performance than the IP-based blockchain. We focus on consensus in the context of blockchain as it has prompted the development and usage of new open-source BA solutions that are related to proof of stake. We also discuss extensions to some of these protocols, specifically the possibility of achieving self-stabilization and the potential integration of the QUIC protocol, such as PoS and PBFT. Finally, further challenges faced in the field and how they might be overcome are discussed.

Privacy-Preserving Two-Factor Key Agreement Protocol Based on Chebyshev Polynomials

Two-factor authentication is one of the widely used approaches to allow a user to keep a weak password and establish a key shared with a server. Recently, a large number of chaotic maps-based authentication mechanisms have been proposed. However, since the Diffie–Hellman problem of the Chebyshev polynomials defined on the interval [−1,+1] can be solved by Bergamo et al.’s method, most of the secure chaotic maps-based key agreement protocols utilize the enhanced Chebyshev polynomials defined on the interval (−∞,+∞). Thus far, few authenticated key agreement protocols based on chaotic maps have been able to achieve user unlinkability. In this paper, we take the first step in addressing this problem. More specifically, we propose the notions of privacy in authenticated key agreement protocols: anonymity-alone, weak unlinkability, medium unlinkability, and strong unlinkability. Then, we construct two two-factor authentication schemes with medium unlinkability based on Chebyshev polynomials defined on the interval [−1,1] and (−∞,+∞), respectively. We do the formal security analysis of the proposed schemes under the random oracle model. In addition, the proposed protocols satisfy all known security requirements in practical applications. By using Burrows-Abadi-Needham logic (BAN-logic) nonce verification, we demonstrate that the proposed schemes achieve secure authentication. In addition, the detailed comparative security and performance analysis shows that the proposed schemes enable the same functionality but improve the security level.

Secure multiparty quantum key agreement against collusive attacks

Quantum key agreement enables remote participants to fairly establish a secure shared key based on their private inputs. In the circular-type multiparty quantum key agreement mode, two or more malicious participants can collude together to steal private inputs of honest participants or to generate the final key alone. In this work, we focus on a powerful collusive attack strategy in which two or more malicious participants in particular positions, can learn sensitive information or generate the final key alone without revealing their malicious behaviour. Many of the current circular-type multiparty quantum key agreement protocols are not secure against this collusive attack strategy. As an example, we analyze the security of a recently proposed multiparty key agreement protocol to show the vulnerability of existing circular-type multiparty quantum key agreement protocols against this collusive attack. Moreover, we design a general secure multiparty key agreement model that would remove this vulnerability from such circular-type key agreement protocols and describe the necessary steps to implement this model. The proposed model is general and does not depend on the specific physical implementation of the quantum key agreement.

A Lightweight Key Agreement Protocol with Authentication Capability

Computationally lightweight and unconditionally secure key agreement protocols are very useful for secure communication in public networks. Recently, Guan et al. proposed a key agreement protocol whose security is based on the unpredictability of channel noise rather than computationally hard problems. These protocols are efficient, computationally lightweight, and unconditionally secure. However, authentication was not integrated into these protocols. In this article, we propose a new protocol with authentication capability that enables two nodes in the network to establish a secret session key for secure communication. It is more efficient, and it also preserves the lightweight and unconditional secure features of the key agreement protocols proposed by Guan et al. Therefore, it is more suitable for devices with limited computing power, such as sensors in Internet of Things (IoT).