Pair Of Operators Research Articles

Efficient and Strong Symmetric Password Authenticated Key Exchange With Identity Privacy for IoT

Password authenticated key exchange (PAKE) allows two parties with a shared password to establish a session key. In order to provide secure and private communication between devices in an Internet of Things (IoT) environment, the PAKE protocol is considered one of the most common and promising security methods. However, many existing PAKE proposals still face challenges in security and efficiency. First, both the terminals of participants may suffer from the compromise attack and precomputation attack, which will lead to the leakage of password. Second, the majority of the existing schemes cannot guarantee participants’ identity privacy. Third, most PAKE protocols are not suitable for IoT devices with limited computing capability because of a large number of exponential and pairing operations. To address these issues, we propose a strong symmetric PAKE protocol for IoT devices, which only requires 3 exponentiations per party. The proposed scheme can protect both parties from compromise and precomputation attacks, in which the password file relies on the identity and random salt. What’s more, our protocol guarantees the identity privacy, that is, the transmitted record and password file will not reveal the identity information. We further present a new security model for our protocol, and prove that the proposed scheme is secure under this model. Finally, we show the practicality of our PAKE via experiments and efficiency analysis.

EB-CSPA: efficient blockchain-based certificateless short signature public auditing scheme for cloud-based cyber-physical systems

With the widespread of digital information and advanced internet technologies, cyber-physical systems (CPS) generate numerous data. Due to the limited storage and computing capacity, CPS devices outsource data to cloud servers. When the data is outsourced to cloud servers, users lose control of their data. Several traditional and blockchain auditing schemes were proposed to verify the integrity of the data. Unfortunately, these existing schemes suffer from key escrow problem, and they are unsuitable for CPS devices as they involve substantial computation costs. This paper proposes an efficient blockchain-based certificateless short signature public auditing scheme for cloud-based CPSs, which uses blockchain technology to verify the integrity of the data. Further, our scheme requires only one pairing operation and two hash functions in the verification process. The performance analysis demonstrates that the proposed scheme outperforms and satisfies low-bandwidth device requirements.

Chebyshev Polynomial-Based Fog Computing Scheme Supporting Pseudonym Revocation for 5G-Enabled Vehicular Networks

The privacy and security of the information exchanged between automobiles in 5G-enabled vehicular networks is at risk. Several academics have offered a solution to these problems in the form of an authentication technique that uses an elliptic curve or bilinear pair to sign messages and verify the signature. The problem is that these tasks are lengthy and difficult to execute effectively. Further, the needs for revoking a pseudonym in a vehicular network are not met by these approaches. Thus, this research offers a fog computing strategy for 5G-enabled automotive networks that is based on the Chebyshev polynomial and allows for the revocation of pseudonyms. Our solution eliminates the threat of an insider attack by making use of fog computing. In particular, the fog server does not renew the signature key when the validity period of a pseudonym-ID is about to end. In addition to meeting privacy and security requirements, our proposal is also resistant to a wide range of potential security breaches. Finally, the Chebyshev polynomial is used in our work to sign the message and verify the signature, resulting in a greater performance cost efficiency than would otherwise be possible if an elliptic curve or bilinear pair operation had been employed.

A blockchain-based signature exchange protocol for metaverse

Electronic Commodity Trading has a pivotal role in our economic activities. In the literature, there is a classic problem called “Fair Exchange” which is fundamental to electronic commodity trading. It means the participants can receive the exchange item of the counterparty as they have agreed on before. Since the ownership of items online is often authorized by digital signatures, we focus on the problem of the fair exchange of digital signatures in this paper. As the concept of the Metaverse becomes popular recently, what we are concerned about is how the fair exchange will evolve in a metaverse. It is said that the metaverse is a vision of how the next generation of the internet will operate and the research for the fair exchange problem in it is essential for a wide range of applications like trading a (Non-fungible-token) NFT. Many cryptographic fair exchange protocols are proposed to deal with such a problem. However, most of them should rely on a Trusted Third Party (TTP) and the security is restricted by the TTP. The way the metaverse will work is still being defined. But it will probably provide users with a decentralized environment and a fair exchange protocol relying on a TTP seems unsuitable for it. Recently, researchers present some blockchain-based fair exchange protocols to get rid of or reduce the power of a TTP. But these blockchain-based protocols face new challenges. Firstly, cryptography pairing operations are often contained in such a TTP-free protocol and cost too much for the blockchain. Secondly, the player may hang for an unacceptably long time of the latency of the blockchain network. Thirdly, it is difficult to protect the privacy of the signatures while making the whole protocol verifiable at the same time. To bridge these research gaps, this paper presents a novel signature exchange protocol called DFSE which is decentralized, verifiable, efficient and autonomous. To give a real-world evaluation, we perform the experiment on the live test network of Ethereum and the results show that our protocol is feasible.

