- The document proposes a new type of authentication called group authentication that authenticates all users in a group at once.
- During registration with a group manager, each user obtains a unique token. Users can present their tokens to determine if they belong to the same group without revealing identities.
- Two group authentication protocols are proposed: 1) a basic one-time protocol where tokens are revealed, allowing single use, and 2) an improved protocol where tokens are not revealed by using properties of secret sharing to authenticate users multiple times.
A Survey of Source Authentication Schemes for Multicast transfer in Adhoc Net...ijsrd.com
An adhoc network is a collection of autonomous nodes with dynamically changing infrastructure. Multicast is a good mechanism for group communication. It can be used in the group oriented applications like video/audio conference, interactive group games, video on demand etc. The security problems obstruct the large deployment of the multicast communication model. Multicast data origin authentication is the main component in the security architecture. The authentication schemes should scalable and efficient against packet loss. In this article we discuss varies authentication scheme for multicast data origin with their advantage and disadvantage
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICESnexgentechnology
This document proposes a user-defined privacy grid system called Dynamic Grid System (DGS) to provide privacy-preserving location-based services. DGS uses a semi-trusted third party called a query server to process user requests while preserving the privacy of user locations. It divides query processing between the query server and service provider. Experimental results show DGS is more efficient than existing techniques requiring a fully-trusted third party, providing better privacy guarantees with lower communication and computation costs.
Privacy Preserving Reputation Calculation in P2P Systems with Homomorphic Enc...IJCNCJournal
This document discusses a method for privacy-preserving reputation calculation in peer-to-peer systems using homomorphic encryption. Specifically, it proposes:
1) Extending the EigenTrust reputation system to calculate node reputations in a distributed manner while preserving evaluator privacy. It does this by successively updating encrypted reputation values through calculation to reflect trust values without disclosing the original values.
2) Improving calculation efficiency by offloading parts of the task to participating nodes and using different public keys during calculation to improve robustness against node churn.
3) Evaluating the performance of the proposed method, finding it reduces maximum circulation time for aggregating multiplication results by half, reducing computation time per round. The privacy preservation cost scales
Secure routing path using trust values forijcisjournal
Traditional cryptography-based security mechanisms such as authentication and authorization are not
effective against insider attacks like wormhole, sinkhole, selective forwarding attacks, etc., Trust based
approaches have been widely used to counter insider attacks in wireless sensor networks. It provides a
quantitative way to evaluate the trustworthiness of sensor nodes. An untrustworthy node can wreak
considerable damage and adversely affect the quality and reliability of data. Therefore, analyzing the trust
level of a node is important. In this paper we focused about indirect trust mechanism, in which each node
monitors the forwarding behavior of its neighbors in order to detect any node that behaves selfishly and
does not forward the packets it receives. For this, we used a link state routing protocol based indirect
trusts which forms the shortest route and finds the best trustworthy route among them by comparing the
values of all the calculated route trusts as for each route present in the network. And finally, we compare
our work with similar routing protocols and show its advantages over them.
The document summarizes a technical seminar presentation on a mutual trust based access control model (MTBAC) for cloud computing. The presentation covers: (1) introducing the need for access control in cloud computing environments; (2) surveying existing trust and access control models; (3) proposing a mutual trust model between cloud users and service nodes based on direct experience and recommendations; and (4) describing the MTBAC access control model and simulations showing its improved performance over other models. The presentation concludes that MTBAC is well-suited for the uncertain and dynamic nature of cloud computing by considering both user and service node trust levels.
A new ids scheme against blackhole attack to enhance security in wireless net...eSAT Journals
Abstract The aim of this paper is to protect the wireless network against the blackhole attack. Blackhole attack, as the name suggest, drops all the packets forwarded to it. In this paper, we have proposed an intrusion detection system (IDS) scheme to detect the malicious node (blackhole node) and to nullify its effect in the network. The proposed IDS scheme in the presence of blackhole attack gives approximately similar result as that of in the absence of attack. The network comprises for the three modules (i) Default AODV, (ii) AODV in the presence of blackhole attack and (iii) IDS scheme in the presence of attack by considering some parameters such as end to end delay, throughput, packet delivery ratio, normalized routing load etc. The proposed algorithm has been simulated on Network Simulator version-2 (NS-2). Key Words: AODV, Blackhole attack, DSN, IDS scheme, routing misbehavior, security
A Cooperative Peer Clustering Scheme for Unstructured Peer-to-Peer Systemsijp2p
This document summarizes a research paper that proposes a cooperative peer clustering scheme for unstructured peer-to-peer networks. The proposed scheme aims to improve search performance by identifying critical links between peers and allowing local reconfiguration while incorporating a retaliation rule to encourage cooperation. Simulation results indicate the proposed scheme improves search hit rates over previous schemes, and cooperative peers receive higher profits than selfish peers.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...Nexgen Technology
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
A Survey of Source Authentication Schemes for Multicast transfer in Adhoc Net...ijsrd.com
An adhoc network is a collection of autonomous nodes with dynamically changing infrastructure. Multicast is a good mechanism for group communication. It can be used in the group oriented applications like video/audio conference, interactive group games, video on demand etc. The security problems obstruct the large deployment of the multicast communication model. Multicast data origin authentication is the main component in the security architecture. The authentication schemes should scalable and efficient against packet loss. In this article we discuss varies authentication scheme for multicast data origin with their advantage and disadvantage
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICESnexgentechnology
This document proposes a user-defined privacy grid system called Dynamic Grid System (DGS) to provide privacy-preserving location-based services. DGS uses a semi-trusted third party called a query server to process user requests while preserving the privacy of user locations. It divides query processing between the query server and service provider. Experimental results show DGS is more efficient than existing techniques requiring a fully-trusted third party, providing better privacy guarantees with lower communication and computation costs.
Privacy Preserving Reputation Calculation in P2P Systems with Homomorphic Enc...IJCNCJournal
This document discusses a method for privacy-preserving reputation calculation in peer-to-peer systems using homomorphic encryption. Specifically, it proposes:
1) Extending the EigenTrust reputation system to calculate node reputations in a distributed manner while preserving evaluator privacy. It does this by successively updating encrypted reputation values through calculation to reflect trust values without disclosing the original values.
2) Improving calculation efficiency by offloading parts of the task to participating nodes and using different public keys during calculation to improve robustness against node churn.
