Key Agreement Research Articles

A Physician’s Privacy-Preserving Authentication and Key Agreement Protocol Based on Decentralized Identity for Medical Data Sharing in IoMT

A Physician’s Privacy-Preserving Authentication and Key Agreement Protocol Based on Decentralized Identity for Medical Data Sharing in IoMT

A Cost-Efficient Anonymous Authenticated and Key Agreement Scheme for V2I-Based Vehicular Ad-Hoc Networks

A Cost-Efficient Anonymous Authenticated and Key Agreement Scheme for V2I-Based Vehicular Ad-Hoc Networks

Authenticated multi-party quantum key agreement protocol based on cluster states

Quantum key agreement (QKA) is an important cryptographic primitive that plays a pivotal role in private communications. Authenticated QKA plays an important role in QKA. In this paper, we propose an authenticated multiparty QKA scheme based on 4-qubit cluster states entanglement swapping. The scheme is divided into two parts, the first part is the quantum identity authentication stage, and the second part is the QKA stage. In the quantum identity authentication stage, the participants determine that the participant communicating with them is the claimed person through mutual authentication, which can avoid the impersonation attack of the eavesdropper Eve. In the QKA phase, the participants adopt a bidirectional transmission structure with the participation of a semi-trusted third party, and based on the entanglement swapping property of the 4-qubit cluster state, the QKA is finally realized. Detailed security analysis shows that the protocol can resist a variety of internal and external attacks, such as participants attack, entangle-measure attack, and so on.

Lightweight ring-neighbor-based user authentication and group-key agreement for internet of drones

As mobile internet and Internet of Things technologies continue to advance, the application scenarios of peer-to-peer Internet of Drones (IoD) are becoming increasingly diverse. However, the development of IoD also faces significant challenges, such as security, privacy protection, and limited computing power, which require technological innovation to overcome. For group secure communication, it is necessary to provide two basic services, user authentication and group key agreement. Due to the limited storage of IoD devices, group key negotiation requires lightweight calculations, and conventional schemes cannot satisfy the requirements of group communication in the IoD. To this end, a new lightweight communication scheme based on ring neighbors is presented in this paper for IoD, which not only realizes the identity verification of user and group key negotiation, but also improves computational efficiency on each group member side. A detailed security analysis substantiates that the designed scheme is capable of withstanding attacks from both internal and external adversaries while satisfying all defined security requirements. More importantly, in our proposal, the computational cost on the user side remains unaffected by the variability of the number of members participating in group communication, as members communicate in a non-interactive manner through broadcasting. As a result, the protocol proposed in this article demonstrates lower computational and communication costs in comparison to other cryptographic schemes. Hence, this proposal presents a more appealing approach to lightweight group key agreement protocol with user authentication for application in the IoD.

A PUF secured lightweight mutual authentication protocol for multi-UAV networks

Unmanned aerial vehicles, initially developed for military use, have evolved to play vital roles in civilian applications including photography, agriculture, disaster management, and delivery services. Their agility, precision, and ad-hoc formation make them indispensable, particularly in time-sensitive tasks such as search-and-rescue missions. However, the widespread use of UAVs has raised security concerns, including unauthorized access, cyberattacks, and physical threats. In addition, the dynamic nature of these networks provides adversaries with opportunities to exploit node failures leading to potential data breaches. To address these risks, implementing robust security measures such as authentication, encryption, physical security, and proactive monitoring is essential even amidst the inherent resource limitations faced by UAVs. This paper proposes a lightweight authentication and key agreement protocol for multi-UAV networks, incorporating physically unclonable technology for securing the data sent over the network. The protocol also addresses security risks during UAV failures and the unauthorized access to data. The scheme has been validated using the Scyther simulation tool, with the PUF implemented on the Xilinx FPGA platform. An informal security analysis is also presented that demonstrates its adherence to security requirements. Additionally, the performance of the proposed scheme is compared with state-of-the-art approaches by evaluating network latency in terms of computational and communication costs, affirming its effectiveness in resource-constrained applications.

