An Authentication Scheme Based on Novel Construction of Hash Chains for Smart Mobile Devices

Huang, Qinglong; Huang, Haiping; Wang, Wenming; Li, Qi; Wu, Yuhan

doi:https://doi.org/10.1155/2020/8888679

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Attacks, Challenges, and New Designs in Security and Privacy for Smart Mobile Devices

View this Special Issue

Research Article | Open Access

Volume 2020 | Article ID 8888679 | https://doi.org/10.1155/2020/8888679

An Authentication Scheme Based on Novel Construction of Hash Chains for Smart Mobile Devices

Qinglong Huang,¹Haiping Huang,¹Wenming Wang,^1,2Qi Li,¹and Yuhan Wu¹

Academic Editor: Ding Wang

Received26 Jun 2020

Revised03 Oct 2020

Accepted14 Oct 2020

Published18 Dec 2020

Abstract

With the increasing number of smart mobile devices, applications based on mobile network take an indispensable role in the Internet of Things. Due to the limited computing power and restricted storage capacity of mobile devices, it is very necessary to design a secure and lightweight authentication scheme for mobile devices. As a lightweight cryptographic primitive, the hash chain is widely used in various cryptographic protocols and one-time password systems. However, most of the existing research work focuses on solving its inherent limitations and deficiencies, while ignoring its security issues. We propose a novel construction of hash chain that consists of multiple different hash functions of different output lengths and employ it in a time-based one-time password (TOTP) system for mobile device authentication. The security foundation of our construction is that the order of the hash functions is confidential and the security analysis demonstrates that it is more secure than other constructions. Moreover, we discuss the degeneration of our construction and implement the scheme in a mobile device. The simulation experiments show that the attacker cannot increase the probability of guessing the order by eavesdropping on the invalid passwords.

1. Introduction

The Internet of Things (IoT) is becoming more and more closely connected with people’s daily lives, due to the popularity of mobile devices which takes a central role in IoT. Users can use applications installed on mobile devices to obtain and transfer sensitive data, so the user authentication is a necessary process to ensure the security and privacy. For instance, SMS-based (Short Message Service) authentication is widely employed in many applications, such as Gmail. However, in the latest draft of the Digital Authentication Guideline, NIST (National Institute of Standards and Technology) has announced that the SMS-based authentication is deprecated and may no longer be allowed in the future releases of the guideline [1]. Furthermore, unlike traditional personal computers and laptops, mobile devices have limited energy, computing power, and storage capacity. Thus, it is not practical for the authentication schemes to employ expensive cryptographic primitives.

Hash chain used in Lamport’s one-time password (OTP) [2] has become an important lightweight cryptographic primitive since it was proposed, which greatly improves the security of the simple password system. It also has been widely adopted to design key management and authentication mechanisms. The time-based one-time password (TOTP) system based on the hash chain is the most widely applied authentication system in which each password is valid only for a fixed time interval. TOTP system is more secure than SMS-based authentication, and the user can be authenticated implicitly. For example, some multifactor key management and authentication schemes [3–5] adopt the hash chain to ensure forward security, because the security foundation of the hash chain is guaranteed by its unidirectional nature. Hash chain is also employed by some broadcast authentication protocols [6] as one of the building blocks. And in many countries, the TOTP system has been chosen as a major security component of Internet banking to authenticate account holders. Thus, the TOTP system can be an alternative to replace SMS-based authentication [7, 8].

Hash chain is a very important tool to design the TOTP system. However, the hash chain still has some limitations and disadvantages that are issued by many literatures. First, one hash chain can only perform one-way authentication for two parties. The mutual authentication implemented by the hash chain requires both parties to store a secret value that is known as “seed,” which cannot be implemented or may cause huge security issues in many scenarios. Second, due to the limited length of the hash chain, a new hash chain must be generated and both parties have to reregister when the last hash chain has been consumed. Park [9] proposed an endless hash chain composed of many short chains in which each authentication message contains the commitment of the next short hash chain. The studies of [8, 9] designed a multilevel hash chain to avoid its exhaustion. And [10–15] presented a self-renewal hash chain in which a new hash chain will be established if the old one is consumed. Third, the computational burden is much higher when the sender generates a new one-time password in which multiple hash operations are required. [16–18] proposed construction methods to store and recover an intermediate value of a hash chain. [18, 19] further discussed the optimal time-memory tradeoff for the traversal of sequence hash chain. Hu et al. [10] gave two construction methods enabling faster verification.