3) Evaluating the performance of the proposed method, finding it reduces maximum circulation time for aggregating multiplication results by half, reducing computation time per round. The privacy preservation cost scales
Secure routing path using trust values forijcisjournal
Traditional cryptography-based security mechanisms such as authentication and authorization are not
effective against insider attacks like wormhole, sinkhole, selective forwarding attacks, etc., Trust based
approaches have been widely used to counter insider attacks in wireless sensor networks. It provides a
quantitative way to evaluate the trustworthiness of sensor nodes. An untrustworthy node can wreak
considerable damage and adversely affect the quality and reliability of data. Therefore, analyzing the trust
level of a node is important. In this paper we focused about indirect trust mechanism, in which each node
monitors the forwarding behavior of its neighbors in order to detect any node that behaves selfishly and
does not forward the packets it receives. For this, we used a link state routing protocol based indirect
trusts which forms the shortest route and finds the best trustworthy route among them by comparing the
values of all the calculated route trusts as for each route present in the network. And finally, we compare
our work with similar routing protocols and show its advantages over them.
The document summarizes a technical seminar presentation on a mutual trust based access control model (MTBAC) for cloud computing. The presentation covers: (1) introducing the need for access control in cloud computing environments; (2) surveying existing trust and access control models; (3) proposing a mutual trust model between cloud users and service nodes based on direct experience and recommendations; and (4) describing the MTBAC access control model and simulations showing its improved performance over other models. The presentation concludes that MTBAC is well-suited for the uncertain and dynamic nature of cloud computing by considering both user and service node trust levels.
A new ids scheme against blackhole attack to enhance security in wireless net...eSAT Journals
Abstract The aim of this paper is to protect the wireless network against the blackhole attack. Blackhole attack, as the name suggest, drops all the packets forwarded to it. In this paper, we have proposed an intrusion detection system (IDS) scheme to detect the malicious node (blackhole node) and to nullify its effect in the network. The proposed IDS scheme in the presence of blackhole attack gives approximately similar result as that of in the absence of attack. The network comprises for the three modules (i) Default AODV, (ii) AODV in the presence of blackhole attack and (iii) IDS scheme in the presence of attack by considering some parameters such as end to end delay, throughput, packet delivery ratio, normalized routing load etc. The proposed algorithm has been simulated on Network Simulator version-2 (NS-2). Key Words: AODV, Blackhole attack, DSN, IDS scheme, routing misbehavior, security
A Cooperative Peer Clustering Scheme for Unstructured Peer-to-Peer Systemsijp2p
This document summarizes a research paper that proposes a cooperative peer clustering scheme for unstructured peer-to-peer networks. The proposed scheme aims to improve search performance by identifying critical links between peers and allowing local reconfiguration while incorporating a retaliation rule to encourage cooperation. Simulation results indicate the proposed scheme improves search hit rates over previous schemes, and cooperative peers receive higher profits than selfish peers.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...Nexgen Technology
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsEswar Publications
The available key agreement schemes using number theoretic, elliptic curves etc are common for cryptanalysts and associated security is vulnerable. This vulnerability further increases when we talk about modern efficient computers. So there is a need of providing new mechanism for key agreement with different properties so intruders get surprised and communication scenarios becomes stronger than before. In this paper, we propose a key agreement protocol which works in a non commutative group. We prove that our protocol meets the desired security attributes under the assumption that Conjugacy Search Problem and Decomposition Problem are hard in non commutative groups.
This document proposes a trust-based routing algorithm for mobile ad-hoc networks (MANETs) to detect and eliminate malicious nodes. The algorithm quantifies each node's trustworthiness based on its past behavior forwarding data. Nodes that reliably forward data in the past receive higher trust ratings, while nodes that drop or hinder data receive lower ratings. When selecting the next node to forward data to, a node will choose the one with the highest trust rating. This isolates malicious nodes with low ratings over time, improving network efficiency. The algorithm is evaluated against the traditional AODV routing protocol, showing it can reduce delays and improve delivery rates especially as the number of malicious nodes increases.
ATMC: Anonymity and Trust Management Scheme Applied to Clustered Wireless Sen...IDES Editor
Wireless Sensor Networks consists of sensor nodes
that are capable of sensing the information and maintaining
security. In this paper, an Anonymity and Trust Management
Scheme applied to Clustered Wireless Sensor Networks
(ATMC) is proposed which enhances the security level. It also
provides a stable path for communication. It is observed that
the performance of the network is better than existing schemes
through simulation
INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...ijp2p
In this paper we are providing a implementation details about simulated solution of stealthy packet drop
attack. Stealthy packet drop attack is a suite of four attack types, includes colluding collision, packet
misrouting, identity delegation and power control. Stealthy packet drop attacks disrupts the packet from
reaching to it’s destination through malicious behaviour. These attacks can be easily breakdown the
multi-hop wireless ad-hoc networks. Most widely preferred method for detecting attacks in wireless
network is behaviour based detection method. In this method a normal network overhears
communication from its neighbourhood. Here we are implementing a SADEC protocol which is
proposed solution of stealthy packet drop attacks. SADEC overlaid the base line local monitoring. In
base line local monitoring each neighbour maintains additional information about routing path also it
adds some checking responsibility to all its neighbours. SADEC proves more efficient than baseline local
monitoring to mitigate successfully all the stealthy attack types.
IRJET - Hash Functions and its Security for SnagsIRJET Journal
This document provides an overview of cryptographic hash functions, including their structure, properties, and selections in previous research projects. It discusses the Merkle-Damgard and sponge constructions commonly used to design hash functions. The document also summarizes the hash functions evaluated and selected in the NESSIE and CRYPTREC projects, such as Whirlpool, SHA-256, and SHA-512 in NESSIE and MD5, RIPEMD-160, and SHA-1 in CRYPTREC.
Different types of Authentications described in different scenarios. Basically a survey paper on Different kinds of authentications in different scenarios.
ELLIPTIC CURVE CRYPTOGRAPHY IN SECURING NETWORKS BY MOBILE AUTHENTICATIONijcisjournal
This paper proposes an enhanced authentication model, which is suitable for low-power mobile devices. It
uses an Extended Password Key Exchange Protocols [2] and elliptic-curve-cryptosystem based trust
delegation mechanism to generate a delegation pass code for mobile station authentication, and it can
effectively defend all known attacks to mobile networks including the denial-of-service attack. Moreover,
the mobile station only needs to receive one message and send one message to authenticate itself to a
visitor’s location register, and the model only requires a single elliptic-curve scalar point multiplication on
a mobile device. Therefore, this model enjoys both computation efficiency and communication efficiency as
compared to known mobile authentication models.
Comprehensive Study of Counter-acting Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
This document summarizes various approaches for providing security in mobile ad hoc networks (MANETs). It discusses solutions that use cryptography and public/private keys to secure routing, as well as approaches based on trust, observation, and reputation. It also reviews methods for detecting node capture attacks and forged routing messages. The document surveys the strengths and limitations of different secure methods and their tradeoffs between security and efficiency.
