Message Authentication Scheme Research Articles

Hyperelliptic curve signcryption based privacy preserving message authentication and fuzzy TOPSIS-based trust management scheme for fog enabled VANET

Hyperelliptic curve signcryption based privacy preserving message authentication and fuzzy TOPSIS-based trust management scheme for fog enabled VANET

Efficient message authentication scheme with forward and backward security in Vehicle Cloud Network towards sustainable smart city

The Vehicular Cloud Network (VCN) serves as a crucial component of Intelligent Transportation Systems (ITS), playing an instrumental role in the development of sustainable smart cities. It merges the benefits of both Vehicular Ad Hoc Networks (VANET) and cloud computing. However, VCN faces significant security challenges due to the complexity of communication, the dynamic nature of the environment, and the privacy concerns of data. To address the issues of message security and privacy preservation in VCN, this paper introduces an identity-based key-insulated ring signature (ID-KIRS) scheme for VCN message authentication. Our scheme integrates a secure key update function to address key exposure issues, providing both forward and backward security. The security analysis confirms that our scheme ensures message integrity, unconditional anonymity, and unforgeability. The performance evaluation clearly demonstrates our scheme is efficient, and applicable to vehicle congestion situations, especially car accident scenarios.

Lightweight Optimized Message Authentication Scheme for IEC 61850 Sampled Value Messages

Lightweight Optimized Message Authentication Scheme for IEC 61850 Sampled Value Messages

Blockchain-Based Lightweight Message Authentication for Edge-Assisted Cross-Domain Industrial Internet of Things

In edge-assisted cross-domain Industrial Internet of Things (IIoT), blockchain-based authentication is an effective way to build cross-domain trust and secure cross-domain data. However, existing authentication schemes still have serious challenges in terms of efficiency and security. In this paper, we propose a blockchain-based lightweight message authentication scheme. First, to address efficiency challenges, we build a blockchain-enabled edge-assisted lightweight authentication framework. This framework uses edge servers to assist smart devices in achieving cross-domain authentication and effectively reduce redundant interactions between entities. Second, to resolve the security challenges, we design a lightweight message authentication algorithm for cross-domain IIoT. The algorithm guarantees message security with low computational overhead and is suitable for multi-receiver cross-domain IIoT. The security proof and analysis demonstrate that the proposed scheme is secure under the random oracle model and can resist various attacks. The performance evaluation shows that our proposed scheme is superior in terms of computation and communication overhead when compared with other related schemes.

Efficient Authentication Steps for Vehicle Transmission in Ad-Hoc Networks

Vehicular ad-hoc networks (VANETs) are underactive development, thanks in part to recent advances in wireless communication and networking technologies. The most fundamental part of VANET is to enable message authentications between vehicles and roadside units. Message authentication using proxy vehicles has been proposed to reduce the computational overhead of roadside units significantly. In this message authentication scheme, a proxy vehicle that verifies multiple messages at the same time improves roadside units’ efficiency. In this paper first, we show that the only proxy-based authentication scheme (PBAS) presented for this goal by Liu et al. cannot guarantee message authenticity and also it is not resistant to impersonation and modification attacks and false acceptance of batched invalid signatures. Next, we propose a new identity-based message authentication scheme using proxy vehicles (ID-MAP). Then guarantee that it can satisfy the message authentication requirements, existential unforgeability of underlying signatures against adaptability chosen message, and identity attack is proved under the Elliptic Curve discrete logarithm problem (ECDLP) in the random oracle model. It should be highlighted that ID MAP not only is more efficient than PBAS since it is pairing-free and identity based and also it does not use map-to-point hash functions, also, it satisfies the security and privacy requirements of VANETs. Furthermore, analysis shows that the required time to verify 3000 messages in ID-MAP is reduced by 76% compared to that PBAS.