Although most of the existing researches have addressed the issues caused by the above limitations and disadvantages, there is little related literature on the security research of the hash chain itself. Given the complex mobile environment and the open nature of channels (wireless channels) connected to mobile devices, the Lamport’s hash chain is easier to be inverted than a single hash function if the attacker can eavesdrop on lots of values of hash chains. Thus, Kogan et al. [20] improves the safety of Lamport’s hash chain by domain separation.

1.1. Our Work

In this paper, we introduce a novel construction of the hash chain and design a TOTP scheme for authentication of mobile devices. In our scheme, the hash chain is composed of different hash functions with different output length. Compared to Lamport’s hash chain, our construction can address the issue that the invalid password may help the attacker to invert the hash chain. Therefore, keeping the order of these hash functions confidential can effectively prevent the attacker from inverting the hash chain. And meanwhile, this design presents a challenge whether an attacker can easily find the order, which will come through a simulation. Besides, our scheme can be easily adopted by multifactor authentication scheme because of the simplified structure, especially adaptive to mobile devices.

The remainder of this paper is organized as follows. Section 2 illustrates the overview of hash chains. Our construction of hash chain and a TOTP system is given in Section 3. In Section 4, we analyse the security of our construction. We discuss the degeneration of our construction and run simulation experiments in Section 5. Section 6 concludes this paper.

2. Overview of Hash Chains

In this section, we briefly review the Lanport’s and Kogan et al.’s hash chains and their security.

2.1. Lamport’s Hash Chain

The hash chain proposed by Lamport is the continuous iteration of a secret value with the same hash function, as shown in Figure 1.

The secret value is generated by the user and the root of the hash chain , which is called commitment, should be registered on the server in advance. Whenever the server receives a password from the user, the server verifies whether it equals the commitment by a hash operation, namely, . If the verification is passed, the server stores as a new commitment for the next authentication.

A classic attack on the hash function is the birthday attack. The Lamport’s hash chain is generated by iterating the same hash function, so birthday attack is still an effective attack to the hash chain. Hu et al. [10] has discussed the susceptibility of iterating the hash function to birthday attack. Furthermore, Håstad and Näslund [21] got a conclusion that inverting the -th iteration is times easier than a single hash function if the same hash function is used in each step of the hash chain. Nevertheless, this research still works on the hash chain based on the same hash function.

2.2. Kogan et al.’s Construction

Kogan et al. [20] proposed a TOTP system called T/Key that is designed as a second-factor authentication scheme, which can be used in mobile devices. The hash chain used in T/Key is composed of independent hash functions in every step, as shown in Figure 2.

These hash functions are obtained from a certain hash function by domain separation. where is the initialization time and is a random salt. For a numeral , denotes the -bit binary representation of , and denotes the -bit prefix of . And these functions have the same domain so that it can withstand length extension attack.

In T/Key, each password is valid for a specific time interval . The user computes at first and sends it along with random salt to the server as a commitment. At a later time , the user sends a password to the server. When the server receives it, the server verifies whether it equals the stored commitment by hash operations, namely,

If the verification passes, the server stores the as a new commitment for the next authentication.

Kogan et al. also demonstrate that the difficulty of inverting this construction is almost the same as inverting a single hash function. However, as the length of the hash chain increases, a larger domain of is integrant.