A Proxy signature scheme enables a proxy signer to sign a message on behalf of
the original signer. In this paper, we propose ECDLP based solution for chen et. al [1]
scheme. We describe efficient and secure Proxy multi signature scheme that satisfy all the
proxy requirements and require only elliptic curve multiplication and elliptic curve addition
which needs less computation overhead compared to modular exponentiations also our
scheme is withstand against original signer forgery and public key substitution attack.
Efficient Data Mining Of Association Rules in Horizontally Distributed Databasesijircee
This document proposes a protocol to securely mine association rules from horizontally distributed databases in a privacy-preserving manner. The key aspects of the protocol are:
1) It uses a novel secure multi-party protocol to compute the union of private subsets held by different players, improving on prior work by avoiding commutative encryption and oblivious transfer.
2) It includes a protocol to test if an element held by one player is contained within a private subset held by another player.
3) Experimental results show the protocol has significantly lower communication and computation costs than prior work, while still protecting individual player's privacy beyond just the final mining results.
Oruta: Privacy-Preserving Public Auditing for Shared Data in the CloudMigrant Systems
This document proposes a new mechanism called Oruta that allows privacy-preserving public auditing of shared data stored in the cloud. It utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data for a group of users without revealing the identity of the signer on each data block. Oruta also supports batch auditing of multiple datasets and fully dynamic operations on shared data through the use of index hash tables. The mechanism aims to achieve public auditing, correctness, unforgeability, and identity privacy during the auditing process.
IRJET- Blockchain-A Secure Mode for TransactionIRJET Journal
The document discusses using blockchain technology to securely process banking transactions. Blockchain uses cryptography to connect blocks in a chain, creating a decentralized and tamper-resistant ledger. This allows transactions to be processed faster, more efficiently and securely without a central authority. The proposed system would use blockchain for banking transactions like account creation, fund transfers, and checking transaction histories. It would provide security through cryptographic hashing, transaction verification across nodes, and use of digital signatures. This could make current banking systems more secure, efficient and reduce fraud compared to centralized databases.
With cloud storage services, it is commonplace for data to be not only stored in the cloud, but also shared across multiple users. However, public auditing for such shared data — while preserving identity privacy — remains to be an open challenge. In this paper, we propose the first privacy-preserving mechanism that allows public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute the verification information needed to audit the integrity of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from a third party auditor (TPA), who is still able to publicly verify the integrity of shared data without retrieving the entire file. Our experimental results demonstrate the effectiveness and efficiency of our proposed mechanism when auditing shared data.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A SECURE KEY COMPUTATION PROTOCOL FOR SECURE GROUP COMMUNICATION WITH PASSWOR...cscpconf
Providing security in group communication is more essential in this new network environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner. Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that only authorized group members will be able to computer and retrieve the secret key and unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the pair generated for the computation of key is also very strong since the cryptographic techniques are used which provides efficient computation.
A secure key computation protocol for secure group communication with passwor...csandit
Providing security in group communication is more essential in this new network
environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol
that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner.
Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that
only authorized group members will be able to computer and retrieve the secret key and
unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and
relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the
pair generated for the computation of key is also very strong since the cryptographic
techniques are used which provides efficient computation.
Enhanced security for non English users of Wireless Sensor NetworksEswar Publications
Wireless Sensor Networks is an infrastructure less, self-configured, reprogrammable, energy-aware network used
in various applications. Many networks works on security of data including mainly ASCII values but not the non English end users. BDNA cryptography describes how to encrypt non English patterns but which leads to propagation of more bits transmitted means indirectly consumes more energy in WSN. In this we propose new steps to reduce the transmission of more bytes in the network. This gives high propagation speed in the network with minimum hash overhead.
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsEswar Publications
The available key agreement schemes using number theoretic, elliptic curves etc are common for cryptanalysts and associated security is vulnerable. This vulnerability further increases when we talk about modern efficient computers. So there is a need of providing new mechanism for key agreement with different properties so intruders get surprised and communication scenarios becomes stronger than before. In this paper, we propose a key agreement protocol which works in a non commutative group. We prove that our protocol meets the desired security attributes under the assumption that Conjugacy Search Problem and Decomposition Problem are hard in non commutative groups.
This document proposes a trust-based routing algorithm for mobile ad-hoc networks (MANETs) to detect and eliminate malicious nodes. The algorithm quantifies each node's trustworthiness based on its past behavior forwarding data. Nodes that reliably forward data in the past receive higher trust ratings, while nodes that drop or hinder data receive lower ratings. When selecting the next node to forward data to, a node will choose the one with the highest trust rating. This isolates malicious nodes with low ratings over time, improving network efficiency. The algorithm is evaluated against the traditional AODV routing protocol, showing it can reduce delays and improve delivery rates especially as the number of malicious nodes increases.
ATMC: Anonymity and Trust Management Scheme Applied to Clustered Wireless Sen...IDES Editor
Wireless Sensor Networks consists of sensor nodes
that are capable of sensing the information and maintaining
security. In this paper, an Anonymity and Trust Management
Scheme applied to Clustered Wireless Sensor Networks
(ATMC) is proposed which enhances the security level. It also
provides a stable path for communication. It is observed that
the performance of the network is better than existing schemes
through simulation
INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...ijp2p
In this paper we are providing a implementation details about simulated solution of stealthy packet drop
attack. Stealthy packet drop attack is a suite of four attack types, includes colluding collision, packet
misrouting, identity delegation and power control. Stealthy packet drop attacks disrupts the packet from
reaching to it’s destination through malicious behaviour. These attacks can be easily breakdown the
multi-hop wireless ad-hoc networks. Most widely preferred method for detecting attacks in wireless
network is behaviour based detection method. In this method a normal network overhears
communication from its neighbourhood. Here we are implementing a SADEC protocol which is
proposed solution of stealthy packet drop attacks. SADEC overlaid the base line local monitoring. In
base line local monitoring each neighbour maintains additional information about routing path also it
adds some checking responsibility to all its neighbours. SADEC proves more efficient than baseline local
monitoring to mitigate successfully all the stealthy attack types.
IRJET - Hash Functions and its Security for SnagsIRJET Journal
This document provides an overview of cryptographic hash functions, including their structure, properties, and selections in previous research projects. It discusses the Merkle-Damgard and sponge constructions commonly used to design hash functions. The document also summarizes the hash functions evaluated and selected in the NESSIE and CRYPTREC projects, such as Whirlpool, SHA-256, and SHA-512 in NESSIE and MD5, RIPEMD-160, and SHA-1 in CRYPTREC.