Secure Identity-Based Designated Verifier Anonymous Aggregate Signature Scheme Suitable for Smart Grids

Safe and efficient collection of users’ electronic consumption data is a basic function of the smart grid. Anonymous aggregate signature is a fine option to realize this feature, which can not only reduce the computing cost of the data center (DC) but also protect the user’s identity information from leaking. The security proofs of all known identity-based aggregate signature (IBAS) schemes were completed in the random oracle model (ROM). Regrettably, these schemes are not necessarily secure in real life. In this article, we first propose the system model and security demands of an identity-based designated verifier anonymous aggregate signature (IB-DVAAS) scheme for smart grids. We then come up with a concrete scheme, only the designated DC can check the validity of an aggregate signature, but it cannot recognize the real identity of the signers. Next, we display the security proofs in the standard model. Finally, we conduct an analysis on performance for six aggregate signature schemes. Only three pairing operations are required and hash-to-point operations are not used, the calculation cost of the new scheme is lower than that of other schemes.

Secure and Lightweight Data Aggregation Scheme for Anonymous Multi-Receivers in WBAN

Wireless body area networks (WBANs) provide healthcare providers with early warning of medical emergencies by monitoring vital parameters of a patient's body with wearable devices embedded with biosensors. However, the resource-constrained nature of WBAN devices makes the data collected from them vulnerable to internal and external attacks during transmission. By aggregating medical data, data aggregation technology is used to conduct statistical analysis of the data and achieve confidentiality of patient information, which can help doctors make the correct diagnosis and assist medical insurance companies choose the right insurance for patients. However, the existing data aggregation schemes are inefficient or prone to potential safety risks to patients due to their high computational intensity and known identity of recipients. To address it, we propose a privacy-preserving health data aggregation scheme in the multi-receiver setting, which not only securely collects health data from IoT wearable devices but also supports the anonymity of multiple receivers while avoiding time-consuming pairing operations. Since the patient's health data and the recipient's identities are transmitted in cipher-text, it effectively prevents data leakage and achieves privacy protection of identity information among recipients. Compared with several existing schemes, the proposed scheme not only achieves anonymity of the collected data and the receivers' identities,but also makes it lightweight. Furthermore, experimental results demonstrate that the proposed scheme is cost-efficient in an all-around performance.

Multiauthority CP-ABE-based Access Control Model for IoT-enabled Healthcare Infrastructure

The exponential growth of the Internet of Things (IoT) technologies requires high data security. Here, data security is very critical as all IoT devices transfer data over the Internet. The fine-grained access control provided by the ciphertext policy attribute-based encryption (CP-ABE) technique can be considered as a potential solution to this issue. However, most of the CP-ABE schemes use bilinear pairing operations for its internal working, which is expensive for any resource constraint device. An elliptic curve cryptography (ECC) based CP-ABE scheme can be well suited for resource constraint IoT framework because ECC takes less computational time. This article proposes a novel CP-ABE technique based on ECC to achieve fine-grained access control over data or resources. The proposed technique includes multiple attribute authorities to manage attributes and key generation, which can reduce the work overhead of having a single authority in traditional CP-ABE systems. In addition, the proposed scheme outsources the decryption process to a user assistant entity to reduce the decryption overhead of the end-users. To prove the efficiency of the proposed scheme, both formal security analysis and performance comparisons are presented in this article. The result and findings prove the effectiveness of the proposed scheme over some well-known schemes.

Proxy Re-encryption Scheme based on the Timed-release in Edge Computing

With the growth of Industrial Internet, various types of data show explosive growth. Data is being moved from the cloud to the edge for computing more frequently and edge computing becomes an important factor affecting the deep application of Industrial Internet platforms. However, the security issue of data transmission sharing is not addressed. Therefore, this paper proposes a security scheme based on timed-release, multi-dimensional virtual permutation, and proxy re-encryption(PRE), to protect the confidentiality of the data during the transmitter; symmetric cryptography is employed to encrypt the transmission data. At the same time, a time server is used, making it impossible for data receivers to get the information about the data before the specified time arrives, it solves the application scenario of data transmission and sharing with timed-release requirements and the efficiency of a large number of data is solved, and the security of data is improved. Finally, the security of the scheme was proved theoretically. Compared to existing PRE schemes, this scheme adds timed-release controlled access, has resistance to ciphertext attacks and end-to-end security features, and uses fewer bilinear pair operations in the algorithm. The performance was tested experimentally and the results show that the scheme improves efficiency while ensuring security and has significant advantages in terms of data security and private data protection.