3. Our Construction

The hash chain used in T/Key has a limitation that the domain should be larger as the length of the hash chain increases, and the independent hash functions are actually generated by the same hash function. Therefore, the basic ideal of our construction is that multiple hash functions, e.g., SHA-2 and MD5, are selected to build the hash chain, and these hash functions have different output length. The order of these hash functions is confidential. We denote these hash functions as , and their output lengths are . For example, if two hash functions (), SHA-2 and MD5, have been chosen, there are two orders, or . These hash functions are used cyclically in the hash chain, namely, where is one of the hash functions, and represents the index of hash function used in -th iteration and is the hash chain length. Since the hash function used in -th iteration can be inferred from its index, will be simplified as , and is equivalent to . The secret information consists of two parts: the secret key and the order of these hash functions .

The hash chain we constructed is used as a time-based one-time password scheme to authenticate the mobile device where each password is valid for a short time interval. The scheme consists of only two phases so that it can be easily integrated into many multifactor authentication schemes or used as a separate auxiliary authentication method for mobile devices. Since that, a hash chain can only be used for authentication by two parties; the roles in our scheme are simplified to two. The party requesting authentication is a mobile device (or a mobile application), and the verifier who verifies the password sent by a mobile device or application is a server . Figure 3 shows the design of our proposal.

3.1. Setup

The mobile device selects hash functions with different output length and then chooses and stores the order , the hash chain length , and a random secret key . The mobile device (or the sever ) notes the time interval (in seconds), which represents the valid time of each password and the initial time of the hash chain (measured in ). The public parameters can be sent to both two parties through an insecure channel. The order of hash functions should be sent to the server in a secure channel.

Moreover, computes and sends it to the server . Then, stores it as for the next verification and records .

3.2. Authentication

At some time , wants to access the server. The mobile device and the server proceed as follows: (i) generates the password using the secret key and the order . And sends it to the server

Particularly, if , then . (ii)Upon receiving the , firstly checks whether the password is valid. If , accepts it, otherwise, refuses it(iii) then verifies the password according to and computes(iv)If , then sets and , and the authentication successes, otherwise, the authentication fails

3.3. Clock Synchronization

In the TOTP system, a synchronized clock is necessary to ensure the authentication process. However, time skew or network natural delay is unavoidable, which may cause authentication failure. If time skew can be quickly repaired, then no additional mechanism is needed, as this only causes one authentication failure when it happens. Otherwise, when the time skew or network natural delay continues, a solution is that each password is valid for serval time intervals (related to ), instead of only valid for a time interval. In this case, the server needs to verify the password in each valid time, and should be updated to the time of successful verification.

4. Security Analysis

4.1. Forward Security

Our protocol can provide forward security, which means that if one key of the hash chain is leaked at a certain time, the previous authentication process will not be affected. In our construction, the order of hash functions is securely stored in both mobile devices and servers. The adversary has no way to compute the key . In the worse situation where is no longer a secret, the computed by the adversary is expired, so the adversary cannot pass the verification. Thus, our protocol achieves the forward security.

4.2. A Lower Bound of Inverting Hash Chain

Our construction is hard to invert because it is composed of multiple different hash functions that have different lengths. However, this is vulnerable to length extension attacks, especially when some hash functions are MD-based hash functions. To prevent this kind of attack, the server has to verify the length of the password first after receiving it.

The next crucial question is how difficult is it to invert our construction in our TOTP system. For clarity and completeness, we review some key theories before analysing the security of our scheme.

4.2.1. Lamport’s Construction

In the Lamport’s hash function, the attacker can utilize invalid passwords which have been authenticated in the past to invert the hash chain. As more and more passwords are collected, attackers will have a greater chance of obtaining a legitimate preimage by oracle query.

Furthermore, Håstad and Näslund show that, in a hash chain composed of the same hash function, the adversary inverts the -th iteration is actually times easier than inverting a single hash function. The representation is rearranged here for completeness and better understanding.

Theorem 1 (Inverting the original hash chain) (see [21]). Let A be an algorithm that tries to invert a hash function which makes oracle queries at most. Given for a randomly chosen x, then Moreover, succeeds with the probability at most .