Different types of Authentications described in different scenarios. Basically a survey paper on Different kinds of authentications in different scenarios.
ELLIPTIC CURVE CRYPTOGRAPHY IN SECURING NETWORKS BY MOBILE AUTHENTICATIONijcisjournal
This paper proposes an enhanced authentication model, which is suitable for low-power mobile devices. It
uses an Extended Password Key Exchange Protocols [2] and elliptic-curve-cryptosystem based trust
delegation mechanism to generate a delegation pass code for mobile station authentication, and it can
effectively defend all known attacks to mobile networks including the denial-of-service attack. Moreover,
the mobile station only needs to receive one message and send one message to authenticate itself to a
visitor’s location register, and the model only requires a single elliptic-curve scalar point multiplication on
a mobile device. Therefore, this model enjoys both computation efficiency and communication efficiency as
compared to known mobile authentication models.
Comprehensive Study of Counter-acting Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
This document summarizes various approaches for providing security in mobile ad hoc networks (MANETs). It discusses solutions that use cryptography and public/private keys to secure routing, as well as approaches based on trust, observation, and reputation. It also reviews methods for detecting node capture attacks and forged routing messages. The document surveys the strengths and limitations of different secure methods and their tradeoffs between security and efficiency.
A Proxy signature scheme enables a proxy signer to sign a message on behalf of
the original signer. In this paper, we propose ECDLP based solution for chen et. al [1]
scheme. We describe efficient and secure Proxy multi signature scheme that satisfy all the
proxy requirements and require only elliptic curve multiplication and elliptic curve addition
which needs less computation overhead compared to modular exponentiations also our
scheme is withstand against original signer forgery and public key substitution attack.
Efficient Data Mining Of Association Rules in Horizontally Distributed Databasesijircee
This document proposes a protocol to securely mine association rules from horizontally distributed databases in a privacy-preserving manner. The key aspects of the protocol are:
1) It uses a novel secure multi-party protocol to compute the union of private subsets held by different players, improving on prior work by avoiding commutative encryption and oblivious transfer.
2) It includes a protocol to test if an element held by one player is contained within a private subset held by another player.
3) Experimental results show the protocol has significantly lower communication and computation costs than prior work, while still protecting individual player's privacy beyond just the final mining results.
Oruta: Privacy-Preserving Public Auditing for Shared Data in the CloudMigrant Systems
This document proposes a new mechanism called Oruta that allows privacy-preserving public auditing of shared data stored in the cloud. It utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data for a group of users without revealing the identity of the signer on each data block. Oruta also supports batch auditing of multiple datasets and fully dynamic operations on shared data through the use of index hash tables. The mechanism aims to achieve public auditing, correctness, unforgeability, and identity privacy during the auditing process.
IRJET- Blockchain-A Secure Mode for TransactionIRJET Journal
The document discusses using blockchain technology to securely process banking transactions. Blockchain uses cryptography to connect blocks in a chain, creating a decentralized and tamper-resistant ledger. This allows transactions to be processed faster, more efficiently and securely without a central authority. The proposed system would use blockchain for banking transactions like account creation, fund transfers, and checking transaction histories. It would provide security through cryptographic hashing, transaction verification across nodes, and use of digital signatures. This could make current banking systems more secure, efficient and reduce fraud compared to centralized databases.
With cloud storage services, it is commonplace for data to be not only stored in the cloud, but also shared across multiple users. However, public auditing for such shared data — while preserving identity privacy — remains to be an open challenge. In this paper, we propose the first privacy-preserving mechanism that allows public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute the verification information needed to audit the integrity of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from a third party auditor (TPA), who is still able to publicly verify the integrity of shared data without retrieving the entire file. Our experimental results demonstrate the effectiveness and efficiency of our proposed mechanism when auditing shared data.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A SECURE KEY COMPUTATION PROTOCOL FOR SECURE GROUP COMMUNICATION WITH PASSWOR...cscpconf
Providing security in group communication is more essential in this new network environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner. Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that only authorized group members will be able to computer and retrieve the secret key and unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the pair generated for the computation of key is also very strong since the cryptographic techniques are used which provides efficient computation.
A secure key computation protocol for secure group communication with passwor...csandit
Providing security in group communication is more essential in this new network
environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol
that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner.
Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that
only authorized group members will be able to computer and retrieve the secret key and
unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and
relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the
pair generated for the computation of key is also very strong since the cryptographic
techniques are used which provides efficient computation.
Enhanced security for non English users of Wireless Sensor NetworksEswar Publications
Wireless Sensor Networks is an infrastructure less, self-configured, reprogrammable, energy-aware network used
in various applications. Many networks works on security of data including mainly ASCII values but not the non English end users. BDNA cryptography describes how to encrypt non English patterns but which leads to propagation of more bits transmitted means indirectly consumes more energy in WSN. In this we propose new steps to reduce the transmission of more bytes in the network. This gives high propagation speed in the network with minimum hash overhead.
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
Millions of people all over the world are now connected to the Internet for doing business. Therefore, the demand for Internet and web-based services continues to grow. So, need to install required infrastructure to balance the computing. In spite the success of new infrastructure, it is susceptible to several critical
malfunctions. Therefore, to guarantee the secure operations on Network and Data, several solutions need to be developed. The researchers are working in this direction to have the better solution for security. In distributed environment, at the time of management of resources both computing and networking,
resource allocation and resource utilization, etc, the security is most crucial problem. In this paper, an extensive review has been made on the different security aspect, different types of attack and techniques to sustain and block the attack in the distributed environment.
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
This document summarizes security aspects for dynamic resource management in distributed systems. It discusses security issues for data and networks, including securing stored data, anonymity in peer-to-peer systems, robust contributory key agreement, firewall modeling and management, and security solutions for peer-to-peer networks. It also analyzes different techniques for securing internet communications and defending against attacks.
A Trust Conscious Secure Route Data Communication in MANETSCSCJournals
The document proposes a mechanism for establishing trust-based secure routes for data communication between mobile nodes in a mobile ad hoc network (MANET). It aims to dynamically increase the trust level between nodes from low to high using proxy nodes. When nodes need to securely communicate, they will generate dynamic secret session keys either directly or through proxy nodes using message digest and Diffie-Hellman protocols. The mechanism is implemented on reactive routing protocols and finds routes through trusted intermediate nodes that share secret keys. This may result in non-optimal routes but guarantees security. It also describes how a new node can join and how trusted nodes can act as proxies to help other nodes establish shared keys.