Secure Edge Computing-Assisted Video Reporting Service in 5G-Enabled Vehicular Networks

Since traffic accidents occur frequently, a real-time video traffic reporting service is necessary in vehicular networks for a prompt response to accidents. Although the fifth-generation (5G) network provides a solution for real-time services in vehicular networks, the security and privacy of the services needs to be addressed first. The existing secure video reporting service schemes in 5G-enabled vehicular networks have significant computing, communication, and storage overheads, because of public key certificates, expensive bilinear pairing operations, and repeated video reporting to the cloud. To address these issues, we propose a secure edge computing-assisted video reporting service in 5G-enabled vehicular networks. In the proposed method, edge nodes complete the message verification and classification. Moreover, these nodes send the first received report message of the same accident to the designated official vehicles to realizes a local upload and download of video reports and to minimize the storage of repeated accident reports in the cloud. Security analysis indicates the proposed scheme is secure under the random oracle model and meets a series of vehicular networks requirements. In addition, performance evaluations show that the scheme achieves lower authentication overhead than existing signature schemes, and has lower total delay than other relevant video reporting service schemes.

Імітаційне моделювання процесу зношування тонкого покриття пружної півплощини штампами канонічної форми

In the article, using mathematical modeling methods, the contact inter-action of rigid bodies (stamps) of canonical form with an elastic half-plane protected by a Winkler coating is investigated, taking into account the wear of the intermediate layer.Under the conditions of a flat problem of the theory of elasticity basedon the abrasive wear model, which is expressed through a linear relation-ship between the intensity of wear and the work of friction forces, the main integro-differential equation of the problem for determining the contact pressure between the stamp and the coating is constructed.A technique for solving an integro-differential equation using Cheby-shov polynomials has been developed, which reduces the problem to an in-finite system of linear algebraic equations. A time-stepping algorithm was proposed for solving the equation. According to the algorithm, the working time of the friction pair with wear is divided into small time segments and the assumption is made that the contact area and contact pressure are con-stant at each time interval.When constructing graphs of contact pressure at different fixed mo-ments of time for the variable area of wear (contact), which, according to the assumption, is constant at each fixed step of the breakdown of the time of operation of the friction pair, an algorithm was used to reduce the ob-tained numerical data to one coordinate system, taking into account the proportionality of the ratio of the current area of the contact at the corre-sponding moment of time to the initial contact area at the moment of time equal to zero (problem without wear).The selection and analysis of contact pairs with various physical and mechanical parameters that would satisfy the selected mathematical model were carried out. For the dimensionless quantities described in the work, reverse calculations were carried out with the transition to dimensional quantities.For two different pairs of materials, based on the given force applied to the stamp, the corresponding initial contact area and the wear area were numerically calculated by the semi-inverse method at the given time inter-vals of the friction pair's operation. The characteristics of wear of the coat-ing for four canonical forms of stamps were studied and analyzed

Efficient Attribute Based Server-Aided Verification Signature

Attribute based signature (ABS) is a novel cryptographic primitive, which permits users to sign a message over attributes without revealing other information. A signature only reveals that it is signed by a signer whose some attributes meet an access policy. However, some ABS schemes only support the threshold access policy, where the signing algorithms are limited by the threshold. The threshold access policy can not express precise access control well. In addition, the computation cost of the verification algorithm is heavy since pairing operations are required. Pairing is costly operation comparing to exponentiation. Therefore, existing ABS schemes are not suitable to resource-limited devices, such as RFID tags and smart cards. In order to solve the issues above, we present a novel ABS scheme by using the attribute tree as access policy that expresses flexible access control. We utilize server-aid technique to help the verifier to verify signatures and reduce the computation burden. Our scheme is proved secure against unforgeable and anonymous under chosen-policy selective-message attack in the standard model. Compared with existing schemes, our scheme is more efficient in terms of private key generation and verification. The proposed scheme reduces users’ calculation burden and expresses more flexible access policy.

Decentralized multi-client functional encryption for set intersection with improved efficiency

Functional encryption (FE) is a new paradigm of public key encryption that can control the exposed information of plaintexts by supporting computation on encrypted data. In this paper, we propose efficient multi-client FE (MCFE) schemes that compute the set intersection of ciphertexts generated by two clients. First, we propose an MCFE scheme that calculates the set intersection cardinality (MCFE-SIC) and prove its static security under dynamic assumptions. Next, we extend our MCFE-SIC scheme to an MCFE scheme for set intersection (MCFE-SI) and prove its static security under dynamic assumptions. The decryption algorithm of our MCFE-SI scheme is more efficient than the existing MCFE-SI scheme because it requires fewer pairing operations to calculate the intersection of two clients. Finally, we propose a decentralized MCFE scheme for set intersection (DMCFE-SI) that decentralizes the generation of function keys. Our MCFE schemes can be effectively applied to a privacy-preserving contact tracing system to prevent the spread of recent infectious diseases.