Improved RSA dynamic cryptographic accumulator-based anonymous batch authentication scheme for Internet of Vehicles

The Internet of Vehicles (IoV) provides various services to vehicles through information sharing to ensure road safety and improve traffic efficiency. However, malicious attackers can challenge the privacy and security systems of the IoV by conducting security attacks. Currently, many schemes use bilinear pairing or elliptic curves to construct authentication systems, ensuring anonymity of vehicle identities and message security. However, these schemes suffer drawbacks such as low computational efficiency and high communication overhead in highly dynamic IoV. Therefore, we propose a new efficient certificateless message authentication scheme. The proposed scheme constructs a lightweight security authentication protocol by improving the RSA dynamic accumulator and combining it with non-interactive discrete logarithm zero-knowledge proofs. In addition, our scheme eliminates the need for bilinear pairing operations, thereby reducing computational overhead. Simultaneously, it enables real-time tracking and revocation of malicious vehicle identities. Security analysis shows that our scheme can be reduced to a secure S-RSA assumption under the random oracle model, meeting various security requirements of the IoV. Performance analysis shows that our scheme diminishes not only the computational overhead but also the communication overhead.

A distributed message authentication scheme with reputation mechanism for Internet of Vehicles

Real-time and interactive traffic information sharing systems are crucial in the Internet of Vehicles (IoV) as they enable vehicles to make informed decisions, thereby improving the efficiency of intelligent transportation systems (ITS). Message authentication ensures the accuracy, integrity, and tamper-resistance of information in IoV. Existing schemes aim to achieve time-critical message authentication. However, these schemes are time-consuming and cannot meet the real-time requirements of IoV. Additionally, there are issues with latency in data synchronization and data redundancy when vehicles traverse different domains. We propose an efficient, distributed, and resistant-to-malicious-attacks authentication scheme based on the reputation mechanism. Our scheme supports batch verification, enabling fast authentication. By leveraging the decentralized and ledger-synchronized features of blockchain, our distributed scheme reduces data redundancy. We also employ a reputation mechanism to ensure reliable reports in IoVs. We experimentally confirm that our scheme outperforms EADA (59.73%), RCoM (76.35%), MLGSDT (63.36%), and TRAJ (82.08%). This approach provides a secure and reliable solution for report authentication.

Analysis of False Data Injection Attacks Against Automated Control for Parallel Generators in IEC 61850-Based Smart Grid Systems

With the introduction of advanced monitoring and communication technologies, the legacy power system is evolving toward fully digitalized smart grid. The IEC 61850 standards have emerged as popular standards for automation of the power grid systems. However, modernization of the power grid has an unintended consequence of increased vulnerability to cyber-attacks. Among the emerging cyber threats, in this article we focus on false data injection attacks against generators in IEC 61850 compliant systems since this subject is not yet intensively studied in literature. We conduct the study on attack vectors against automated control logic for parallel generators and their feasibility, and conduct simulation experiments to demonstrate the attack impact. Based on the identified attack vectors, we further propose an efficient message authentication scheme. We investigate real-world control logic taken from the state-of-the-art smart grid test-bed for enumerating attack vectors. We further create virtual test-bed that is fully compliant to IEC 61850 standards for simulation study. The proposed message authentication schemes are implemented and intensively evaluated to demonstrate advantages over the other schemes. While effectively countering the identified attack vectors, the proposed message authentication scheme improves the latency by 16% compared to the scheme recommended in IEC 62351 standards.

DPB-MA: Low-Latency Message Authentication Scheme Based on Distributed Verification and Priority in Vehicular Ad Hoc Network

Vehicular ad hoc networks (VANETs) serve as crucial means to ensure safe transportation systems and enhance driving convenience. Ensuring authentication between vehicles and units is the most essential line of defense for VANETs systems. Various schemes of message authentication are put forward to realize safe communication in VANETs. However, these schemes mainly pay attention to privacy and security issues, and are not fit for high-density traffic environments where many messages should be verified by a roadside unit (RSU). At present, achieving the low-latency authentication under the security and privacy of messages remains a critical requirement and challenge. For addressing this problem, this study puts forward a novel low-latency message authentication scheme based on the distributed authentication and message priority (DPB-MA), which can minimize message verification latency through cooperation between the RSU and cooperative vehicles (CVs). In addition, a message priority strategy has been designed to ensure that urgent messages are preferentially verified. According to the security proof with tight reduction, the DPB-MA is existentially unforgeable against adaptive chosen message attack (EU-CMA) in the random oracle model (ROM). Furthermore, our DPB-MA achieves full message aggregation, which also greatly optimizes the communication overhead and authentication efficiency. Performance analysis indicates that our scheme works well in high-density traffic scenarios and is more suitable for securing emergency messages with ultra-low latency requirements.