AUTHENTICATION USING TRUST TO DETECT MISBEHAVING NODES IN MOBILE AD HOC NETWO...IJNSA Journal
Providing security in Mobile Ad Hoc Network is crucial problem due to its open shared wireless medium, multi-hop and dynamic nature, constrained resources, lack of administration and cooperation. Traditionally routing protocols are designed to cope with routing operation but in practice they may be affected by misbehaving nodes so that they try to disturb the normal routing operations by launching different attacks with the intention to minimize or collapse the overall network performance. Therefore detecting a trusted node means ensuring authentication and securing routing can be expected. In this article we have proposed a Trust and Q-learning based Security (TQS) model to detect the misbehaving nodes over Ad Hoc On Demand Distance-Vector (AODV) routing protocol. Here we avoid the misbehaving nodes by calculating an aggregated reward, based on the Q-learning mechanism by using their historical forwarding and responding behaviour by the way misbehaving nodes can be isolated.
AUTHENTICATION USING TRUST TO DETECT MISBEHAVING NODES IN MOBILE AD HOC NETWO...IJNSA Journal
Providing security in Mobile Ad Hoc Network is crucial problem due to its open shared wireless medium,
multi-hop and dynamic nature, constrained resources, lack of administration and cooperation.
Traditionally routing protocols are designed to cope with routing operation but in practice they may be
affected by misbehaving nodes so that they try to disturb the normal routing operations by launching
different attacks with the intention to minimize or collapse the overall network performance. Therefore
detecting a trusted node means ensuring authentication and securing routing can be expected. In this
article we have proposed a Trust and Q-learning based Security (TQS) model to detect the misbehaving
nodes over Ad Hoc On Demand Distance-Vector (AODV) routing protocol. Here we avoid the misbehaving
nodes by calculating an aggregated reward, based on the Q-learning mechanism by using their historical
forwarding and responding behaviour by the way misbehaving nodes can be isolated.
The techniques of proxy signature and fault tolerance are two important issues in modern
communication.Proxy signature scheme permits an original signer to delegate his/her signing capability to a
proxy signer, and then the proxy signer generates a signing message on behalf of the original signer. To
communicate securelyover an unreliable public network, the two parties must be able to authenticate one
another and agree on a secret encryption key. Authenticated key agreement protocols have an important role in
building a secure communications network between the two parties. In this paper, we propose a secure proxy
signature scheme with fault tolerance over an efficient and secure authenticated key agreement protocol based
on the discrete logarithm problem.The scheme does not require any extra mechanism, such as checkpoints, to
achieve the property of fault tolerance.
Cluster Based Misbehaviour Detection and Authentication Using Threshold Crypt...CSCJournals
In mobile ad hoc networks, the misbehaving nodes can cause dysfunction in the network resulting in damage of other nodes. In order to establish secure communication with the group members of a network, use of a shared group key for confidentiality and authentication is required. Distributing the shares of secret group key to the group members securely is another challenging task in MANET. In this paper, we propose a Cluster Based Misbehavior Detection and Authentication scheme using threshold cryptography in MANET. For secure data transmission, when any node requests a certificate from a cluster head (CH), it utilizes a threshold cryptographic technique to issue the certificate to the requested node for authentication. The certificate of a node is renewed or rejected by CH, based on its trust counter value. An acknowledgement scheme is also included to detect and isolate the misbehaving nodes. By simulation results, we show that the proposed approach reduces the overhead.
SECURITY PROPERTIES IN AN OPEN PEER-TO-PEER NETWORKIJNSA Journal
This paper proposes to address new requirements of confidentiality, integrity and availability properties fitting to peer-to-peer domains of resources. The enforcement of security properties in an open peer-topeer network remains an open problem as the literature have mainly proposed contribution on availability of resources and anonymity of users. That paper proposes a novel architecture that eases the administration of a peer-to-peer network. It considers a network of safe peer-to-peer clients in the sense that it is a commune client software that is shared by all the participants to cope with the sharing of various resources associated with different security requirements. However, our proposal deals with possible malicious peers that attempt to compromise the requested security properties. Despite the safety of an open peer-to-peer network cannot be formally guaranteed, since a end user has privileges on the target host, our solution provides several advanced security enforcement. First, it enables to formally define the requested security properties of the various shared resources. Second, it evaluates the trust and the reputation of the requesting peer by sending challenges that test the fairness of its peer-to-peer security policy. Moreover, it proposes an advanced Mandatory Access Control that enforces the required peer-to-peer security properties through an automatic projection of the requested properties onto SELinux policies. Thus, the SELinux system of the requesting peer is automatically configured with respect to the required peer-to-peer security properties. That solution prevents from a malicious peer that could use ordinary applications such as a video reader to access confidential files such as a video requesting fee paying. Since the malicious peer could try to abuse the system, SELinux challenges and traces are also used to evaluate the fairness of the requester. That paper ends with different research perspectives such as a dedicated MAC system for the peer-to-peer client and honeypots for testing the security of the proposed peer-to-peer infrastructure.
Similar to AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS (20)
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSIJNSA Journal
The smart irrigation system represents an innovative approach to optimize water usage in agricultural and landscaping practices. The integration of cutting-edge technologies, including sensors, actuators, and data analysis, empowers this system to provide accurate monitoring and control of irrigation processes by leveraging real-time environmental conditions. The main objective of a smart irrigation system is to optimize water efficiency, minimize expenses, and foster the adoption of sustainable water management methods. This paper conducts a systematic risk assessment by exploring the key components/assets and their functionalities in the smart irrigation system. The crucial role of sensors in gathering data on soil moisture, weather patterns, and plant well-being is emphasized in this system. These sensors enable intelligent decision-making in irrigation scheduling and water distribution, leading to enhanced water efficiency and sustainable water management practices. Actuators enable automated control of irrigation devices, ensuring precise and targeted water delivery to plants. Additionally, the paper addresses the potential threat and vulnerabilities associated with smart irrigation systems. It discusses limitations of the system, such as power constraints and computational capabilities, and calculates the potential security risks. The paper suggests possible risk treatment methods for effective secure system operation. In conclusion, the paper emphasizes the significant benefits of implementing smart irrigation systems, including improved water conservation, increased crop yield, and reduced environmental impact. Additionally, based on the security analysis conducted, the paper recommends the implementation of countermeasures and security approaches to address vulnerabilities and ensure the integrity and reliability of the system. By incorporating these measures, smart irrigation technology can revolutionize water management practices in agriculture, promoting sustainability, resource efficiency, and safeguarding against potential security threats.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
DOI : 10.5121/ijnsa.2013.5302 09
AN EFFICIENT GROUP AUTHENTICATION FOR
GROUP COMMUNICATIONS
Lein Harn1
and Changlu Lin2
1
Department of Computer Science Electrical Engineering, University of Missouri-Kansas
City, MO 64110, USA
harnl@umkc.edu
2
Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fujian,
35007, P. R. China
cllin@fjnu.edu.cn
ABSTRACT
Group communication implies a many-to-many communication and it goes beyond both one-to-one
communication (i.e., unicast) and one-to-many communication (i.e., multicast). Unlike most user
authentication protocols that authenticate a single user each time, we propose a new type of authentication,
called group authentication, that authenticates all users in a group at once. The group authentication
protocol is specially designed to support group communications. There is a group manager who is
responsible to manage the group communication. During registration, each user of a group obtains an
unique token from the group manager. Users present their tokens to determine whether they all belong to
the same group or not. The group authentication protocol allows users to reuse their tokens without
compromising the security of tokens. In addition, the group authentication can protect the identity of each
user.
