Lightweight secure key establishment to create a secure channel between entities in a crowdsourcing environment

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Pervasive and Mobile Computing Pub Date : 2025-06-09 DOI:10.1016/j.pmcj.2025.102078

Mahdi Nikooghadam, Hamid Reza Shahriari

{"title":"Lightweight secure key establishment to create a secure channel between entities in a crowdsourcing environment","authors":"Mahdi Nikooghadam, Hamid Reza Shahriari","doi":"10.1016/j.pmcj.2025.102078","DOIUrl":null,"url":null,"abstract":"<div><div>The concept of crowdsourcing uses shared intelligence to solve complex tasks through group collaboration. Crowdsourcing involves gathering information and opinions from participants who submit their data, or solutions, over the Internet using a specific program. Given that the communication environment for crowdsourcing platforms is the Internet, there is a significant opportunity for attackers to compromise the confidentiality and integrity of information and violate participants’ privacy. Despite the great benefits of crowdsourcing, concerns about security and privacy are growing and require attention. Unfortunately based on our knowledge, the schemes presented to preserve security and privacy in crowdsourcing are susceptible to security and privacy attack and have a high computational and communication overhead. Therefore, they are not appropriate for crowdsourcing environments. This paper presents an ultra-lightweight authentication and key establishment protocol based on hash functions. This protocol meets all security requirements, is invulnerable to known attacks, and imposes a very low network overhead. The security of the proposed scheme has been formally proved, depicting the resistance of the proposed scheme to different types of possible attacks. In addition, the robustness of the proposed scheme against potential attacks has been proven through Scyther’s automatic software validation tool. The performance evaluation ultimately demonstrated that the proposed protocol incurs significantly reduced computational and communication costs compared to previous schemes and is very suitable for the crowdsourcing environment.</div></div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":"112 ","pages":"Article 102078"},"PeriodicalIF":3.0000,"publicationDate":"2025-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119225000677","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The concept of crowdsourcing uses shared intelligence to solve complex tasks through group collaboration. Crowdsourcing involves gathering information and opinions from participants who submit their data, or solutions, over the Internet using a specific program. Given that the communication environment for crowdsourcing platforms is the Internet, there is a significant opportunity for attackers to compromise the confidentiality and integrity of information and violate participants’ privacy. Despite the great benefits of crowdsourcing, concerns about security and privacy are growing and require attention. Unfortunately based on our knowledge, the schemes presented to preserve security and privacy in crowdsourcing are susceptible to security and privacy attack and have a high computational and communication overhead. Therefore, they are not appropriate for crowdsourcing environments. This paper presents an ultra-lightweight authentication and key establishment protocol based on hash functions. This protocol meets all security requirements, is invulnerable to known attacks, and imposes a very low network overhead. The security of the proposed scheme has been formally proved, depicting the resistance of the proposed scheme to different types of possible attacks. In addition, the robustness of the proposed scheme against potential attacks has been proven through Scyther’s automatic software validation tool. The performance evaluation ultimately demonstrated that the proposed protocol incurs significantly reduced computational and communication costs compared to previous schemes and is very suitable for the crowdsourcing environment.

查看原文本刊更多论文

轻量级安全密钥建立，在众包环境中创建实体之间的安全通道

众包的概念是利用共享的智慧，通过团队协作来解决复杂的任务。众包包括从参与者那里收集信息和意见，这些参与者通过特定的程序在互联网上提交他们的数据或解决方案。鉴于众包平台的通信环境是互联网，攻击者有很大的机会破坏信息的保密性和完整性，侵犯参与者的隐私。尽管众包带来了巨大的好处，但对安全和隐私的担忧也在增加，需要引起人们的关注。不幸的是，根据我们的知识，在众包中提出的保护安全和隐私的方案容易受到安全和隐私攻击，并且具有很高的计算和通信开销。因此，它们不适合众包环境。提出了一种基于哈希函数的超轻量级认证和密钥建立协议。该协议满足所有安全需求，不受已知攻击的影响，并且网络开销非常低。提出的方案的安全性得到了正式证明，描述了提出的方案对不同类型可能的攻击的抵抗力。此外，所提出的方案对潜在攻击的鲁棒性已通过Scyther的自动软件验证工具得到验证。性能评估最终表明，与以前的方案相比，所提出的协议大大减少了计算和通信成本，非常适合众包环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Pervasive and Mobile Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

7.70

自引率

2.30%

发文量

审稿时长

68 days

期刊介绍： As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies. The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.