4.2.2. T/Key’s Construction

Kogan et al. give a further analysis of the inverting hash chain which uses independent hash functions defined by a certain hash function through domain separation, which shows as Theorem 2.

Theorem 2 (Inverting the T/Key’s hash chain) (see [20]). Let functions be chosen independently and uniformly at random. Let be an algorithm that can get oracle queries to all of the functions which makes oracle queries at most overall. Thus, where .

Proof. We briefly prove this theorem which will prepare for the following proof of other theorems. Let be the values of the hash chain, i.e., , , and . The algorithm also needs to maintain a list , which records the oracle queries and their answers . For any query , if , responds with and adds to the list. Else if , replies with . Otherwise, chooses randomly. Thus, to invert the hash chain, at least one query result should collide with . It follows that Therefore,

Theorem 2 demonstrates that inverting a hash chain using independent hash function results in a loss of security by a factor of 2, but by a factor of if the same hash function is used in the entire chain. Inverting this construction is as hard as a single hash function. Moreover, in the proof, algorithm is designed to get oracle access to all the functions . In fact, these functions have the same domain as well as the function , which means that algorithm actually only gets oracle access to one hash function .

4.2.3. Our Construction

In our proposal, the hash chain is composed of different hash functions, and the attacker is hard to invert the chain due to the secrecy of the order of these functions. For an attacker who does not know , the entire hash chain can be regarded as consisting of multiple independent hash functions.

When the attacker wants to invert the chain, he has two choices. The attacker either “guesses” a hash function that may be the right one and queries (see Theorem 3), or averages T oracle queries to all hash functions (see Theorem 4). These two choices are both analysed.

Theorem 3. Let functions be different hash functions with distinct output length . Let be an algorithm that can get oracle queries to a certain hash function which can make oracle queries at most overall. Thus,

Proof. We say the attacker successfully inverts the hash chain when he finds a preimage that meets the length requirement. Let be an algorithm as in the statement of Theorem 2, and we used it to construct another algorithm for finding the preimage of the last iteration. The first step of is to select a hash function which is used in and Then, algorithm runs algorithm to get oracle access to hash function and query times at most and inputs the result to . It follows that According to Theorem 2, we know Overall, Therefore,

Theorem 4. Let functions be different hash functions with distinct output length . Let be an algorithm that can get oracle queries to all of the functions which makes oracle queries at most overall. Thus,

Proof. Let be an algorithm as in the statement of Theorem 2. We use it to construct another algorithm which finds the preimage of the last iteration of the hash chain. The algorithm runs algorithm first, which queries times at most to all hash functions, scilicet oracle queries for each function. The legal preimage could be got only from the query results which returned by the oracle access to , and the algorithm makes oracle queries to it.
Therefore, according to Theorem 3,

The above two theorems establish the difficulty of finding a preimage of the last iteration of the hash chain in the authentication scheme. And the difficulty of inverting the hash chain which is composed of different hash functions with different output length is further reduced to , where is the average length of these functions.

4.3. Formal Security Analysis

In the following, we show our protocol is provably secure in the random oracle model since the hash function behaves closely like a random oracle [22–24]. We first present a formal description of the proposed protocol before defining the security game, which is a tuple .

In the setup phase, the polynomial time algorithm takes as input the number of hash functions and the length of hash chain and outputs the password length . Next, the algorithm takes as input the password length and hash chain length and outputs the secret message and the verifier state . In the authentication phase, the prover outputs a one-time password by taking as input the secret message and a time . While the verifier takes as input the verifier state , one-time password and a time outputs a state that the password is accepted or rejected and a new verifier state . Afterwards, we are ready to define the attack game.

Attack Game 5. Let be a one-time password protocol and let be a random oracle. Given a challenger and an adversary , the attack game acts as follows: (i)Setup. The challenger generates password lengths (ii)KeyGen. The challenger generates by random oracle(iii)Password Query. The adversary sends a time to the challenger. The challenger generates a password , which is fed to the verifier (iv)Test. The adversary submits a password The attacker will win the game if the verifier output by . We denote as the probability that successfully impersonates as a legal user in the execution of protocol .