KEYWORDS
User authentication; Group communication; Secret sharing; Ad hoc network; Strong t -consistency
1. INTRODUCTION
User authentication is one of the most important security services in computer and
communication application. Knowledge based authentication (e.g., password) [16,9] and key
based authentication (e.g., public/private key) [7,12] are the two most popular approaches.
Knowledge based authentication has some security flaws. Most users like to use simple and short
passwords. However, Internet hackers can easily crack simple passwords. Public-key based
authentication needs a certificate authority (CA) to provide the authenticity of public keys. In
addition, public-key computations involve large integers. Computational time is one of the main
concerns for public-key based authentication.
All user authentication protocols [10,6] are one-to-one type of authentication where the prover
interacts with the verifier to prove the identity of the prover. For example, the RSA digital
signature [13] is used to authenticate the signer of the signature. In this approach, the verifier
sends a random challenge to the prover. Then, the prover digitally signs the random challenge and
returns the digital signature of the challenge to the verifier. After successfully verifying the digital
signature, the verifier is convinced that the prover is the one with the identity of the public key
used to verify the digital signature. In wireless communications, when a mobile subscriber wants
to establish a connection with the base station, the subscriber and the base station interact to
2. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
10
establish mutual authentication. Mutual authentication can prevent an illegitimate subscriber from
using the service and prevent the fake base station from harming the subscriber.
Network applications are no longer just one-to-one communication; but involve multiple users
( 2) . Group communication [14,2] implies a many-to-many communication and it goes beyond
both one-to-one communication (i.e., unicast) and one-to-many communication (i.e., multicast).
In this paper, we propose a new type of authentication, called group authentication, which
authenticates all users in a group at once. The group authentication protocol is specially designed
to support group communications. The group authentication is defined to involve multiple users
and users want to convince each other that they all belong to the same group without revealing
their identities. In the group authentication, each user acts as both the prover and the verifier.
Group authentication is extremely important in an ad hoc network because this network is
temporarily established by multiple users and these users want to use this network to exchange
secret information.
Devising protocols to provide group authentication in ad hoc networks is extremely challenging
due to highly dynamic and unpredictable topological changes. As a result, there are two popular
models to provide group authentication services in an ad hoc network. The first model involves a
centralized authentication server (AS) [11,3] and the second model has no AS [5,4]. In the first
model, AS manages the access rights of the network. For example, Bhakti et al. [3] proposed to
adopt Extensible Authentication Protocol (EAP) in the IEEE 802.1x standard for wireless ad hoc
network. This approach requires to set up the AS and have mobile users to access to the AS
service. In fact, in some situations, the second model is the only way to provide group
authentication. For example, in an ad-hoc network communication, there has no AS service
available to mobile users. In the second model, each user needs to take in charge of authenticating
other users. In a straightforward approach, if there are n users in the group, each user can use the
one-to-one authentication protocol for 1n times to authenticate other users. Computational time
is one of the major concerns in this approach.
In this paper, we introduce a special type of group authentication which provides an efficient way
to authenticate multiple users belonging to the same group without revealing identity of each user.
Our proposed protocol is no longer a one-to-one type of authentication. It is a many-to-many type
of authentication. Unlike most user authentication protocols that authenticate a single user each
time, our proposed protocol authenticates all users of a group at once. In our proposal, each user
needs to register with a group manager (GM) to become a group user. Like the trusted dealer in
Shamir's ( , )t n secret sharing scheme [15], the GM needs to select a secret polynomial and
compute token for each user. Based on these tokens, our protocol can establish group
authentication for all users at once. The group authentication protocol allows users to reuse their
tokens without compromising the security of tokens. Our proposed protocol supports existing
wireless communication network including wireless ad hoc network.
The rest of this paper is organized as follows. In next section, we include some preliminaries.
In Section 3, we introduce the model of our proposed group authentication. In Section 4, we
present basic one-time group authentication protocol; in Section 5, we present group
authentication protocol without revealing tokens. We conclude in Section 6.
3. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
11
2. PRELIMINARIES
2.1. Review of Shamir's secret sharing scheme [15]
In Shamir's ( , )t n secret sharing scheme based on the polynomial, there are n shareholders and a
mutually trusted dealer. The scheme consists of two algorithms:
a) Share generation algorithm: the dealer first picks a random polynomial of degree 1t ,
1
1 1 0( ) modt
i tf x a x a x a p
, such that the secret s satisfies 0(0)f a s
and all coefficients, a0,a1,…..at-1 ZP, p is a prime with p s . The dealer computes shares,
( )if x , for 1,2, ,i n , and distributes each share ( )if x to shareholder iU secretly.
b) Secret reconstruction algorithm: it takes any t or more than t shares, for example, j
shares (i.e., t j n ), 1 1 2 2( , ( )),( , ( )), ,( , ( ))j jx f x x f x x f x , as inputs, and outputs the
secret s using Lagrange interpolating formula as
1 1,
( ) mod .
jj
r
i
i r r i i r
x
s f x p
x x
We note that the above algorithms satisfy the basic requirements of the secret sharing scheme,
that are, (1) with the knowledge of any t or more than t shares, shareholders can reconstruct the
secret s ; and (2) with the knowledge of any 1t or fewer than 1t shares, shareholders cannot
obtain the secret s . Shamir's secret sharing scheme is unconditionally secure since the scheme
satisfies these two requirements without making any computational assumption. For more
information on this scheme, please refer to the original paper [15].