Efficient Batch Authentication Scheme Based on Edge Computing in IIoT

In the industrial Internet of Things (IIoT) environment (e.g., a smart factory), smart devices with limited computing power can bring large amounts of privacy-sensitive data into insecure networks when they interact. If a network attacker intercepts and tampers with this data, it may cause chaos in production and even paralyze the entire IIoT system. Therefore, to ensure the regular operation of intelligent production, data receivers must authenticate the data before using them. However, existing message authentication schemes in the IIoT environment authenticate each message individually, which creates many redundant operations. Hence, to ensure data security among smart devices and reduce the computational overhead of data processing, we propose a batch authentication scheme based on edge computing in IIoT. Specifically, we design a lightweight batch authentication algorithm and use edge servers to assist smart devices in authenticating data, thus reducing the computational burden on smart devices and improving the efficiency of message authentication. The security analysis shows that the proposed scheme is secure in the random oracle model and meets the series of security requirements of the IIoT. In addition, we illustrate the efficiency of the scheme through experiments.

A lightweight encryption and message authentication framework for wireless communication

Confidentiality and authentication are two important security properties of wireless communication. There are currently two types of research in wireless communication security: one is based on cryptography, which can be too complicated for some wireless systems; the other is based on physical layer characteristics, which has some security problems and cannot work as well as the cryptography-based method. In this paper, a lightweight encryption and message authentication framework for wireless communication is proposed. The proposed framework has lower complexity than the cryptography-based method and works more securely and efficiently than the classical physical layer method. For the encryption, a physical layer offered chain key (PHYLOCK) structure is proposed to generate one-time keys, which are then XOR-ed with the plaintext to generate the ciphertext. A security analysis of PHYLOCK is performed and it is proved that it has better security features than the traditional physical layer key generation. For the message authentication, three types of PHYLOCK-CRC-based message authentication schemes are developed whose generator polynomial is determined by one-time keys generated by PHYLOCK. PHYLOCK-CRC-based message authentication detects not only random errors introduced by noises but also malicious attacks. The error-detecting and anti-attack capabilities are analyzed mathematically. Compared to the standard CRC, PHYLOCK-CRC-based message authentication has a decline in error correction capability but is enhanced with cryptographic security features. Monte-Carlo simulations are provided to evaluate the proposed scheme.

Phase-Assisted Dynamic Tag-Embedding Message Authentication for IoT Networks

Security is a critical issue in Internet of Things (IoT) networks and it has been under investigation by researchers worldwide. Different from other wireless networks, IoT networks suffer from conventional security mechanisms due to complexity and resource consumption which cannot be tolerated in IoT networks. Among the recently proposed security schemes for IoT networks is the tag-embedding message authentication scheme in which a tag is embedded to the modulated message and concurrently sent over the same channel. Although it has avoided significant resource expenditure, its performance still requires improvement especially in terms of immunity against nearby eavesdroppers. In this article, a novel scheme is proposed that is able to enhance the authentication rate and the tag confidentiality without inducing any extra requirements. The proposed scheme implies performing tag puncturing at the transmitter side where only a part of the tag is embedded to the message based on the instantaneous channel phase. The performance of the proposed scheme is mathematically analyzed where the authentication failure probability is derived in closed-form expression, and compared to the conventional tag-embedding scheme.

An efficient reusable attribute-based signature scheme for mobile services with multi access policies in fog computing

Fog computing is an emergent computing paradigm that supports the mobility and geographic distribution of Internet of Things (IoT) nodes and delivers context-aware applications with low latency to end-users. In fog computing, the critical obstacle restricting widespread deployment is security and privacy, especially how to build a lightweight fine-grained message authentication scheme in fog computing. In this paper, we first propose and give the formalization definition to a new variant of the attribute-based signature primitive (ABS), which we called Verifier-Policy Attribute-based Signature (VP-ABS). Distinct from the traditional ABS, in our VP-ABS primitive, the signature generated by the signer is decoupled with the access policy, which means the signer can generate a signature associated with some of his own attributes. Therefore, our VP-ABS can be reusable for multiple access policies. Then we also give a concrete VP-ABS construction over Type-3 pairing under Linear Secret Sharing Scheme (LSSS) policy which supports both AND and OR access gates. In addition, we rigorously prove our VP-ABS scheme is existentially unforgeable in the selective policy model under the adaptive chosen message attack (sP-EUF-CMA). Next, we give the feature comparison and theoretical analysis to our VP-ABS scheme as well as some other representative attribute authentication schemes to show the comprehensiveness of our scheme. To prove the correctness of the theoretical analysis and test the actual performance, we also do simulation experiments. Finally, we use our VP-ABS scheme to build an attribute-based fine-grained message authentication scheme for fog nodes in mobile microservices architecture with multiple access policies.