Lax pair formulation for the open boundary Osp(1∣2) spin chain

Based on the Lax pair formulation, we study the integrable conditions of the Osp(1∣2) spin chain with open boundaries. We consider both the non-graded and graded versions of the Osp(1∣2) chain. The Lax pair operators M ± for the boundaries can be induced by the Lax operator M j for the bulk of the system. They correspond to the reflection equations (RE) and the Yang–Baxter equation, respectively. We further calculate the boundary K-matrices for both the non-graded and graded versions of the model with open boundaries. The double row monodromy matrix and transfer matrix of the spin chain have also been constructed. The K-matrices obtained from the Lax pair formulation are consistent with those from Sklyanin’s RE. This construction is another way to prove the quantum integrability of the Osp(1∣2) chain. We find that the Lax pair formulation has advantages in dealing with the boundary terms of the supersymmetric model.

Lightweight and Secure IoT-Based Payment Protocols from an Identity-Based Signature Scheme

After the great success of mobile wallets, the Internet of Things (IoT) leaves the door wide open for consumers to use their connected devices to access their bank accounts and perform routine banking activities from anywhere, anytime, and with any device. However, consumers need to feel safe when interacting with IoT-based payment systems, and their personal information should be protected as much as possible. Unlike what is usually found in the literature, in this paper, we introduce two lightweight and secure IoT-based payment protocols based on an identity-based signature scheme. We adopt a server-aided verification technique to construct the first scheme. This technique allows to outsource the heavy computation overhead on the sensor node to a cloud server while maintaining the user’s privacy. The second scheme is built upon a pairing-free ECC-based security protocol to avoid the heavy computational complexity of bilinear pairing operations. The security reduction results of both schemes are held in the Random Oracle Model (ROM) under the discrete logarithm and computational Diffie–Hellman assumptions. Finally, we experimentally compare the proposed schemes against each other and against the original scheme on the most commonly used IoT devices: a smartphone, a smartwatch, and the embedded device Raspberry Pi. Compared with existing schemes, our proposed schemes achieve significant efficiency in terms of communication, computational and storage overheads.

BPRT: A blockchain‐based privacy‐preserving transaction scheme based on an efficient broadcast encryption with personalized messages

AbstractAs blockchain has drawn more and more attention, much research has developed different transaction schemes with privacy preserving specialized in various fields. The nature of blockchain makes the transaction information public, which presents much risk about the leakage of user privacy. It is quite necessary to design a flexible scheme to provide privacy preserving of transaction contents with reliable audit in blockchain that is lacked in the previous works. In this paper, we propose a blockchain‐based privacy‐preserving transaction scheme based on an efficient broadcast encryption with personalized messages called BPRT. First, we propose a fully anonymous broadcast encryption with personalized messages (BEPM). Compared with existing works, it is fully anonymous, and it has lower computation cost without pairing operations. It also avoids the key escrow problem existing in other BEPM schemes. Then, we construct the BPRT based on our BEPM. Our BPRT ensures the privacy preserving of transaction contents in group transmissions, and the encrypted transaction contents avoid exposing user identity information at the same time. It enables auditor to moderately and reliably make audit of transaction contents. Furthermore, we present formal security analysis of the proposed scheme. It has been proved that our scheme satisfies transaction confidentiality, receiver anonymity and audit reliability. Subsequently, experimental results indicate that the proposed BEPM enables fast encryption and decryption, and the computation of our BPRT is in milliseconds.

An efficient conditional privacy-preserving authentication scheme with scalable revocation for VANETs

In Vehicular Ad Hoc Networks (VANETs), secure information sharing between vehicles is critical for improving traffic efficiency and driving safety. However, existing identity-based communication protocols for VANETs face problems of over-reliance on ideal Tamper-Proof Devices (TPDs) and the efficiency of verifying multiple messages in areas of high traffic density. Besides, many existing authentication schemes suffer from the heavy workload of revoking malicious vehicles when they misbehave. For addressing these problems, we propose an efficient Identity-Based conditional privacy-preserving authentication protocol, which does not rely on the ideal TPD. In our scheme, the System Secret Key (SSK) is not directly preloaded with the TPD, thus avoiding a system crash when a vehicle is corrupted. To revoke malicious vehicles’ identity, we propose an efficient key updating method based on Shamir’s secret sharing algorithm, which improves key-update efficiency from linear to logarithmic in the number of unrevoked vehicles. Moreover, our scheme is based on Elliptic Curves Cryptosystem and avoids bilinear pairing operation while supporting batch verification, enabling faster verification even when the number of signatures is increasing. According to the results of exhaustive comparative analysis, our proposed scheme is secure against key leakage attack and efficient in overhead of computation and communication compared to related schemes.