2.2. Harn and Lin's definition on strong t -consistency [8]
Benaloh [1] presented a notion of t -consistency to determine whether a set of shares is generated
from a polynomial of degree 1t at most. Recently, Harn and Lin [8] proposed a new definition
of strong t -consistency which is the extension of Benaloh's definition.
Definition 1 (Strong t -consistency [8]). A set of n shares (i.e., t n ) is said to be strong t -
consistent if (a) any subset of t or more than t shares can reconstruct the secret, and (b) any
subset of fewer than t shares cannot reconstruct the secret.
It is obvious that if shares in Shamir's secret sharing scheme are generated by a polynomial with
degree 1t exactly, then shares satisfy the security requirements of a ( , )t n secret sharing
scheme and these shares are also strong t -consistent.
Checking strong t -consistency of n shares can be executed very efficiently by using Lagrange
interpolating formula. In fact, to check whether n shares are strong t -consistent or not, it only
needs to check whether the interpolation of n shares yields a polynomial with degree 1t
exactly. If this condition is satisfied, we can conclude that all shares are strong t -consistent.
However, if there are some illegitimate shares, the degree of the interpolating polynomial of these
n shares is more than 1t with very high probability. In other words, these n shares are most
likely to be not strong t -consistent. The property of strong t -consistency will be used in Section
5 of our protocol to check strong t -consistency of n shares without revealing tokens.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
12
3. MODEL
3.1. Entities
a) Group Manager (GM): A group manager is responsible to register users to form a group.
The responsibility of GM is to issue a secret token to each user during registration. Later,
authentication is based on the secret tokens. Since tokens are used in authentication,
identities of users are protected. In order to prevent malicious users to reveal their tokens to
attackers, each token is a unique integer. The secret tokens are shares of the polynomial
generated by the GM.
b) Group Users: Join a group and become a group user, each user needs to register with the
GM. After being successfully registered, each user receives a secret token from the GM.
Each user with a unique token can prevent malicious users to give their tokens to
impersonators.
c) Attackers: We consider two types of attackers, the inside attackers and the outside attackers.
The inside attackers are users who are legitimate users and own legitimate tokens from the
GM. We consider that the insider attackers may collude to forge tokens for non-users. The
outside attackers are impersonators who do not own any tokens and try to impersonate users
to fail the authentication protocol. We also assume that the GM does not collude with any
user. If the GM colludes with any user by revealing the secret of the GM to the user, the
colluded user can do harm to the group. In addition, we assume all users act honestly in the
authentication. If any use acts dishonestly by revealing a invalid value, the authentication is
failed.
3.2. Authentication outcomes
There are only two possible outcomes of a group authentication; that are, either “yes” or “no”. If
the outcome is “yes”, it means that all users belong to the same group; otherwise, there are
impersonators.
4. BASIC ONE-TIME GROUP AUTHENTICATION PROTOCOL
In the following discussion, we assume that there are n users, 1 2, , , nM M M , registered at the
GM to form a group.
4.1. System set up
During registration, GM constructs a random ( 1)t -th (i.e., t n ) degree polynomial ( )f x
with (0)f s , and computes secret tokens of users as ( )i iy f x , for 1,2, ,i n , where ix
is the public information associated with user iM . GM sends each token iy to user iM secretly.
GM makes ( )H s publicly known, where H is a one-way function.
Remark 1. The threshold t is an important security parameter that affects the security of group
authentication protocols. Using a ( , )t n secret sharing scheme to issue tokens in the registration
can prevent up to 1t inside attackers, who are legitimate users, colluded together to forge
tokens.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
13
4.2. Basic one-time group authentication protocol
From now on, we assume that there are j users with their tokens 1 2( ), ( ), , ( )jf x f x f x where
t j n , who want to execute the group authentication protocol.
The basic idea of this protocol is that each user releases the token obtained from the GM during
registration. If all released tokens are valid, the interpolation of the released tokens can
reconstruct the secret s . The published one-way hash of the secret is used to compare with the
one-way hash of the reconstructed secret.
Theorem 1. Protocol 1 can detect any number of illegitimate users.
Proof. If there is illegitimate user who does not own a valid token on the polynomial ( )f x , the
reconstructed secret will be different from the secret s . Thus, Protocol 1 can detect any number
of illegitimate users. □
Protocol 1: One-time group authentication protocol
Step 1. Each user iM reveals his token ( )if x , to all other users simultaneously.
Step 2. After knowing all tokens, ( )if x , for 1,2, ,i j , following Lagrange interpolating
formula, each user computes
1 1,
( ) mod .
jj
r
i
i r r i i r
x
s f x p
x x
If ( ) ( )H s H s , all
users have been authenticated successfully; otherwise, there are illegitimate users.
Remark 2. This is a one-time authentication protocol since the secret and tokens are revealed to
all users in this protocol. The authentication is no longer a one-to-one authentication and it is a
many-to-many authentication. The proposed protocol is very efficient to authenticate multiple
users belonging to the same group without revealing identity of each user.
5. GROUP AUTHENTICATION PROTOCOL WITHOUT REVEALING TOKENS
In Protocol 1, since tokens are revealed to all users, each token can only be used for one-time
authentication. In addition, the secret s is also exposed to users in Protocol 1. In the following
discussion, we propose a way to protect tokens. In addition, the secret does not need to be
recovered in each authentication. Our authentication is based on the property of strong t -
consistency in Section 2.2.
5.1. Group authentication protocol without revealing tokens
In the following protocol, it can be achieved authentication without revealing tokens and the
secret. The basic idea of our approach uses the property of strong t -consistency. Let each user
select a random polynomial with ( 1)t -th degree and generate shares for other users. Then, each
user releases the additive sum of his own token obtained from the GM during the registration and
sum of shares of polynomials generated by users. Due to the property of secret
6. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
14
Protocol 2: Group authentication protocol without revealing tokens
Step 1. Each user iM selects a random polynomial, ( )if x , with ( 1)t -th degree. For the
polynomial ( )if x , user iM computes shares as ( )i rf x , for 1,2, , ,r j r i , for other
users. User iM sends each share, ( )i rf x to user rM secretly.
Step 2. After receiving ( )r if x for 1,2, ,r j , each user uses his token ( )if x to compute
''
1
( ) ( ) mod
j
i i r i
r
y f x f x p
. Each user releases his value iy .
Step 3. After knowing ''
iy , for 1,2, ,i j , each user checks whether they are strong t -
consistent. If they are not strong t -consistent, there are illegitimate users; else, all users have
been successfully authenticated belonging to the same group.
sharing homomorphism in Section 2.2, the released sums are shares of the secret polynomial
( )f x of tokens and sum of polynomials generated by users. If all users act honestly and own
valid tokens, the released sums should be strong t -consistent; otherwise, the released sums are
not strong t -consistent. Since users do not need to reconstruct the secret in the protocol and the
tokens have not been revealed directly, the dealer does not need to publish the one-way of the
secret s during system set up and the tokens can be reused.