Theorem 6. Let be the proposed protocol in the Section 3. Let be a probabilistic polynomial-time adversary attacking the protocol that makes at most oracle queries with the length and the number of hash function .

Proof. Let be an algorithm stated before. We, using algorithm , construct algorithm that makes the oracle query of the last iteration of the hash chain. The adversary wins the game if and only if the verifier outputs by taking as input the password , i.e., . Without loss of generality, we assume that the verifier state . With the input , the algorithm runs to get a point and computes . If , then . Thus, the algorithm makes at most oracle queries. According to Theorem 3,

5. Discussions and Experiment

5.1. Degeneration

The hash chain constructed by us consists of different hash functions with different output length that can be freely selected by the mobile device or the server. This freedom of choice has caused more changes in our construction that needs to be discussed.

First and foremost, as shown in security analysis, the length of the hash chain is no longer a key factor affecting the difficulty of inverting the hash chain, but the quantity of hash function selected is a key factor. Obviously, the larger the value of , the more difficult to invert the hash chain. Furthermore, when there is only one hash function in the hash chain, our construction will degenerate to Lamport’s hash chain.

Second, the quantity of hash function with different output length is not unlimited. So, what happens if there are several functions that have the same output length, or the same hash function is used twice or more in the hash chain? At a macro level, it would be easier for an attacker to forge a password with this length because there is a greater probability of “guessing” the preimage correctly. If all the hash functions used in the hash chain have the same output length but the hash functions are different, it will degenerate into a special instance of T/Key’s construction. The chain is equivalent to connecting T/Key’s construction multiple times, and they have a similar difficulty for inverting the hash chain.

Last but most importantly, the security of our construction is guaranteed by the confidentiality of the order of these hash functions . If the is leaked, the difficulty of breaking our solution will be reduced to which is the same as the difficulty of inverting a single hash function, because the invalid password only provides a limited effect to the attacker. In theory, the probability that an attacker finds the order without any prior knowledge is . However, in practice, the mobile device (or application) authenticates to the server as a Poisson process. We will show how difficult it is for an attacker to guess if the attacker can eavesdrop on the authentication message through simulation in the next subsection.

5.2. Experimental Evaluation

As we analysed above, in our scheme, the order of hash functions is one part of the secret information . Once it is leaked, the security of our mechanism will be greatly affected. In this section, we run a simulation to compute the difficulty of the attacker finding and then implement our construction in a real smart mobile device.

Before starting the simulation, two crucial issues, the login pattern of the mobile device and the attacker’ behaviour, have to be discussed.

In the real world, it is reasonable that the login behaviour of a mobile device (or application) follows the Poisson Process, which means that the time interval between consecutive logins can be modelled using the exponential distribution. Thus, the probability density function that the next authentication of mobile device at time is where is the average login rate.

Then, we need to know how the attacker guesses the which actually has possible permutations . The authentication message intercepted by the attacker can help him/her to guess . Since the lengths of these authentication messages are totally random, it is hard for an attacker to guess based on the context between them. But, for , in the sequence of attacker owned, only appear after before appears. Thus, the attacker can count the number that appears through the sequence. We define that the attacker finds the real by the probability

Figure 4 shows how the probability of an attacker’s guesses the changes over time (per month). If the attacker can eavesdrop on every authentication message, as the number of chain value held by the attacker increases, the probability of the attacker’s success decreases. This is because when the attacker has fewer chain values, the higher probability of correct appearing makes the attacker more likely to succeed.

The conclusion still holds when we change the eavesdropping probability of the attacker. Figure 5 compares the probability that the attacker finds in the following eavesdropping probability: 0.2, 0.5, and 0.8, respectively. When , the probability peaks at third and fifth months, respectively. Meanwhile, due to the increasing number of hash chain values captured by attackers, the probability of attackers’ success is still decreasing. According to the law of large numbers, the probability that the attacker observes the correct approaches the theoretical value when the attacker has a large amount of hash chain values.