Secure and Efficient Message Authentication Scheme for 6G-Enabled VANETs

In 6G-enabled vehicle ad hoc networks (VANETs), the messages transmitted through wireless communication face security problems such as tampering and disclosure. In this paper, to ensure the security of transmitted messages and the privacy of vehicle users, we propose an anonymous and secure message authentication (ASMA) scheme. The ASMA scheme can realize message verification and conditional privacy preservation with a lower computation overhead, and its security does not depend on a tamper-proof device (TPD). As the numbers of vehicles and applications increase in 6G-enabled VANETs, the number of messages in the network increases greatly. One-by-one verification messages in the ASMA scheme cannot meet the strict low-latency requirements. To improve the efficiency of the ASMA scheme, we investigate a proxy-vehicle-assisted batch message authentication (PVBA) scheme. In the scheme, a proxy vehicle selection algorithm is designed to choose a certain number of proxy vehicles, and the message verification tasks are completed by a roadside unit (RSU) and the proxy vehicles synchronously. Performance analysis shows that in the case of large-scale messages, the PVBA scheme has lower verification delay than related schemes, and the verification efficiency is greatly improved.

Algorithm substitution attacks against receivers

This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties. Our work provides a unified framework that applies to any scheme where a secret key is held by the receiver; in particular, message authentication schemes (MACs), authenticated encryption (AEAD) and public key encryption (PKE). Our unified framework brings together prior work targeting MAC schemes (FSE’19) and AEAD schemes (IMACC’19); we extend prior work by showing that public key encryption may also be targeted. ASAs were initially introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance, as a novel attack class against the confidentiality of encryption schemes. Such an attack replaces one or more of the regular scheme algorithms with a subverted version that aims to reveal information to an adversary (engaged in mass surveillance), while remaining undetected by users. Previous work looking at ASAs against encryption schemes can be divided into two groups. ASAs against PKE schemes target key generation by creating subverted public keys that allow an adversary to recover the secret key. ASAs against symmetric encryption target the encryption algorithm and leak information through a subliminal channel in the ciphertexts. We present a new class of attack that targets the decryption algorithm of an encryption scheme for symmetric encryption and public key encryption, or the verification algorithm for an authentication scheme. We present a generic framework for subverting a cryptographic scheme between a sender and receiver, and show how a decryption oracle allows a subverter to create a subliminal channel which can be used to leak secret keys. We then show that the generic framework can be applied to authenticated encryption with associated data, message authentication schemes, public key encryption and KEM/DEM constructions. We consider practical considerations and specific conditions that apply for particular schemes, strengthening the generic approach. Furthermore, we show how the hybrid subversion of key generation and decryption algorithms can be used to amplify the effectiveness of our decryption attack. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.

A Low-Overhead Message Authentication and Secure Message Dissemination Scheme for VANETs

Given the enormous interest shown by customers as well as industry in autonomous vehicles, the concept of Internet of Vehicles (IoV) has evolved from Vehicular Ad hoc NETworks (VANETs). VANETs are likely to play an important role in Intelligent Transportation Systems (ITS). VANETs based on fixed infrastructures, called Road Side Units (RSUs), have been extensively studied. Efficient, authenticated message dissemination in VANETs is important for the timely delivery of authentic messages to vehicles in appropriate regions in the VANET. Many of the approaches proposed in the literature use RSUs to collect events (such as accidents, weather conditions, etc.) observed by vehicles in its region, authenticate them, and disseminate them to vehicles in appropriate regions. However, as the number of messages received by RSUs increases in the network, the computation and communication overhead for RSUs related to message authentication and dissemination also increases. We address this issue and propose a low-overhead message authentication and dissemination scheme in this paper. We compare the overhead, related to authentication and message dissemination, of our approach with an existing approach and also present an analysis of privacy and security implications of our approach.