Theorem 2. Protocol 2 can detect any number of illegitimate users.
Proof. Due to the property of secret sharing homomorphism, each released value, ''
iy in Step 2 is
the share of additive sum of polynomials,
1
( ) ( ) mod
j
r
r
f x f x p
, with ( 1)t -th degree.
Thus, in Step 3, all released values, ''
iy , for 1,2, ,i j , are strong t -consistent. If there is any
illegitimate user who does not own a valid token, ( )if x , the released values, ''
iy , for
1,2, ,i j , are not strong t -consistent with very high probability. □
Remark 3. In Step 2, the token ( )if x cannot be computed from the revealed value
''
1
( ) ( ) mod
j
i i r i
r
y f x f x p
. Therefore, the tokens are protected unconditionally and can
be reused for multiple authentications.
5.2. Computational complexity
The most time-consuming operation for each user is to check the strong t -consistency of released
values ''
iy for 1,2, ,i j , in Step 3 of Protocol 2. Following our discussion presented in
Section 2.2, checking strong t -consistency needs to compute the interpolating polynomial of
values ''
iy . The polynomial interpolation becomes the main computational task in our proposed
protocol. However, the modulus p in our polynomial interpolation is much smaller than the
7. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
15
modulus in most public-key cryptosystems, such as RSA cryptosystem [13]. In addition, not like
conventional user authentication protocol that authenticates one user at a time, this proposed
authentication protocol authenticates all users at once. Thus, the proposed authentication protocol
is very efficient in comparing with all existing authentication protocols.
6. CONCLUSIONS
We propose a special type of group authentication which is specially designed for group
communications such as the ad hoc wireless communication network. The proposed group
authentication protocol is no longer a one-to-one type of user authentication and it is a many-to-
many type of authentication that authenticates multiple users at once. We first propose an basic
one-time group authentication protocol and then propose a general group authentication protocol
without revealing tokens. Our proposed group authentication is very efficient since the
computation is based on the computation of linear polynomial.
ACKNOWLEDGEMENTS
This research is supported by the National Natural Science Foundations of China under Grant No.
61103247 and the Natural Science Foundation of Fujian Province under Grant No. 2011J05147.
REFERENCES
[1] Benaloh J. C., (1987) Secret sharing homomorphisms: keeping shares of a secret, in: Proceedings of
CRYPTO '86, LNCS 263, pp. 251-260.
[2] Bruhadeshwar B. and Kulkarni S.S., (2011) Balancing revocation and storage trade-offs in secure
group communication, IEEE Transactions on Dependable and Secure Computing, 8 (1): 58-73.
[3] Catur Bhakti M. A., Abdullah A., and Jung L. T., (2007) EAP-based authentication for ad hoc
network, in: Proc. 2007 Seminar Nasional Aplikasi Teknologi Informasi – SNATI’07, pp. C-133-C-
137.
[4] Caballero-Gil P. and Hernndez-Goya C., (2009) Self-organized authentication in Mobile ad-hoc
networks, Journal of Communications and Networks, 11(5): 509-517.
[5] Capkun S., Buttyn, L. and Hubaux J. P., (2003) Self-organized public-key management for mobile ad
hoc networks, IEEE Transactions on mobile computing, 2(1):52-64.
[6] Das M. L., (2009) Two-factor user authentication in wireless sensor networks, IEEE Transactions on
Wireless Communications, 8 (3): 1086-1090.
[7] Downnard I., (2002) Public-key cryptography extensions into Kerberos, IEEE Potentials, 21(5): 30-
34.
[8] Harn L. and Lin C., (2010) Strong verifiable secret sharing scheme, Information Sciences, 180(16):
3059-3064.
[9] Ku W. C., (2005) Weaknesses and drawbacks of a password authentication scheme using neural
networks for multiserver architecture, IEEE Transactions on Neural Networks, 16(4), 1002-1005.
[10] Oppliger R., Hauser R., and Basin D., (2008) SSL/TLS session-aware user authentication, Computer,
41(3): 59-65.
[11] Pirzada A. A. and McDonald C., (2004) Kerberos assisted authentication in mobile ad-hoc networks,
in: Proceedings of the 27th Australasian Computer Science Conference –ACSC’04, 26(1), pp. 41-46.
[12] Ren K., Yu S., Lou W., and Zhang Y., (2009) Multi-user broadcast authentication in wireless sensor
networks, IEEE Transactions on Vehicular Technology, 58(8): 4554-4564.
[13] Rivest R., Shamir A., and Adleman L., (1978) A method for obtaining digital signatures and public-
key cryptosystems, Communications of the ACM, 21 (2): 120-126.
[14] Sakarindr P. and Ansari N., (2010) Survey of security services on group communications, IET
Information. Security., 4(4): 258-272.
[15] Shamir A., (1979) How to share a secret, Communications of the ACM, 22(11): 612-613.
8. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
16
[16] Yan J., Blackwell A., Anderson R., and Grant A., (2004) Password memorability and security:
Empirical results, IEEE Security & Privacy Magazine, 2(5):25-31.
Authors
Lein Harn received the B.S. degree in electrical engineering from the National Taiwan
University in 1977, the M.S. degree in electrical engineering from the State University of
New York-Stony Brook in 1980, and the Ph.D. degree in electrical engineering from the
University of Minnesota in 1984. In 1984, he joined the Department of Electrical and
Computer Engineering, University of Missouri- Columbia as an assistant professor, and in 1986, he moved
to Computer Science and Telecommunication Program (CSTP), University of Missouri, Kansas City
(UMKC). While at UMKC, he went on development leave to work in Racal Data Group, Florida for a year.
His research interests include cryptography, network security, and wireless communication security. He has
published a number of papers on digital signature design and applications and wireless and network
security. He has written two books on security. He is currently investigating new ways of
using secret sharing in various applications.
Changlu Lin received the BS degree and MS degree in mathematics from the Fujian
Normal University, P.R. China, in 2002 and in 2005, respectively, and received the Ph.D
degree in information security from the state key laboratory of information security,
Graduate University of Chinese Academy of Sciences, P.R. China, in 2010. He works
currently for the School of Mathematics and Computer Science, and the Key Laboratory of Network
Security and Cryptology, Fujian Normal University. He is interested in cryptography and network security,
and has conducted research in diverse areas, including secret sharing, public key cryptography and their
applications.