Blockchain-Based Lightweight Certificateless Authenticated Key Agreement Protocol for V2V Communications in IoV

Blockchain-Based Lightweight Certificateless Authenticated Key Agreement Protocol for V2V Communications in IoV

Multiparty Quantum Key Agreement Based on d$d$‐dimensional Bell States

AbstractIn this paper, on the design process of a multiparty quantum key agreement protocol within a ‐dimensional Hilbert space is elaborated upon. A circular‐type multiparty quantum key agreement protocol based on the generalized Bell state is introduced. To enhance security against external attacks, decoy states into the transmission process is incorporated. Transmission sequences of the generalized Bell state and decoy states are passed between participants. The participants then encode their secret information into the corresponding particles. Ultimately, all participants are able to derive the same key. In addition, a combination of ‐dimensional Pauli operators is utilized, making the proposed protocol feasible with current technology. Analysis and protection against intercept‐resend attack, entangle‐measure attack and dishonest participants attacks, demonstrating the feasibility of the protocol in a ‐dimensional Hilbert space. The protocol has certain advantages over other protocols in terms of a comprehensive consideration of security and efficiency.

A provably secure authenticated key agreement protocol for industrial sensor network system

SummaryThe convergence of reliable and self‐organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man‐in‐the‐middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password‐guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real‐or‐random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.

SLAKA-IoD: A Secure and Lightweight Authentication and Key Agreement Protocol for Internet of Drones

The existing authentication and key agreement (AKA) schemes for the internet of drones (IoD) still suffer from various security attacks and fail to ensure required security properties. Moreover, drones generally have limited memory and computation capability. Motivated by these issues, a secure and lightweight AKA protocol for IoD (SLAKA-IoD) is proposed based on physical unclonable function (PUF), “exclusive or” (XOR) operation and hash function, which are simple cryptographic operations and functions that can provide better performance. In the SLAKA-IoD protocol, a drone and the ground station (GS) perform mutual authentication and establish a secure session key between them, and any two drones can also perform mutual authentication and establish a secure session key between them. Via informal security analysis, formal security analysis using the strand space model, and security verification based on the Scyther tool, the SLAKA-IoD protocol is proven to resist various security attacks and ensure required security properties. Further comparative analysis shows that the SLAKA-IoD protocol can provide more security features, and is generally lightweight as compared with these related AKA protocols for IoD, so it is suitable for IoD.

EMAKAS: An efficient three-factor mutual authentication and key-agreement scheme for IoT environment

The adoption of IoT in healthcare revolutionizes remote patient monitoring and healthcare efficiency. Yet, it brings notable security and privacy challenges, particularly in resource-constrained environment. We propose a secure and efficient three-factor lightweight mutual authentication and key agreement scheme, designed for IoT-based smart healthcare systems, addressing these critical concerns. The scheme employs a fuzzy extractor, a one-way hash function, Elliptic Curve Discrete Logarithm and XOR operations for efficient cryptographic transformations, creating a robust framework for secure data handling. The scheme's design focuses on security and privacy while minimizing computational demands, making it ideal for resource-constrained IoT devices. We utilized both informal and formal security analyses to validate our scheme, employing the Random Oracle Model (ROM), Scyther tool and Burrows-Abadi-Needham (BAN) logic. The security and performance analysis showed that our scheme offers more security features across 15 defined criteria with minimal communication and computational costs compared to other related schemes. The scheme is not only robust against security threats but also practical for implementation in IoT healthcare environment, offering a solution for secure IoT communication by achieving mutual authentication and key agreement with minimized computational requirements.