On Message Authentication Channel Capacity Over a Wiretap Channel

In this paper, a novel message authentication model using the same key over wiretap channel is proposed to achieve <i>information-theoretic security</i>. Specifically, in the proposed model, there is a discrete memoryless channel <i>W</i>₁ : <i>X</i> &#x2192;<i>Y</i> between transmitter Alice and receiver Bob, while an attacker Oscar is connected with Alice via discrete memoryless channel <i>W</i>₂ :<i>X</i>&#x2192;<i>Z</i>. Alice encodes message <i>M</i> to codeword (<i>S</i>,<i>Xⁿ</i>), using an encoding function with secret key <i>K</i>. Then, <i>S</i> is sent to Bob over a one-way noiseless channel (fully controlled by Oscar), and <i>Xⁿ</i> is sent over the wiretap channel, say <i>X</i>&#x2192;(<i>Y</i>,<i>Z</i>). Building on this model, a new message authentication scheme is proposed. The scheme incorporates a secure channel coding, which uses random coding techniques to detect man-in-the-middle (MITM) attacks. The authentication channel capacity is studied in a specific channel model when <i>W</i>₂ is not less noisy than <i>W</i>₁. We theoretically demonstrate that the authentication channel capacity is much larger than the secrecy capacity, since Bob does not need to recover information transmitted over the noisy channel.

Mapping Bit to Symbol Unpredictability with Application to Galileo Open Service Navigation Message Authentication

<h3>Abstract</h3> This paper investigates the distribution of unpredictable symbols in the open service navigation message authentication (OSNMA) scheme, which introduces cryptographic elements into the Galileo I/NAV message. Prior work has described the forward estimation attack (FEA; Curran &amp; O’Driscoll, 2016), that takes advantage of the forward error correction (FEC) employed by the Galileo E1 OS to ensure that a spoofed receiver correctly decodes the I/NAV message, even if it has been generated with errors in some symbols. In order to defend against such an attack, the receiver can re-encode the navigation message into symbols and compare the symbol error rates for those symbols that are predictable and those that are not. In order to perform this, it is first necessary to know which symbols are unpredictable. This paper presents in detail how this can be achieved, including the impact of the cyclic redundancy check (CRC) on symbol unpredictability.

ALI: Anonymous Lightweight Inter-Vehicle Broadcast Authentication with Encryption

Wireless broadcast transmission enables Inter-vehicle or Vehicle-to-Vehicle (V2V) communication among nearby vehicles. This communication supports latency-critical applications for improved safety and maybe optimized traffic. However, V2V communication is vulnerable to cyber attacks involving message manipulation. Mechanisms are required to ensure both authenticity and integrity of broadcast data, while maintaining drivers privacy against surveillance. Considering the limited computational resources of vehicles and the possibility of high traffic density scenarios, authentication processes should have low computational overhead. Prior research has produced multiple authentication protocol proposals based on digital signatures, hash functions, or Message Authentication Codes (MACs). To date, there is no computationally efficient secure broadcast authentication scheme tolerable by the vehicles resource-constrained On-Board Units (OBUs) for latency-critical applications in heavy traffic conditions. This paper provides a new secure, efficient, and privacy-preserving scheme proposing Anonymous Lightweight Inter-vehicle (ALI) broadcast authentication with encryption. ALI provides a high level of anonymity by combining a message authentication scheme with beacon encryption. The cryptographic overhead for V2V communication in the ALI scheme is only 149 bytes, and can handle authentication of approximately 700 broadcast messages every 100 milliseconds. This demonstrates the suitability of the ALI scheme in heavy traffic scenarios. We show the security and efficiency of our proposal by conducting security proof and performance analysis.

En-Route Message Authentication Scheme for Filtering False Data in WSNs

In wireless sensor networks, the adversary can easily control the compromised nodes to inject false data reports. En-route filtering is an effective mechanism to resist such attacks, where the forwarding nodes of the reports can identify and drop the false reports. However, the existing en-route filtering strategies are vulnerable to report disruption attacks and selective forwarding attacks, and the probabilities and efficiencies of en-route filtering false reports are low. To address these problems, a precheck mechanism performed by the CoS (Center-of-Stimulus) node is presented to resist report disruption attacks, a report forwarding strategy with balancing the residual energy of the nodes is designed to resist selective forwarding attacks, and an en-route message authentication scheme (EMAS) based on monitoring and reporting mechanism is proposed to resist false data injection attacks. The theoretical analysis and simulation results show that in most cases, EMAS provides a higher security level and higher en-route filtering probability and efficiency and is very efficient in energy saving.