Your search keyword '"Tieyan Li"' showing total 18 results

1. Is Today's End-to-End Communication Security Enough for 5G and Its Beyond?

Author

Tieyan Li, Haiguang Wang, Mingjun Wang, Shufan Fei, Jialei Zhang, Zheng Yan, Xidian University, Network Security and Trust, Huawei Technologies, Department of Communications and Networking, Aalto-yliopisto, and Aalto University

Subjects

Authentication, Computer Networks and Communications, Computer science, business.industry, Communications security, Computer security, computer.software_genre, Receivers, Password, Secure communication, End-to-end principle, Hardware and Architecture, Order (exchange), 5G mobile communication, Key (cryptography), Cryptography, Security, Wireless, business, computer, Software, Heterogeneous network, 5G, Information Systems, Device-to-device communication

Abstract

Publisher Copyright: IEEE Mobile and wireless communication continues its rapid development. Beyond 5G, heterogeneous networks (HetNets) will be merged with the integration of various networking technologies. Unique characteristics of such an integrated converged network cause new security challenges, such as difficulty of key agreement and theft of communication content, especially when crossing network domains happens. In order to ensure secure and reliable communications, end-to-end (E2E) communication security is highly expected, especially for cross-trust-domain communications in HetNets. Unfortunately, little existing research touches this issue and the literature lacks a deep-insight review on the current state-of-the-art. In this article, we summarize current E2E secure communication scenarios and basic techniques. We propose a number of requirements based on security threat analysis and employ them as a measure to evaluate existing works. Through review and analysis, we finally determine open issues to highlight future research directions.

Published

2021

2. Analyzing a Family of Key Protection Schemes against Modification Attacks

Author

Guilin Wang and Tieyan Li

Subjects

Hardware security module, business.industry, Computer science, Cryptography, Adversary, Computer security, computer.software_genre, law.invention, Permutation, law, Key (cryptography), Electrical and Electronic Engineering, EPROM, business, computer, Adversary model, EEPROM

Abstract

Protecting cryptographic keys in hardware devices is challenging. In this work, we reinvestigate a family of key protection schemes proposed by Fung, Golin and Gray (2001), which use permutations to protect keys stored in Electrically Erasable Programmable Read-Only Memory (EEPROM). Our analysis discovers vulnerabilities in the use of mathematical permutations. Specifically, we successfully identify two practical attacks-batch card attack and relative probing attack-which allow an adversary to discover the secret key stored in the EEPROM. Contrary to the claims of Fung et al., these attacks are realizable with a relatively small number of probes. Moreover, we examine the rationale of their security assumptions, which are mainly based on the modification attack described by Anderson and Kuhn (1997), and conclude that recent advances in hardware security (w.r.t. both attacks and countermeasures) suggest a stronger adversary model on designing such secure devices.

Published

2011

3. Time cost evaluation for executing RFID authentication protocols

Author

Kevin Chiew, Yingjiu Li, Tieyan Li, Robert H. Deng, and Manfred Josef Aigner

Subjects

Protocol (science), Authentication, business.industry, Computer science, Server, Authentication protocol, Cryptography, Cryptographic protocol, Encryption, business, Computer network

Abstract

There are various reader/tag authentication protocols proposed for the security of RFID systems. Such a protocol normally contains several rounds of conversations between a tag and a reader and involves cryptographic operations at both reader and tag sides. Currently there is a lack of benchmarks that provide a fair comparison platform for (a) the time cost of cryptographic operations at the tag side and (b) the time cost of data exchange between a reader and a tag, making it impossible to evaluate the total time cost for executing a protocol. Based on our experiments implemented on IAIK UHF tag emulators (known as DemoTags), in this paper we present detailed benchmarks of both time costs for RFID authentication protocols. Our results reveal that the data exchange dominates the time cost for running a protocol. We also give a classification for the existing protocols and summarise formulae of time cost evaluation for each type of protocols in a way so that a user can evaluate the time cost of a protocol amongst several choices of cryptographic operations in an application.

