Chain Bridge: A Secure Privacy-Preserving Framework for Anonymous Authentication and Cross-chain Routing

Recent literature suggests that the Internet of Things (IoT) scales much better in an information-centric networking (ICN) model instead of the current host-centric Internet protocol (IP) model. In particular, the named data networking (NDN) project (one of the ICN architecture flavors) offers features exploitable by IoT applications, such as stateful forwarding, in-network caching, and built-in assurance of data provenance. Though NDN-based IoT frameworks have been proposed, none have adequately and holistically addressed concerns related to secure onboarding and routing. Additionally, emerging IoT applications such as smart cities require high scalability and thus pose new challenges to NDN routing. Therefore, in this paper, we propose and evaluate a novel, scalable framework for lightweight authentication and hierarchical routing in the NDN IoT. Our ns-3 based simulation analyses demonstrate that our framework is scalable and efficient. It supports deployment densities as high as 40 000 nodes/km2 with an average onboarding convergence time of around 250 s and overhead of less than 20 kibibytes per node. This demonstrates its efficacy for emerging large-scale IoT applications such as smart cities.

Designing an anonymous user authentication scheme in global mobility networks is a non-trivial task because wireless networks are susceptible to attacks and mobile devices powered by batteries have limited communication, processing and storage capabilities. In this paper, we present a generic construction that converts any existing secure password authentication scheme based on a smart card into an anonymous authentication scheme for roaming services. The security proof of our construction can be derived from the underlying password authentication scheme employing the same assumptions. Compared with the original password authentication scheme, the transformed scheme does not sacrifice the authentication efficiency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited. Furthermore, we present an instantiation of the proposed generic construction. The performance analysis shows that compared with other related anonymous authentication schemes, our instantiation is more efficient.

Providing efficient anonymous authentication in vehicular ad hoc networks (VANETs) is a challenging issue. Identity-based signature schemes have been used to provide privacy-preserving authentication effectively for VANETs. In such scenario, mutual authentication between vehicles is critical to ensure only legitimate vehicles can involve in the inter-vehicle communication, and how to resist denial-of-service attack should be carefully addressed due to the regionally central signature verification in vehicle-road-side communications. In this paper, we propose a conditional privacy-preserving mutual authentication framework with denial-of-service attack resistance called MADAR. The authentication framework combines different identity-based signature schemes and distinguishes inner-region and cross-region authentications to increase efficiency. Beyond the privacy preservation and non-repudiation achieved by the existing framework, our authentication framework provides asymmetric inter-vehicle mutual authentication and strength-alterable computational DoS-attack resistance. We have formally proved the privacy preservation, unlinkability, mutual authenticity, and correctness of pseudonym with ProVerif, and analyzed other security objectives. The performance evaluations are conducted and the results demonstrate that our framework can achieve these security objectives with moderate computation and communication overheads.

Due to the openness of communication channels and the sensitivity of the data being collected and transmitted, securing data access and communication in IoT systems requires robust ECC-based authentication and key agreement (AKA) protocols. However, designing an AKA protocol for IoT presents significant challenges, as most IoT sensors are deployed in resource-constrained, unattended environments with limited computational power, connectivity, and storage. To achieve anonymous authentication, existing solutions typically rely on shared temporary public keys to mask device IDs or validate sender certificates, which increases the computational overhead. Furthermore, these protocols often fail to address crucial security concerns, such as nonresistance to ephemeral secret leakage (ESL) attacks and a lack of perfect forward security. To mitigate the computational burden, we propose a dynamic authenticated credentials (DACs) synchronization framework for anonymous authentication. Then, we introduce an ECC-based AKA scheme that employs DACs in place of temporary public keys or sender credentials, enabling efficient and secure anonymous authentication. The security of the proposed protocol was rigorously verified under the Real-or-Oracle model and validated using ProVerif. Performance comparisons demonstrate that our scheme offered significant improvements in security, with an over 37% reduction in communication cost and computational overhead.

Opportunistic routing has been extensively studied and utilized in delay/disruption-tolerant networks. The extensive use of nodes' local information, e.g., the distance to the destination or the contact frequency with the destination, in such routing schemes can cause severe security and privacy problems. Existing solutions of anonymous routing can introduce undesired overhead and fail to provide the confidentiality of the routing metric. In this paper, we propose an advanced framework for opportunistic routing schemes, providing the following properties: confidentiality of the nodes' routing metric, anonymous authentication, and efficient key agreement for pairwise communication. A comprehensive evaluation, including security analysis, efficiency analysis, and simulation evaluation, is presented to show the security and feasibility of the proposed framework.

The Vehicular Adhoc Network (VANET) is a newly added smart technique in vehicles to ensure safety and reduce time consumption. Even though it saves time and guarantees safe travel, security and privacy are the most difficult issues in the VANET. Moreover, this is due to the fact that the methods exploit public key infrastructure, group signature, etc., Meanwhile, the hackers can acquire the sensitive data’s which are usually kept in the tamper-proof devices by using side-channel attacks. The VANET also possesses several security-related issues. To circumvent this we propose an efficient privacy-preserving and fuzzy-based trust evaluation scheme. This method ensures the security and authenticity of the VANET. To ensure security our proposed method utilizes a modified Elliptical Curve cryptographic (ECC) method which also reduces the computational complexities created by the conventional ECC. In our proposed method the TPD parameters are renewed more often to eliminate the attacks and permits batch verification methods to reduce the time. The experimental analysis is conducted in Matlab simulator in terms of computational cost, communication cost, evaluation of trustworthiness, privacy protection. The experimental analysis shows that proposed method provides 94% of trustworthiness and time consumption and communication overheads are reduced to greater extent.