Theoretically, the probability that an attacker finds the correct is . While in our simulation, even if the attacker can intercept every authentication message, the probability does not exceed 0.0400. Therefore, an attacker eavesdropping on a channel does not increase the probability of finding the correct .

The experiment environment is set up as follows: The smart device is a HUAWEI Mate 30 smartphone with 2.86 GHz CPU and 6 GB RAM running Android 10, and the server is executed on a 2-core CPU and 1024 MB memory running Ubuntu 18.04.

We use 4 hash functions to instantiate our scheme discussed in Section 3, which are MD5, SHA-1, SHA-2, and BLACK2b, and the output length is 128 bits, 160 bits, 256 bits, and 512 bits, respectively. The time interval when each password is valid uses time slots of 30 seconds. We generate a hash chain with the length that would be valid in one year. We assume that mobile device login once a day on average (). Furthermore, an attacker eavesdrops on authentication message with a certain probability . These parameters used in simulation experiments are shown in Table 1.

As a comparison, we also implement Lamport’s hash chain with 4 kinds of hash functions, respectively. We evaluate the following time: mobile device setup time, average password generation time (mobile device), and average verification time (server). Table 2 shows the results.

As shown in Table 2, the MD5 and SHA-1 hash functions have better performance, while it is not a good choice to construct the Lamport’s hash chain because both of them are not secure enough [20, 21]. Our solution has the best computational performance on a mobile device while ensuring security. And the server only takes several milliseconds to verify the password which is acceptable in general. More experimental results can be obtained through online resources (https://github.com/qinglong-huang/hash_chains_experiments).

Both theoretical analyses in Section 4 and simulation experiments that we performed demonstrate that the hash chain scheme proposed in this paper is still harder to invert. Therefore, our scheme has better performance on computation and security.

6. Conclusion

In this paper, a novel construction of hash chain was presented, and a TOTP system based on this construction was designed for mobile device authentication. This system could be easily employed by some lightweight authentication schemes to ensure forward security or be applied as a second-factor authentication method replacing SMS-based authentication for mobile devices. We gave a formal security analysis regarding the difficulty of inverting the hash chain and demonstrate that the attacker inverting the hash chain in queries is at most. Besides, we discussed several situations that may reduce its security when the selection of hash function changes. Finally, we implemented the scheme on a smartphone, and the simulation result showed that even if an attacker can eavesdrop on every password; the probability that she/he uses these invalid passwords to guess successfully is not higher than the theoretical value. Therefore, our scheme met the higher security requirement in mobile device authentication.

Data Availability

Data available is on request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work is sponsored by the National Natural Science Foundations of China (Grant Nos. 61672297 and 62072252), the Key Research and Development Program of Jiangsu Province (Social Development Program, No. BE2017742), the Postgraduate Research & Practice Innovation Program of Jiangsu Province (Grant No. KYCX19_0908), and the Key Project on Anhui Provincial Natural Science Study by Colleges and Universities (Grant Nos. KJ2019A0579 and KJ2019A0554).

