Group Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of Location

Yang, Zheng; Jin, Chenglu; Ning, Jianting; Dinh, Anh; Zhou, Jianying

doi:10.1145/3485832.3488009

Cited by 5 publications

(19 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, initiating the POL protocol might require the user to input a password or provide a scan of biometric data (e.g., face) to the device. Similar assumptions are commonly made in credential systems [18], [21], [22] and POL systems [2], [4], [29], [30]. In the work presented by Kounas et al [31], a video challenge and response mechanism for verifying strong identity, along with a simple timeout-based device location verification, are proposed.…”

Section: Related Workmentioning

confidence: 92%

“…Proof-of-location systems have been widely studied [2], [3], [4], [5], [6], [7], [8], [10], [13], [29], [30]. Lack of formal security model has led to attacks on POL systems, for example, absence of the message travel time measurements makes POL in [6] and [31] vulnerable to relay attacks.…”

Section: Related Workmentioning

confidence: 99%

“…User anonymity is considered in [5], [8], [29], [30], and [31]. [29], [30] only provide anonymity against the verifier, and do not have formal security models.…”

Section: Related Workmentioning

confidence: 99%

“…User anonymity is considered in [5], [8], [29], [30], and [31]. [29], [30] only provide anonymity against the verifier, and do not have formal security models. As in our work, pseudonyms have been used to provide user anonymity in [5], [8], and [31].…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Composable Anonymous Proof-of-Location With User-Controlled Offline Access

Akand

Avizheh

2023

IEEE Access

View full text Add to dashboard Cite

A proof-of-location (pol) is a digital credential issued to a user after proving their location to an issuer. The user can use the pol at a later time to prove to a verifier that they have been present at a claimed location. A secure Proof-of-Location (POL) system requires that pols be unforgeable and non-transferable to other users. POL systems can be used to provide fine-grained authentication and authorization and must ensure the privacy of the pol owner against the issuer and the verifier while allowing efficient presentation of pols combined with other credentials when needed. Efficiency is in terms of communication overhead in user-verifier POL sessions, which has particular significance in high-volume pol verification scenarios. We first propose a POL system that (i) is provably secure in a simulation-based framework, allowing a pol to be securely used with other credentials, and (ii) provides anonymity against the issuer and the verifier. We then extend the system to allow pols to be stored on a public distributed ledger system and selectively be presented to the verifiers by the user. This is the first POL system that satisfies the above properties. We implement POL algorithms on a mobile phone and present our experimental results showing the practicality of the system. Our proposed scheme is highly scalable compared to existing systems, reducing the user-verifier POL communication overhead by up to a factor of 94.

show abstract

Section: Related Workmentioning

confidence: 92%

Section: Related Workmentioning

confidence: 99%

“…User anonymity is considered in [5], [8], [29], [30], and [31]. [29], [30] only provide anonymity against the verifier, and do not have formal security models.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Composable Anonymous Proof-of-Location With User-Controlled Offline Access

Akand

Avizheh

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…We say that an HMACCE protocol is (t, , q l , MN)-secure, if there exists no PPT adversary that (t, , q l , MN)-breaks it. [38], [4], [39].…”

Section: Definition 1 (Hmacce Security) We Say a Ppt Adversarymentioning

confidence: 99%

HMACCE: Establishing Authenticated and Confidential Channel From Historical Data for Industrial Internet of Things

Jin

Yang

Xiang

et al. 2023

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Industrial Internet of Things (IIoT) is a new paradigm for building intelligent industrial control systems, and how to establish a secure channel in IIoT for machine-to-machine (M2M) communication is a critical problem because the devices in IIoT suffer from various attacks and may leak confidential information. Traditional authenticated and confidential channel establishment (ACCE) protocols neither apply for resource-constrained IIoT devices nor satisfy leakage resilience. In this paper, we introduce a new security notion: historical data based multi-factor ACCE (HMACCE) to address this issue and propose two HMACCE protocols. Our HMACCE protocols use three authentication factors, i.e., a symmetric secret key, historical data, and a set of secret tags associated with the historical data, to establish a secure communication channel between the client and the server. The key idea is to use the secret key managed by an IIoT edge device to quickly verify the relationship between the historical data and its associated tags stored on the server. Our HMACCE has the following remarkable features. First, it is lightweight and tailored for resource-constrained IIoT devices. Second, it is bounded historical tag leakage resilience, which means that if a small portion of the secret tags is leaked to an adversary, it will not affect its security with an overwhelming probability. Moreover, as a security enhancement service, our HMACCE can be easily integrated with legacy IIoT devices by running simple authenticated key exchange protocols.

show abstract

A Lightweight Zone Authentication Scheme with Auto-Refreshing Pseudonyms for C-V2X

Ba,

Yang,

2023

2023 19th International Conference on Mobility, Sensing and Networking (MSN)

View full text Add to dashboard Cite

Group Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of Location

Cited by 5 publications

References 44 publications

Composable Anonymous Proof-of-Location With User-Controlled Offline Access

Composable Anonymous Proof-of-Location With User-Controlled Offline Access

HMACCE: Establishing Authenticated and Confidential Channel From Historical Data for Industrial Internet of Things

A Lightweight Zone Authentication Scheme with Auto-Refreshing Pseudonyms for C-V2X

Contact Info

Product

Resources

About