The presence of ubiquitous connectivity provided by wireless communications and mobile computing has changed the way humans interact with information. At the same time, it has made communication security and privacy a hot-button issue. In this article we address the security and privacy concerns in wireless access networks. We first discuss the general cryptographic means to design privacy-preserving security protocols, where the dilemma of attaining both security and privacy goals, especially user accountability vs. user privacy, is highlighted. We then present a novel authentication framework that integrates a new key management scheme based on the principle of separation of powers and an adapted construction of Boneh and Shacham's group signature scheme, as an enhanced resort to simultaneously achieve security, privacy, and accountability in wireless access networks.

Federated learning (FL) is a promising technology for achieving privacy-preserving edge intelligence and has attracted extensive attention from industry and academia. However, in the FL training process, the server directly aggregates local models from mobile devices, which poses serious privacy and security threats. The identity authentication mechanism can provide FL with local model integrity and source authentication. However, the existing schemes are centralized, and most of them are computationally expensive, resulting in limited performance. To address these issues, this paper proposes a decentralized and lightweight anonymous FL identity authentication scheme, namely DAFL. In our scheme, we first design a decentralized and simplified storage FL authentication framework by combining the directed acyclic graph (DAG) blockchain and accumulator. Then, we propose a lightweight digital signature algorithm that supports batch verification for authentication. Finally, nodes interact through pseudonyms to achieve anonymous communication, and the trusted authority (TA) can track and recover the real identities of nodes when malicious behavior occurs. We theoretically prove the security of the proposed DAFL. The extensive experiments demonstrate that DAFL achieves lower authentication overhead and better convergence performance compared to existing authentication schemes and vanilla FL systems.

As quantum computing continues to advance, it threatens the long-term protection of traditional cryptographic methods, especially in biometric authentication systems where it is important to protect sensitive data. To overcome this challenge, we present a comprehensive, privacy-preserving framework for multimodal biometric authentication that can easily integrate any two binary-encoded modalities through feature-level fusion, ensuring that all sensitive information remains encrypted under a CKKS-based homomorphic encryption scheme resistant to both classical and quantum-enabled attacks. To demonstrate its versatility and effectiveness, we apply this framework to the retinal vascular patterns and palm vein features, which are inherently spoof-resistant and particularly well suited to high-security applications. This method not only ensures the secrecy of the combined biometric sample, but also enables the complete assessment of recognition performance and resilience against adversarial attacks. The results show that our approach provides protection against threats such as data leakage and replay attacks while maintaining high recognition performance and operational efficiency. These findings demonstrate the feasibility of integrating multimodal biometrics with post-quantum cryptography, giving a strong, privacy-oriented authentication solution suitable for mission-critical applications in the post-quantum era.

An efficient anonymous authentication scheme for blockchain assisted and fog-enabled smart grid

Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients' body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data's confidentiality and preserving patients' privacy. In the previous, anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients' identities and by encrypting medical data. However, many of these schemes are not secure enough. The AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. In this project, propose an Improved AES with secure anonymous authentication framework for WBANs and prove that it is provably secure. The comprehensive analysis section shows that the proposed scheme overcomes the security weaknesses in the existing schemes and also provides low computation cost during anonymous authentication. Keywords—: Cross-modality, contrast enhancement, 2D histogram specification (HS), SSIM gradient, tumor segmentation.

Internet-of-Things (IoT)-based wireless body area networks (WBANs) play an important role in modern medical systems for patient-health monitoring. WBANs have the capability to collect real-time biological information from the patients’ body using intelligent sensors and then send the collected information to the remote doctors or medical experts using the Internet. In recent years, numerous anonymous authentication schemes were proposed to provide security in WBANs. However, many of these schemes are not computationally efficient during anonymous authentication. Moreover, the previous schemes did not provide location privacy for both doctors and patients. In order to overcome these limitations, in this article, we propose an efficient and secure anonymous authentication framework with location privacy preservation for IoT-based WBANs. The comprehensive analysis section shows that the proposed scheme overcomes the security weaknesses in the existing schemes and also provides low computation cost during anonymous authentication.

Anonymous authentication is a method for privacy protection in web service. But, the nature of anonymous authentication, access control of service is seemed impossible because it doesn't know the user's characteristics. In our paper, we propose an anonymous authorization framework which uses qualification certificate and anonymous authentication based on Short Group Signatures. Also, our qualification certificate is used as payment token. By using our proposed authorization protocol, users can use anonymous authentication, anonymous authorization, and anonymous payment in web service.

Opportunistic networks are the special class of ad hoc networks where permanent link among the nodes are almost absent and communication occurs when an “opportunity” is found. The opportunistic networks have more diverse features than traditional ad hoc networks, like self-organized nature, intermittent connectivity, store-carry-forward routing mechanism, etc. All these features make opportunistic networks more prone to security threats. This article discusses security challenges and threats to opportunistic networks. Focusing on the specific security requirements of opportunistic networks, proposed is a secure framework for authentication and privacy preservation (SF-APP) for opportunistic networks. The proposed algorithm takes care of authentication, privacy preservation, and trust management. Within this article is a performed security analysis of SF-APP and simulation results show that the proposed framework is capable of fulfilling the security requirements of opportunistic networks.

Alternating authentications to match the situational context of an intelligent communicating vehicle