References

https://pages.nist.gov/800-63-3/sp800-63b.html#out-of-band.
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
View at: Publisher Site | Google Scholar
M. Shuai, B. Liu, N. Yu, and L. Xiong, “Lightweight and secure three-factor authentication scheme for remote patient monitoring using on-body wireless networks,” Security and Communication Networks, vol. 2019, Article ID 8145087, 14 pages, 2019.
View at: Publisher Site | Google Scholar
M. Alshahrani and I. Traore, “Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain,” Journal of Information Security and Applications, vol. 45, pp. 156–175, 2019.
View at: Publisher Site | Google Scholar
L. Xiong, N. Xiong, C. Wang, X. Yu, and M. Shuai, “An efficient lightweight authentication scheme with adaptive resilience of asynchronization attacks for wireless sensor networks,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, pp. 1–13, 2020.
View at: Publisher Site | Google Scholar
A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler, “SPINS: security protocols for sensor networks,” Wireless Networks, vol. 8, no. 5, pp. 521–534, 2002.
View at: Publisher Site | Google Scholar
H. Sun, K. Sun, Y. Wang, and J. Jing, “TrustOTP: transforming smartphones into secure one-time password tokens,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, pp. 976–988, Denver, CO, USA, 2015.
View at: Publisher Site | Google Scholar
E. Erdem and M. T. Sandikkaya, “OTPaaS-one time password as a service,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 743–756, 2019.
View at: Publisher Site | Google Scholar
C.-S. Park, “One-time password based on hash chain without shared secret and re-registration,” Computers & Security, vol. 75, pp. 138–146, 2018.
View at: Publisher Site | Google Scholar
Y. C. Hu, M. Jakobsson, and A. Perrig, “Efficient constructions for one-way hash chains,” in Applied Cryptography and Network Security. ACNS 2005, pp. 423–441, Springer, 2005.
View at: Publisher Site | Google Scholar
D. Liu and P. Ning, “Multilevel μTESLA,” ACM Transactions on Embedded Computing Systems, vol. 3, no. 4, pp. 800–836, 2004.
View at: Publisher Site | Google Scholar
T. Dai, H. P. Huang, R. C. Wang, and X. X. Pan, “Novel self-renewal hash chain based on Ito-Saito-Nishizeki secret sharing scheme,” The Journal of China Universities of Posts and Telecommunications, vol. 19, pp. 122–127, 2012.
View at: Publisher Site | Google Scholar
Z. Wei, “Self-updating hash chains based on erasure coding,” in 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering, pp. 173–175, Changchun, China, 2010.
View at: Publisher Site | Google Scholar
X.-Y. Yang, J.-J. Wang, J.-Y. Chen, and X.-Z. Pan, “A self-renewal hash chain scheme based on fair exchange idea(SRHC-FEI),” in 2010 3rd International Conference on Computer Science and Information Technology, pp. 152–156, Chengdu, China, 2010.
View at: Publisher Site | Google Scholar
H. Zhang and Y. Zhu, “Self-updating hash chains and their implementations,” in Web Information Systems – WISE 2006. WISE 2006, pp. 387–397, Springer, 2006.
View at: Publisher Site | Google Scholar
H. Zhang, X. Li, and R. Ren, “A novel self-renewal hash chain and its implementation,” in IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, pp. 144–149, Shanghai, China.
View at: Google Scholar
M. Q. Zhang, B. Dong, and X. Y. Yang, “A new self-updating hash chain scheme,” in 2009 International Conference on Computational Intelligence and Security, pp. 315–318, Beijing, China, 2009.
View at: Publisher Site | Google Scholar
D. Coppersmith and M. Jakobsson, “Almost optimal hash sequence traversal,” in Financial Cryptography. FC 2002, pp. 102–119, Springer, 2003.
View at: Publisher Site | Google Scholar
M. Jakobsson, “Fractal hash sequence representation and traversal,” in Proceedings IEEE International Symposium on Information Theory, Lausanne, Switzerland, 2002.
View at: Publisher Site | Google Scholar
D. Kogan, N. Manohar, and D. Boneh, “T/Key: second factor authentication from secure hash chains,” in Proceedings Article published 30 Oct 2017 in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 983–999, Dallas, TX, USA, 2017.
View at: Publisher Site | Google Scholar
J. Håstad and M. Näslund, “Practical construction and analysis of pseudo-randomness primitives,” in Advances in Cryptology — ASIACRYPT 2001. ASIACRYPT 2001, pp. 442–459, Springer, 2001.
View at: Publisher Site | Google Scholar
C. Wang, D. Wang, Y. Tu, G. Xu, and H. Wang, “Understanding node capture attacks in user authentication schemes for wireless sensor networks,” IEEE Transactions on Dependable and Secure Computing, vol. 5971, 2020.
View at: Publisher Site | Google Scholar
D. Wang, W. Li, and P. Wang, “Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081–4092, 2018.
View at: Publisher Site | Google Scholar
D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 708–722, 2018.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2020 Qinglong Huang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies