The Proposed Protocol. In this section, we propose a chaotic maps-based mutual authentication and key-agreement protocol for wireless communications using smart cards that almost satisfies all the requirements of the existing authentication and key-agreement protocols for wireless communications and is immune to various known types of attacks. In addition, our protocol is simple and has a reasonable cost. The notations used in this section are listed in Table 1. Our protocol consists of three phases, i.e., (1) the registration phase; (2) the mutual authentication and session key- agreement phase; and (3) the password change phase.
Table 1. Notations used in the proposed protocol
The Proposed Protocol. This section formally presents the proposed protocol based on the model developed in Section 2. Based on the definition of an AIC problem, every processor has its own initial value to perform the protocol to reach an interactive consistency. Based on the results of Xxx, Xxxx, Xxxx (Xxx et al., 1999), within two rounds of message exchanges, all fault-free processors can reach an agreement for all fault-free processors as if d dormant faulty links and m malicious faulty links exist in a n-processor fully connected network, in which m ≤ (n-d-3)/2. With a similar procedure, each processor performs the third round of message exchange. The proposed protocol can make all fault-free processors reach an agreement on the values they received in the first round. All fault-free processors can reach an agreement on common faults caused in the first round by comparing the common values received before and after the first round of message exchanges. Based on the same idea, the protocol can make all fault-free processors reach an agreement on a common set of faulty components if the components explore their faulty behavior in the second round of message exchanges. Therefore, all faulty components are detected and located by all fault-free processors and an interactive consistency is reached. The FDA problem is solved. Figure 1 illustrates the PFDA protocol, which can make all fault-free processors tolerate/detect/locate a common set of d dormant faulty links and m malicious faulty links which simultaneously exist in a n-processor fully connected network, where m ≤ (n-d-3)/2. PFDA reaches interactive consistency using two rounds of message exchanges and detects/locates a common list of faulty components using two additional rounds of message exchanges. We will demonstrate 1) the proposed method’s efficiency, and 2) the necessary and sufficient conditions for the number of rounds deemed necessary and faulty components allowed by PFDA. Protocol PFDA (For processor i with initial value vi,1≤ i ≤ n)
The Proposed Protocol. The proposed solution has to satisfy the desired properties and avoid the unwanted ones. Thus, the proposed solution is a complete protocol that provides a mechanism to mitigate replaying attack, provides an encryption mechanism, enables anonymous connection, and provides mutual authentication process. The protocol has the following properties:
1. Has markers in each session in the form of session keys (each host has one session key with length up to 280 bits).
2. The session keys are generated by XOR computation of four random numbers (70 hex per random number). The session keys are used by both users to differentiate the messages in different sessions.
3. Has a mechanism to ensure that the random numbers that are received at the receiver side are correct. This mechanism is needed for both hosts to create the same session key. This is achieved by checking the MAC in each host. The MAC value that is sent by User B has the random numbers that is generated by User A and has been received by User B. If User A finds the difference in the MAC value (e.g., someone is altering the random numbers, or there is an error in the network so that User B cannot obtain the random numbers from User A), then User A will terminate the session. PIDA , PuB[XXX, nA1, nA2] PIDB, PuA[IDB, nB1, nB2], MACB To be continued ….
The Proposed Protocol. The proposed protocol, Dual Fault Detection Consensus (DFDC), can solve the consensus problem and FDA problem with dual failure mode in an FCN. The assumptions and parameters of our protocol to solve the FDA problem in an FCN are as follows: ■ Each processor in the network can be identified as unique. ■ Let N be the set of all processors in the network and ∣N∣= n. ■ The processors of the underlying network are assumed to be fault-free. ■ The fallible component of the underlying network is communication media only. ■ Let m be the maximum number of malicious faulty communication media allowed. ■ Let d be the maximum number of dormant faulty communication media allowed. ■ Let c be the lower bound of connectivity of the FCN, where c= n-1, and m ≤ (n-c-2)/2. That is, DFDC can tolerate d dormant faults and m malicious faults simultaneously in the network, where m ≤ (n-d-3)/2, if the processors always work accurately and communication media are fallible. DFDC needs two rounds of message exchange to reach the consensus, and only one additional round (the third round of message exchange) is needed to detect and locate the faulty components. There are three phases in DFDC, which are the message exchange phase, the decision making phase, and the fault detection phase. In the message exchange phase, the processors exchange messages to get enough information. In the first round, each processor Pi transmits its initial value vi through the communication media, where 1≤ i ≤ n, and receives the initial value vj from every processor Pj, for 1≤ j ≤ n. Then, the processor Pi constructs the vector Vi = [v1, v2,…, vj,…, vn]. If a dormant communication medium, say ik, is found, then vk in the vector Vi is replaced with λ, where 1≤ k ≤ n. In the second round, each processor Pi transmits a vector Vi to the other processors, where 1≤ i ≤ n, and then it receives the vectors transmitted by all the other processors and constructs MATi, (Setting the vector Vj in column j, for 1≤ j ≤ n.) If a dormant communication medium, say ik, is found, then Vk = [λ, …, λ, …, λ ], where 1≤ k ≤ n. In the third round, each processor Pi transmits MATi to all the other processors and then receives the matrices transmitted by the other processors to construct FDMATi (Setting the matrix MATj in j-th layer of FDMATi, for 1 ≤ j ≤ n.). If a dormant communication medium, say ik, is found, then all the values of the k-th layer of FDMATi is set to be λ, where 1≤ k ≤ n . In the decision making phase, each pr...