USAF-IoD: Ultralightweight and Secure Authenticated Key Agreement Framework for Internet of Drones Environment

USAF-IoD: Ultralightweight and Secure Authenticated Key Agreement Framework for Internet of Drones Environment

2FAKA-C/S: A Robust Two-Factor Authentication and Key Agreement Protocol for C/S Data Transmission in Federated Learning

As a hot technology trend, the federated learning (FL) cleverly combines data utilization and privacy protection by processing data locally on the client and only sharing model parameters with the server, embodying an efficient and secure collaborative learning model between clients and aggregated Servers. During the process of uploading parameters in FL models, there is susceptibility to unauthorized access threats, which can result in training data leakage. To ensure data security during transmission, the Authentication and Key Agreement (AKA) protocols are proposed to authenticate legitimate users and safeguard training data. However, existing AKA protocols for client–server (C/S) architecture show security deficiencies, such as lack of user anonymity and susceptibility to password guessing attacks. In this paper, we propose a robust 2FAKA-C/S protocol based on ECC and Hash-chain technology. Our security analysis shows that the proposed protocol ensures the session keys are semantically secure and can effectively resist various attacks. The performance analysis indicates that the proposed protocol achieves a total running time of 62.644 ms and requires only 800 bits of communication overhead, showing superior computational efficiency and lower communication costs compared to existing protocols. In conclusion, the proposed protocol securely protects the training parameters in a federated learning environment and provides a reliable guarantee for data transmission.

A Quantum-Resistant Identity Authentication and Key Agreement Scheme for UAV Networks Based on Kyber Algorithm

Unmanned aerial vehicles (UAVs) play a critical role in various fields, including logistics, agriculture, and rescue operations. Effective identity authentication and key agreement schemes are vital for UAV networks to combat threats. Current schemes often employ algorithms like elliptic curve cryptography (ECC) and Rivest–Shamir–Adleman (RSA), which are vulnerable to quantum attacks. To address this issue, we propose LIGKYX, a novel scheme combining the quantum-resistant Kyber algorithm with the hash-based message authentication code (HMAC) for enhanced security and efficiency. This scheme enables the mutual authentication between UAVs and ground stations and supports secure session key establishment protocols. Additionally, it facilitates robust authentication and key agreement among UAVs through control stations, addressing the critical challenge of quantum-resistant security in UAV networks. The proposed LIGKYX scheme operates based on the Kyber algorithm and elliptic curve Diffie–Hellman (ECDH) key exchange protocol, employing the HMAC and pre-computation techniques. Furthermore, a formal verification tool validated the security of LIGKYX under the Dolev–Yao threat model. Comparative analyses on security properties, communication overhead, and computational overhead indicate that LIGKYX not only matches or exceeds existing schemes but also uniquely counters quantum attacks effectively, ensuring the security of UAV communication networks with a lower time overhead for authentication and communication.

TOPAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS}$$\\end{document}2-pass key exchange with full perfect forward secrecy and optimal communication complexity

We present Transmission optimal protocol with active security (TOPAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS}$$\\end{document}), the first key agreement protocol with optimal communication complexity (message size and number of rounds) that provides security against fully active adversaries. The size of the protocol messages and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys—even under reflection and key compromise impersonation attacks. What makes TOPAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS}$$\\end{document}stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can actively modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like HMQV\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {HMQV}$$\\end{document}cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto’05). This makes TOPAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS}$$\\end{document}the first key agreement protocol with full security against active attackers that works in prime-order groups while having optimal message size. We also present a variant of our protocol, TOPAS+\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS+}$$\\end{document}, which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase. Finally, we present a third protocol termed FACTAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {FACTAS}$$\\end{document}(for factoring-based protocol with active security) which has the same strong security properties as TOPAS\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS}$$\\end{document}and TOPAS+\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf {TOPAS+}$$\\end{document}but whose security is solely based on the factoring assumption in groups of composite order (except for the proof of full PFS).