Published

2010

4. Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

Author

Pedro Peris-Lopez, Julio C. Hernandez-Castro, and Tieyan Li

Subjects

Scheme (programming language), QA75, Class (computer programming), Authentication, Standardization, Computer science, business.industry, Cryptography, Mutual authentication, Computer security, computer.software_genre, Adversarial system, Artificial Intelligence, Hardware and Architecture, Radio-frequency identification, Computer Vision and Pattern Recognition, Electrical and Electronic Engineering, business, computer, Software, computer.programming_language

Abstract

In 2006 EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) [1] and the ISO 18000-6C standards [2], respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim [3]. We attempt to mitigate the weaknesses observed in the original scheme and, at the same time, consider other possible adversarial threats as well as constraints on low-cost RFID tags requirements.

Published

2010

5. Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard

Author

Tieyan Li, Juan E. Tapiador, Pedro Peris-Lopez, and Julio C. Hernandez-Castro

Subjects

Password, QA75, Authentication, Computer Networks and Communications, business.industry, Computer science, Access control, Cryptography, Information security, Mutual authentication, Computer security, computer.software_genre, law.invention, law, Authentication protocol, Radio-frequency identification, business, Cryptanalysis, computer, Computer network

Abstract

The EPC Class-1 Generation-2 RFID standard provides little security, as has been shown in previous works such as [S. Karthikeyan, M. Nesterenko, RFID security without extensive cryptography, in: Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp. 63-67; D.N. Duc, J. Park, H. Lee, K. Kim, Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning, in: The 2006 Symposium on Cryptography and Information Security, 2006; H.Y. Chien, C.H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces 29 (2007) 254-259; P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007; T.L. Lim, T. Li, Addressing the weakness in a lightweight RFID tag-reader mutual authentication scheme, in Proceedings of the IEEE Int'l Global Telecommunications Conference (GLOBECOM) 2007, Nov 2007, pp. 59-63]. In particular, the security of an RFID tag's access and kill passwords is almost non-existent. Konidala and Kim recently proposed a new mutual authentication scheme [D.M. Konidala, Z. Kim, K. Kim, A simple and cost-effective RFID tag-reader mutual authentication scheme, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007, pp. 141-152] - an improved version of their first attempt [D.M. Konidala, K. Kim, RFID tag-reader mutual authentication scheme utilizing tag's access password, Auto-ID Labs White Paper WP-HARDWARE-033, Jan 2007] - in which a tag's access and kill passwords are used for authentication. In this paper, we show that the new scheme continues to present serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2^-^2, and the 16 most significant bits with a probability greater than 2^-^5. Finally, we show how an attacker can recover the entire kill password with probability 2^-^2.

Published

2009

6. Providing Stronger Authentication at a Low Cost to RFID Tags Operating under the EPCglobal Framework

Author

Pedro Peris-Lopez, Tong-Lee Lim, and Tieyan Li

Subjects

Scheme (programming language), Authentication, Standardization, Computer science, business.industry, Cryptography, Mutual authentication, business, Computer security, computer.software_genre, computer, computer.programming_language, Computer network

Abstract

In 2006, EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) standard and the ISO 18000 standard respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed in these standards. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim. We attempt to mitigate the weaknesses observed in the original scheme, and at the same time, consider other possible adversarial threats, as well as constraints on low-cost RFID tags requirements.

Published

2008

7. Secure RFID Identification and Authentication with Triggered Hash Chain Variants

Author

Tieyan Li, Tong-Lee Lim, and Tao Gu

Subjects

Authentication, business.industry, Computer science, Hash function, Cryptography, Mutual authentication, Computer security, computer.software_genre, SHA-2, Cryptographic hash function, Hash chain, Message authentication code, business, computer, Computer network

Abstract

In this paper, we propose two RFID identification and authentication schemes based on the previously proposed triggered hash chain scheme by Henrici and Muller. The schemes are designed to mitigate the shortcomings observed in the triggered hash chain scheme and to ensure privacy preserving identification, tag-reader mutual authentication, as well as forward-privacy in the case of RFID tags that have been compromised. The first scheme uses a challenge-response mechanism to defend against an obvious weakness of the triggered hash chain scheme. The second scheme uses an authenticated monotonic counter to defend against a session linking attack that the first scheme is vulnerable to. We compare the level of security offered by our proposed schemes against other previous schemes and find that the schemes perform well, while keeping within reasonable overheads in terms of computational, storage and communication requirements.

Published

2008

8. Employing Lightweight Primitives on Low-Cost RFID Tags for Authentication

Author

Tieyan Li

Subjects

Information privacy, Authentication, Cryptographic primitive, Computer science, business.industry, Data_MISCELLANEOUS, Cryptography, Cryptographic protocol, Computer security, computer.software_genre, Authentication protocol, Radio-frequency identification, Message authentication code, business, computer, Computer network

Abstract

Radio frequency identification (RFID) systems have been aggressively deployed in a variety of applications. RFID security and privacy issues have been intensively studied in the research field, of which the authentication between RFID reader and tag is the fundamental theme. Most of the existing authentication protocols draw assumptions on classic cryptographic primitives. However, for extremely resource constraint RFID tags, only lightweight primitives can be incorporated. In this paper, we propose an RFID mutual authentication protocol employing ultra-lightweight mathematic primitives to achieve secure tag/reader authentication. The proposed scheme is secure in sense of tag anonymity, man-in-the-middle resistance, and forgery prevention that are shown in our analysis. The scheme is also efficient due to fast calculation on reduced hardware implementation.

Published

2008

9. Randomized Bit Encoding for Stronger Backward Channel Protection in RFID Systems

Author

Tong-Lee Lim, Sze-Ling Yeo, and Tieyan Li

Subjects

Unique identifier, Identifier, Backward channel, Ubiquitous computing, Computer science, business.industry, Privacy protection, Entropy (information theory), Cryptography, business, Computer network, System model

Abstract

In this paper, we introduce a randomized bit encoding scheme that can strengthen the privacy protection on RFID tags. This scheme is used together with the backward channel protection method proposed by Choi and Roh (2006), which serves to protect the unique identifier of an RFID tag from disclosure to close-range eavesdroppers. Choi and Roh's method faces the 'same-bit' problem, in which some bits of the unique identifier could be disclosed, thereby revealing critical information. Our proposed scheme alleviates the 'same-bit' problem to a negligible level. Furthermore, we propose an enhanced system model that can protect the unique tag identifier from disclosure not only against eavesdroppers, but against unauthorized interrogators as well. A metric based on entropy was defined and used to measure the amount of protection offered by the scheme. A method to construct an optimal randomized n-bit encoding scheme was also described. In addition, theoretical analysis and simulations were conducted, which show that the proposed encoding scheme provides significant improvement (achieving almost twice the entropy) over no encoding.

Published

2008

10. Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol

Author

Robert H. Deng and Tieyan Li

Subjects

Authentication, business.industry, Computer science, Data security, Cryptography, Cryptographic protocol, Computer security, computer.software_genre, Vulnerability assessment, Synchronization (computer science), Reflection attack, business, Protocol (object-oriented programming), computer, Computer network

Abstract

In this paper, we analyze the security vulnerabilities of EMAP, an efficient RFID mutual authentication protocol recently proposed by Peris-Lopez et al. (2006). We present two effective attacks, a de-synchronization attack and a full-disclosure attack, against the protocol. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter completely compromises a tag by extracting all the secret information stored in the tag. The de-synchronization attack can be carried out in just round of interaction in EMAP while the full-disclosure attack is accomplished across several runs of EMAP. We also discuss ways to counter the attacks

Published

2007

11. An Efficient Scheme for Encrypted Data Aggregation on Sensor Networks

Author

Huafei Zhu, Yongdong Wu, and Tieyan Li

Subjects

Data aggregator, business.industry, Computer science, Sensor node, Cryptography, Bloom filter, computer.software_genre, business, Encryption, Wireless sensor network, computer, News aggregator, Computer network

Abstract

It is an open problem of how to protect the traffics and at the same time, to support in-network processing in sensor networks. This paper tackles the problem by proposing an efficient model of categorizing encrypted data transmitted on sensor networks. An aggregator, an intermediate sensor node in our setting, is embedded with a set of searching keywords in encrypted format. Upon receiving an encrypted message, it matches the message with the keywords and then processes the message based on certain policies such as forwarding the original message to the next hop, updating it and forwarding or simply dropping it on detecting duplicates. The messages are encrypted before being sent out and decrypted only at their destination. Although the intermediate classifiers can categorize the messages, they learn nothing about the encrypted messages except several encrypted keywords, even the statistic information. The secure and efficient aggregation SEA scheme uses Bloom filter to further reduce transmission cost. The performance analysis shows that the computational cost and communication cost are well balanced

Published

2006

12. Key encapsulation protocols for grouped low-state devices

Author

Huafei Zhu and Tieyan Li

Subjects

Key-agreement protocol, Authentication, Revocation, Computer science, business.industry, Cryptography, Cryptographic protocol, Public-key cryptography, Authentication protocol, Universal composability, Session key, Key encapsulation, business, Key management, Computer network

Abstract

In this paper, we propose an efficient key encapsu- lation protocol (in essence, it is a CCA-2 public key encryption scheme) that is provably secure in the standard computational complexity model from which an efficient one-way authentication protocol together with a key agreement protocol can be derived immediately for low-state devices within the group. With the help of these cryptographic protocols, the group controller device is able to compute group level session key using the state-of-the-art protocols for multi-casting device revocation information.

Published

2006

13. More on Shared-Scalar-Product Protocols

Author

Huafei Zhu, Feng Bao, Tieyan Li, and Ying Qiu

Subjects

Theoretical computer science, Cryptographic primitive, business.industry, Secure two-party computation, Homomorphic encryption, Cryptography, Commitment scheme, Computer security model, business, Encryption, Semantic security, Computer Science::Cryptography and Security, Mathematics

Abstract

Secure scalar product protocols provide fundamental security components for distributed data mining with privacy concerns. This paper makes two contributions in the shared-scalar-product protocols. In the first fold, a security model for shared-scalar-product protocols in the malicious model is introduced and formalized. In the second fold, an implementation for shared-scalar-product protocols based on the homomorphic cryptographic primitives is proposed which is provably secure assuming that the underling homomorphic encryption scheme is semantically secure and the homomorphic commitment scheme is statistically hiding and computationally binding in the public reference string model. The potential areas of application of this protocol are numerous (e.g., computation of Euclidean distance, oblivious linear auxiliary information computation and so on...).

Published

2006

14. A secure group solution for multi-agent ec system

Author

Kwok-Yan Lam and Tieyan Li

Subjects

National security, Multicast, business.industry, Computer science, Distributed computing, Key distribution, Cryptography, Information security, Computer security, computer.software_genre, Mobile agent, Mobile telephony, business, computer

Abstract

Mobile agent technology applied into EC is facing many problems. Security should be the first concern. But in large scale multi-agent systems, the most challenging problems encountered are locating and communicating of these autoprocessing agents. Some approaches have used several different methods to solve these problems. But unfortunately, they were not satisfied either for their complexity, poor performance or their lack of applicability. In our approach, we propose a secure group communication solution toward the security, locating and communication problems. We differentiated the ”Agent-Based” Multicast concept from the traditional ”Host-Based” Multicast. We then described the requirements for providing secure group services and introduce the key distribution method. A cryptographic method is complemented for further protect the agents. Finally, we analyzed the security and performance issues and conclude our solution.

Published

2005

15. Sequential aggregate signatures for wireless routing protocols

Author

Yongdong Wu, Feng Bao, Tieyan Li, and Huafei Zhu

Subjects

Routing protocol, business.industry, Wireless ad hoc network, Computer science, computer.internet_protocol, Cryptography, Mobile ad hoc network, RSA problem, Random oracle, Public-key cryptography, Digital signature, Wireless Application Protocol, Routing (electronic design automation), business, computer, Computer network

Abstract

Sequential aggregate signature, first introduced and formalized by A. Lysyanskaya et al. (see EUROCRYPT 2004, p.74-90, 2004), is emerging as a useful tool to ensure routing security and at the same time to improve performance. We propose a new mechanism to construct sequential aggregate signatures based on the cipher block chaining (CBC) mode, which is different from previous known results. We then construct an efficient sequential aggregate signature scheme and show that our construction is provably secure in the random oracle paradigm, assuming that the RSA problem is hard. Finally, we propose an interesting aggregate routing protocol for wireless ad hoc networks as an immediate application of our protocol.

Published

2005

16. Multi-Source Stream Authentication Framework in Case of Composite MPEG-4 Stream

Author

Huafei Zhu, Yongdong Wu, and Tieyan Li

Subjects

Authentication, Computer science, business.industry, Distributed computing, Hash function, Cryptography, Transcoding, computer.file_format, computer.software_genre, Digital signature, Server, Scalability, MPEG-4, Message authentication code, business, computer

Abstract

Multimedia community is moving from monolithic applications to more flexible and scalable integrated solutions. Stream authentication is more complex since a stream may consist of multiple sources and be transcoded by intermediate proxies. In this paper, we propose a multi-source stream authentication (mSSA) framework based on MPEG-4 stream format. We describe the overall authentication architecture and elaborate the encoding, hashing, signing, amortizing and verifying methods used in the basic scheme. Further on, we utilize advanced cryptographic primitives-aggregate signature schemes, to reduce the signatures’ size and improve the performance. We illustrate the scheme and discuss the extensions. Our analysis shows that the scheme is secure and efficient.

Published

2005

17. LITESET/A++: a new agent-assisted secure payment protocol

Author

Yan Wang and Tieyan Li

Subjects

Information privacy, business.industry, Computer science, media_common.quotation_subject, Internet privacy, Data security, Cryptography, Information security, Trusted third party, Cryptographic protocol, Computer security, computer.software_genre, Payment, Payment protocol, ComputingMilieux_COMPUTERSANDSOCIETY, business, computer, media_common

Abstract

In this paper, we proposed a new agent-assisted secure payment protocol LITESET/A++, which aims at enabling the dispatched consumer-agent to choose the "best" one after negotiating with merchants to close a deal, autonomously sign contracts and make the payment on behalf of the cardholder without the possibility of disclosing any secret to any participant. This is realized by adopting the signature-share and signcryption-share schemes, and employing a trusted third party (TTP). In LITESET/A++, the principle that each participant knows what is strictly necessary for his/her role is followed as in SET payment protocol while the non-repudiation property is improved.

Published

2004

18. Classify encrypted data in wireless sensor networks

Author

Yongdong Wu, Di Ma, Tieyan Li, and Robert H. Deng

Subjects

Key distribution in wireless sensor networks, Computer science, business.industry, Visual sensor network, Sensor node, Testbed, Mobile wireless sensor network, Cryptography, Encryption, business, Wireless sensor network, Computer network

Abstract

End-to-end security mechanisms, like SSL, may seriously limit the capability of in-network processing that is the most critical function in sensor networks. Supporting in-network processing can significantly improve the performance of extremely resource-constrained sensor networks featuring many-to-one traffic patterns. How to protect the traffic and support in-network processing at the same time is an open problem. The paper tackles the problem by proposing a model for categorizing encrypted messages in wireless sensor networks. A classifier, an intermediate sensor node in our setting, is embedded with a set of searching keywords in encrypted format. Upon receiving an encrypted message, it matches the message with the keywords and then processes the message based on certain policies such as forwarding the original message to the next hop, updating and forwarding it or simply dropping it on detecting a duplicate. The messages are encrypted before being sent out and decrypted only at their destinations. Although the intermediate classifiers can categorize the messages, except for several encrypted keywords, they learn nothing about the encrypted messages, not even statistical information. The scheme is efficient, flexible and resource saving. The performance analysis shows that the computational cost and communication cost are minimized. Furthermore, it is resilient to node capture attack and many other kinds of attacks. We are prototyping the model on our mote testbed.