The Proposed Protocol. The proposed protocol Optimal Malicious Agreement Protocol (OMAP) can solve the BA problem due to faulty sensor nodes which may send wrong messages to influence the system to reach agreement in a synchronous CWSN. OMAP protocol consists two phases and needs σ rounds of message exchange to solve the BA problem.
The Proposed Protocol. 4.1. Dual semirings action
1. Xxxxx chooses as a secret key two reduced polynomials (for a polynomial in
The Proposed Protocol. In this section, we shall introduce the proposed protocols RC and UAP to solve the BA problem with dual failure mode for the processors in a UNet. In UAP, RC is used to find out the c node-disjoint paths by the graphic information [3] to receive the messages from the sender processor, and the number of rounds of UAP operations is t +1 (t = ⎣(n-1)/3⎦). RC can provide a reliable channel to help the processors to transmit messages to each other, and using RC can make an un-fully connected network act just like a fully connected network without the common knowledge of the graphic information of the whole network structure. Moreover, the protocol RC encodes a transmitted message by using Manchester code before transmission. Therefore, the message(s) from dormant faulty processor can be detected by healthy processor. The definition of the protocol RC is shown in Figure 3. In a UNet, each processor only has the partial knowledge of its own graphic information. For example, in Figure 4(a ) and 4(b), P1 and P3 only have the information of the connection state of itself. Therefore, it is impossible for P1 to transmit a message to P3, and the reason is that P1 does not know the location of P3. In this study, the proposed RC can enable a sender processor to transmit a message to the destination processor without the location information of the destination processor. UAP can tolerate fm malicious faulty processors and fd dormant faulty processors, where n>⎣ (n-1)/3⎦+2fm+fd and c>2fm+fd. The definition of protocol UAP is shown in Figure 5. There are two phases in protocol UAP, which are the message exchange phase and the decision making phase. In the message exchange phase, each processor exchanges messages with others to get enough information through RC, which needs t +1 rounds of message exchange. If the received message is through the dormant faulty processors, then replace the value λ0 as the received message, if the received message is λi, then replace the value λi+1 as the received message (The value λi is used to report the absent value , where 0≦ i ≦t –1). In the protocol RC, the sender processor Pi (1≤ i ≤ n ) will transmit the value vi to the destination processor Pj (1≤ j ≤ n ) directly (if the sender processor has the connection with the destination processor). Moreover, the sender processor Pi will also transmit the value vi through the processor Py (1≤ y ≤ n ) which has connection with the sender processor Pi, then each intermediate processor Py (except t...
The Proposed Protocol. The proposed protocol Malicious Agreement Protocol (MAP) can solve the BA problem due to faulty sensor nodes which may send wrong messages to influence the system to reach agreement in a synchronous CWSN. MAP protocol consists two phases and needs σ rounds of message exchange to solve the BA problem.
The Proposed Protocol. This part describes the proposed scheme in detail. The proposed scheme consists of four phases: multi-environment setup phase, the user regis- tration phase, the authentication key agreement phase, and the biometrics and password update phase, respectively. Symbols used in the proposed scheme are defined in Table 1 as follows:
Table 1. Symbols Symbol Definition RC registration center B the biometrics sample of user τ predetermined threshold for biometrics authentication SK session key
The Proposed Protocol. In this section, we describe a one round authenticated group key agreement protocol which uses one more key pair as well as the long term public and private keys of typical IBE system.
5.1 System Setup [Verification] Each user verifies and as fol- lows: If the above equation holds, then accepts as the message from . [Key Computation] Upon receiving from other users, each user computes the session key as follows: [Setup] The KGC generates the following system parameters: { } The KGC selects an elliptic curve de- fined over with order and a base point . And then, chooses a master key VI. Analysis ∈ and computes by and
6.1. Security publishes system parameters. [Extract] A user (1 ≤ i ≤ n) picks a random in- Key Authentication: This property re- quires that only users of the group are al- lowed to know the key. In our protocol, the only user to have the long term private keys and can deliver messages to other users owing to the signature verification process. If an adversary doesn't know and a ephemeral key , he can't compute the session key. According to the discrete logarithm hardness, the adversary cannot extract from and cannot com- nation when the compromise of one user's long term private key does not imply that the private keys of other users will also be compromised. Suppose that an adversary who knows the user 's long term private keys and wishes to impersonate the user to all other users. He chooses an ephemeral key ′ and computes ′ ′
(1≤ ≤n,≠j), but he can’t compute ′ ′ without the user 's pute ≠ . Forward Secrecy: This property requires that disclosure of long term secret of a user does not compromise the previous session keys. Though the private keys and of are disclosed, the adversary cannot ex- tract from and he cannot com- long term private keys and . Therefore, the adversary may impersonate the compro- mised user in the subsequent protocols, but cannot impersonate other users. Known Session Key ...