Quantum-attack-resilience OTP-based multi-factor mutual authentication and session key agreement scheme for mobile users

Due to rapid advancements in hardware and mobile communication technologies, the usage of various mobile-based online applications is increasing tremendously. However, security and privacy are two of the most essential features of wireless communication. Using a Mutual Authentication and Session Key Agreement (MASK) scheme, an authorized mobile user can login to a remote server over the Internet. In quantum contexts, many of the MASK schemes are not secure. This paper proposes a One-Time Password (OTP) and biometric-based Multi-Factor MASK (OTP-MF-MASK) scheme for mobile users. We used Peikert’s authentication and reconciliation mechanism, defined for the post-quantum environments. The OTP-MF-MASK scheme used a password, mobile device, biometric, and OTP as login credentials. To avoid the biometric acquisition problem, we used the fuzzy extractor in the OTP-MF-MASK scheme. We proved that the OTP-MF-MASK scheme is semantically secure in the Random Oracle Model (ROM) based on the hardness assumption of the Ring Learning With Errors (RLWE) problem. The OTP-MF-MASK scheme is compared with state-of-the-art schemes to justify the attack-resilience and computation efficiencies in quantum environments.

Access to information and public participation: evaluating the implementation of the Aarhus Convention in Europe

ABSTRACT The ‘Aarhus Convention’ – regulating access to environmental information, public participation and justice in environmental decision−making – is a key international agreement with a long history and a considerable number of signatory countries. While implementation has been studied nationally, there is little comparative research at the transnational level. Based on ten criteria, we analysed national implementation reports of the 2014, 2017 and 2021 reporting cycles in terms of how 33 countries in Europe have implemented the access to information and public participation pillars, and identified obstacles they encountered. We also studied similarities and differences supra-nationally. Overall, countries are quite successfully fulfilling the obligations of the two pillars. Most obstacles reported concern four criteria: access to information, information provision, interaction, and trust. Implementation practices have changed little from 2014 to 2021. However, East- and South-European countries report more, and more persistent or repetitive obstacles, compared to Northern and Western European countries. The national democratic context seems to affect the quality of implementation. The Convention’s compliance bodies and national agencies responsible for coordinating the implementation are encouraged to interact more closely, to account for the differences and leverage implementation.

Review on: Public Perception of Biotechnology on Genetically Modified Crops, Bio Policy and Intellectual Property Rights

Public discussion about genetically modified crops is strongly heavily influenced by debates over their risks and benefits. Supporters of biotechnology point to its potential to reduce hunger, prevent malnutrition, treat diseases, and improve overall health and quality of life. However, there is considerable opposition to biotechnology. Some critics argue that it poses risks to human health and the environment, while others oppose it on moral and ethical grounds. The transfer of genes between different species is often criticized as "playing God" or breaking the "Law of Nature." Biosafety on (GM) crops is a rapidly growing field that includes scientific research, ethical issues, and policy and regulatory frameworks to assess and manage risks to human and animal health, including food and feed safety, as well as environmental risks related to modern biotechnology products. Bio-policy refers to the rules, norms, and ethical considerations that govern the development, production, and use of biotechnology products. These policies differ by country and can be influenced by international agreements and organizations. A key international agreement (TRIPS) Agreement, which sets global standards for intellectual property protection. The Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement requires governments to issue patents in technological sectors, including modern biotechnology, to protect innovations in this field. This ensures that biotechnological advancements, including GM crops, are protected under intellectual property laws, aiding their development and commercialization while addressing ethical and safety concerns.

CPAKA: Mutual Authentication and Key Agreement Scheme Based on Conditional PUF in Space-Air-Ground Integrated Network

CPAKA: Mutual Authentication and Key Agreement Scheme Based on Conditional PUF in Space-Air-Ground Integrated Network

A General Authentication and Key Agreement Framework for Industrial Control System

A General Authentication and Key Agreement Framework for Industrial Control System

Corrections to “Efficient Provably-Secure Dynamic ID-Based Authenticated Key Agreement Scheme With Enhanced Security Provision”

Corrections to “Efficient Provably-Secure Dynamic ID-Based Authenticated Key Agreement Scheme With Enhanced Security Provision”