An Efficient Merkle-Tree-Based Authentication
Scheme for Smart Grid
Smart grid has emerged as the next generation of power grid, due to its reliability, flexibility, and efficiency. However, smart grid faces some critical security challenges such as the message injection attack and the replay attack. If these challenges cannot be properly addressed, an adversary can maliciously launch the injected or replayed message attacks to degrade the performance of smart grid. To cope with these challenging issues, in this paper, we propose an efficient authentication scheme that employs the Merkle hash tree technique to secure smart gird communication. Specifically, the proposed authentication scheme considers the smart meters with computation-constrained resources and puts the minimum computation overhead on them. Detailed security analysis indicates its security strength, namely, resilience to the replay attack, the message injection attack, the message analysis attack, and the message modification attack. In addition, extensive performance evaluation demonstrates its efficiency in terms of computation complexity and communication overhead.
Smart Grid Mesh Network Security Using
Dynamic Key Distribution With Merkle Tree 4-Way Handshaking
Distributed mesh sensor networks provide cost-effective communications for deployment in various smart grid domains, such as home area networks (HAN), neighborhood area networks (NAN), and substation/plant-generation local area networks. This paper introduces a dynamically updating key distribution strategy to enhance mesh network security against cyber attack. The scheme has been applied to two security protocols known as simultaneous authentication of equals (SAE) and efficient mesh security association (EMSA). Since both protocols utilize 4-way handshaking, we propose aMerkle-tree based handshaking scheme, which is capable of improving the resiliency of the network in a situation where an intruder carries a denial of service attack. Finally, by developing a denial of service attack model, we can then evaluate the security of the proposed schemes against cyber attack, as well as network performance in terms of delay and overhead.
An optimized adaptive algorithm for
authentication of safety critical messages in VANET
Authentication is one of the essential frameworks to ensure safe and secure message dissemination in Vehicular Adhoc Networks (VANETs). But an optimized authentication algorithm with reduced computational overhead is still a challenge. In this paper, we propose a novel classification of safety critical messages and provide an adaptive algorithm for authentication in VANETs using the concept ofMerkle tree and Elliptic Curve Digital Signature Algorithm (ECDSA). Here, the Merkle tree is constructed to store the hashed values of public keys at the leaf nodes. This algorithm addresses Denial of Service (DoS) attack, man in the middle attack and phishing attack. Experimental results show that, the algorithm reduces the computational delay by 20 percent compared to existing schemes.
SAFE: A social based updatable filtering
protocol with privacy-preserving in mobile social networks
Mobile Social Networks (MSN), as an emerging social networking platform, facilitates social interaction and information sharing among users in the proximity. Spam filtering protocols are extremely important to reduce communication and storage overhead when many spam packets without specific destinations are diffused in MSNs. In this paper, we propose an effective social based updatable filtering protocol (SAFE) with privacy preservation in MSNs. Specifically, we firstly construct a filter Hash treebased on the properties of Merkle tree. Then, we exploit social relationships, and select those users with more than a specific number of common attributes with the filter creator. The selected users are able to store filters in order to block spams or relay regular packets. Furthermore, we develop a cryptographic filtering scheme without disclosing the creator's private information or interests. In addition, we propose a filter update mechanism to allow users to update their distributed filters in time. The security analysis demonstrates that the SAFE can protect user's private information from filter's disclosure to other users and resist filter forgery attack. Through extensive trace-driven simulations, we show that the SAFE is effective and efficient to filter spam packets in terms of delivery ratio, average delay, and communication overhead.
An efficient authenticated data
structure for dynamic data set based on B+ tree
In cloud storage system, the client stores large volume of data at remote directories which is out of the client's control and may be malicious. In such setting, the ability to efficiently check the integrity of remotely stored data is an important security property. In this paper, we focus on a simple and very important form of remote data authentication problem, where we authenticate membership queries over a dynamic set of n data elements that is stored at untrusted directories. Some existing verification methods for membership queries, such as Merkle Hash Tree (MHT), Skip List and RSA Tree are overviewed first. These methods all achieve the goal for verification, but their data structures are not agile enough for data update. They may have high time complexity or cause reconstruction of the whole data structure frequently when update operation is preceded. So we turn to B+ tree data structure and make it work with RSA accumulator to form a new verification scheme, which implements the verification and incurs low computational costs for membership query of dynamic data set.
OCCASIO: An operable concept for
confidential and secure identity outsourcing
While federated identity management separates service provisioning from identity provisioning, the identity provider is usually operated at the home organization of the identities. We address the challenge of outsourcing the entire identity provider with its user database to an untrusted external provider in a secure and privacy-preserving way. With this type of outsourcing, the home organization is no longer required to operate high availability infrastructure for access management. Instead, the home organization only needs to frequently attest that the identity data in the outsourced database is still up to date, a task that is much less demanding than providing access decisions whenever a user wants to make use of a service. In this paper we present Occasio, a concept that permits secure outsourcing of identity and access management to untrusted external providers. Occasio builds on concepts of outsourcing databases and particularly on Merkle Hash Trees. We show that Occasio matches all security requirements for operation in an untrusted environment. Furthermore, we demonstrate that Occasio can be easily integrated into the SAML standard. We present results of a performance evaluation that shows that Occasio behaves well in terms of overhead. Finally, we show that with Occasio identity data of different home organizations can be `aggregated' without being linkable by someone other than the services that are granted to do so by the user.
No comments:
Post a Comment