Pairing-free certificateless blind signature scheme for smart grid

The smart grid is an emerging power system that can realize the information exchange between users and power companies in two-way communication and adjust power companies’ power supply according to the real-time power requests from smart meters on the users’ side. However, since malicious attackers can eavesdrop on two-way communication to collect and transmit information, they may leak users’ information. Therefore, this paper proposes a new certificateless blind signature (CLBS) scheme with batch verification function and improves a power request system model for the smart grid to protect users’ privacy. In addition, the proposed CLBS scheme simplifies the certificate management process in the traditional public key cryptosystem and eliminates the hidden key escrow in the identity-based public key cryptosystem. The unforgeability of the scheme is proved through the random oracle model, and the scheme’s security can be reduced to the intractability of the elliptic curve discrete logarithm problem (ECDLP). The analysis results show that our scheme does not use the time-consuming bilinear pairing operation, and has obvious advantages in computing performance compared with the existing signature schemes.

ULTRASONIC MONITORING OF ECHINOCOCCAL CYSTS AFTER PAIR PROCEDURE

The PAIR operation (Punction, Aspiration, Injection, Reaspiration) is a minimally invasive method for treating echinococcosis cysts (EC) of the liver at the CE1 stage. Since in this method of surgical treatment the echinococcosis cyst is not removed from the liver, constant monitoring of patients using complex radiation diagnostic methods is necessary. - ultrasound and CT diagnostics.

Prevention of Blackhole Attack in MANET using Certificate less Signature Scheme

Mobile AdHoc Networks (MANETs) are the network of self-configuring nodes. Such nodes communicate through single as well as multi-hop modes without the aid of any centralized administrator or pre-existing network infrastructure. Due to this reason, MANETs have gained a highly significance in modern wireless networking technologies. Such networks are extremely vulnerable to one of the security attack i.e. blackhole attack. It is a malicious node when an attacker is able to send a fake route reply to the originator of a route request packet. Such attackers discard the legitimate packets and replay packets in the whole network thereby adversely affecting network performance. Most of the security protocols for MANET are using bilinear pairing methods to provide security against security attacks and it takes high computing cost for the computation of pairing operations. Nowadays, researchers are using certificate-less signature schemes in distributed environments to provide efficient security. This signature scheme is very popular because it does not use any certificate authority for the management of security certificates. In this paper, we proposed an efficient technique to prevent blackhole attack in MANET using RSA-based certificateless signature scheme without using any bilinear pairing operations. Our scheme provides security against forgery and blackhole attacks and is evaluated under a discrete logarithm problem. Proposed scheme outperforms existing schemes in terms of these metrics viz., throughput, packet delivery ratio, routing overhead and end-to-end delay when we are varying mobility and fixed percentage of malicious nodes. Our proposed scheme not only detects or prevents the blackhole attack but it is also capable to provide important security services viz., integrity, authentication and non-repudiation.

A Pairing-Free Heterogeneous Signcryption Scheme for Unmanned Aerial Vehicles

During the past few years, as Internet of Things develops rapidly, the applications of unmanned aerial vehicle (UAV) technology have been increasingly widely used. Meanwhile, the efficiency and security issues of UAV communication have brought about widespread attention of many researchers in different fields. In an open wireless network, the attacks on UAV communication mainly include eavesdropping, tampering, interrupting, forgery, etc. Signcryption is an appropriate method to address these security problems. However, the existing signcryption schemes are not suitable for UAVs with limited resources and ground station (GS) that needs to process a large number of messages from UAVs. Moreover, in a certain area, UAVs and a GS may belong to different cryptosystems. Therefore, in this article, we came up with a heterogeneous signcryption scheme for UAVs to communicate to a GS (HSC-U2G) without bilinear pairing operation, where UAVs belong to identity-based cryptography (IBC) while the GS belongs to public-key infrastructure (PKI). Moreover, our scheme provides identity privacy for UAVs and supports batch verification for the GS. Using the random oracle model, we demonstrate HSC-U2G can achieve insider security for confidentiality as well as unforgeability. After that, HSC-U2G is compared with several important related works and we provide all experimental results to show the efficiency.