Professional Documents
Culture Documents
Abstract—Device-to-Device (D2D) communications play next generation mobile communication networks and wireless
a key role in the next generation mobile communication net- systems (5G) [1], [2] and the Internet of Things (IoT) ecosystem
works and wireless systems (5G) and the Internet of Things [3], [4]. D2D communications have shown great potential for
ecosystem. D2D group communications are significant for
group based services. In spite of its benefits, new appli- reducing communication delay, improving communication ca-
cation scenarios and new system architecture expose the pability, as well as fostering multifarious new applications and
D2D group communications to unique security threats. Al- services. D2D group communications is one of significant use
though there are numerous studies on security and privacy cases to provide group based services, e.g., group gaming and
in two-user D2D communications, a lack of solutions on group chatting.
secure and privacy-preserving D2D group communications
would restrict their wide usage. In this paper, we propose While there are numerous benefits, new application scenar-
two privacy-preserving authentication and key Agreement ios and specific system architecture expose D2D communica-
protocols (PPAKA-HAMC and PPAKA-IBS) to guarantee se- tions into unique security and privacy threats [5]. User iden-
cure and anonymous D2D group communications. In our tity authentication and key agreement is one of the basic but
protocols, a group of D2D users mutually authenticate with significant security issues for establishing a secure communi-
each other without leaking their identity information while
negotiate a common D2D group session key for secure com- cation channel between D2D devices. Some authentication and
munications in a D2D session. Formal security analysis and key agreement schemes [6]–[11] have been proposed for se-
comprehensive performance evaluation show security and curing D2D communication sessions. But, they only addressed
effectivity of our protocols. secure D2D communications between two users in the coverage
Index Terms—Anonymous authentication, device-to- of a service network (SN). D2D group communications have
device (D2D) communications, key agreement, privacy more complex security requirements compared with the two-
preservation. user scenario, such as key agreement and management. So far,
only few schemes have been proposed for secure group D2D
communications. Recently, in [12] and [13], two protocols to
I. INTRODUCTION
provide secure D2D communications with group information
EVICE-TO-DEVICE (D2D) communications were pro-
D posed as one of the promising technologies for communi-
cations in proximity. It is supposed to play as a key role in the
anonymity have been proposed. However, these protocols can
only address secure communications between two users. The
group anonymity is designed for protecting group information,
not for group communication session establishment. They suf-
Manuscript received August 28, 2017; revised November 6, 2017; ac- fer from high performance overhead and cannot resist internal
cepted November 23, 2017. Date of publication November 28, 2017;
date of current version August 1, 2018. This work was supported in part
attacks raised by malicious users in the group.
by the NSFC under Grant 61672410 and Grant U1536202, in part by Moreover, users in a group-based service show high concern
the National Key Research and Development Program of China under on their privacy. It is obviously not wise to disclose user pri-
Grant 2016YFB0800704, in part by the Project Supported by Natural Sci-
ence Basic Research Plan in Shaanxi Province of China under Program
vacy, especially identity information to any strangers, even other
2016ZDJC-06, in part by the 111 Project under Grant B08038 and Grant users in a same group. In particular, group communication data
B16037, and in part by the Academy of Finland under Grant 308087. should not be disclosed to any outsiders, including SN. Private
Paper no. TII-17-1955. (Corresponding author: Zheng Yan.)
M. Wang is with the State Key Laboratory on Integrated Services
information leakage may harm the safety of user properties.
Networks, School of Cyber Engineering, Xidian University, Xi’an 710071, However, the current literature still lacks solutions on secure
China (e-mail: wangmingjun1987@hotmail.com). and privacy-preserving D2D group communications.
Z. Yan is with the State Key Laboratory on Integrated Services Net-
works, School of Cyber Engineering, Xidian University, Xi’an 710071,
In this paper, we propose two privacy-preserving authentica-
China, and also with the Department of Communications and Net- tion and key agreement protocols (PPAKAs) to establish secure
working, Aalto University, Espoo 02150, Finland (e-mail: zhengyan.pz@ and anonymous D2D group communications. In the proposed
gmail.com).
Color versions of one or more of the figures in this paper are available
protocols, a group of D2D users, with the support of SN, mu-
online at http://ieeexplore.ieee.org. tually authenticate with each other without leaking their real
Digital Object Identifier 10.1109/TII.2017.2778090 identities, while at the same time they negotiate a common
1551-3203 © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
3638 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
WANG AND YAN: PRIVACY-PRESERVING AUTHENTICATION AND KEY AGREEMENT PROTOCOLS FOR D2D GROUP COMMUNICATIONS 3639
A. PPAKA–HMAC dif
PIDi = (Pseud, ExpiryTime) ,
In this section, we describe the first protocol PPAKA–HMAC.
The detailed processes are illustrated in Figs. 2–4, marked with where ExpriryTime denotes the valid period of PIDi ,
yellow and green color. 3) SN sends PIDi and system parameters to UEi via a secure
1) System Setup: The following steps are executed by SN channel.
to generate system parameters: In addition, SN locally maintains a table to manage the re-
On input a security parameter 1k , SN selects an appropriate lated information of UEi , i.e., the real identity RIDi and the
system prime q and a multiplicative group G of order q − 1 pseudonyms PIDi .
with generator g. It also chooses a cryptographic hash functions: 3) D2D Discovery: For not losing generality, as shown in
H1 : G → Z∗q . Fig. 3, we assume that n D2D users UE1 , UE2 , . . . , UEn
2) User Registration: User UEi with real identifier RIDi with pseudonyms PID1 , PID2 , . . . , PIDn discover each other
should firstly perform user registration with SN in order to get through a D2D discovery process. For more details about a
its pseudonym. The following steps should be performed in D2D discovery process, please refer to [26]. All UEs that want
turns: to establish a secure D2D communication group should anony-
1) UEi sends a registration request including its real identi- mously authenticate each other and generate a secure group
fier RIDi to SN. session key, which is described as below.
2) Once receiving the request and checking the eligibility 4) Session Request: In order to establish a secure D2D
of UEi , SN generates a pseudonym PIDi for UEi . The communication group, UEi (i = 1, . . . , n) sends a request mes-
pseudonym plays the same role as the real identity in au- sage Mireq about D2D group session establishment to SN, where
thentication and secure communications, but can protect the message is consist of the pseudonyms of UEi and the other
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
3640 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
WANG AND YAN: PRIVACY-PRESERVING AUTHENTICATION AND KEY AGREEMENT PROTOCOLS FOR D2D GROUP COMMUNICATIONS 3641
R
Ki+(n
?
= KiL . HMAC(Mj ) from other UEs in the group. The UE compares
−1)
the received HMAC(Mj ) and HMAC(Mj ) to the values com-
If the verification fails, UEi aborts; otherwise, UEi computes puted by itself using its HMAC key KSIDm ac
I
got from SN. KSID
m ac
I
the session key SSKSID i
I
: is a secret generated by SN for each group session and is dis-
tributed to all group session members. Since the connections be-
SSKSID
i
I
= K1R · K2R · · · KnR . tween SN and UE are assumed secure, only the UE in the group
It is obvious that all honest users compute the same key has KSID
m ac
I
and can calculate HMAC(Mj ) and HMAC(Mj )
SSKSID I = g x 1 x 2 +x 2 x 3 +···+x n x 1 . correctly. If the comparison between received ones and the cal-
6) Group Session Activation: Furthermore, in order to guar- culated result is positive, the UE can authenticate that the re-
antee the session key shared among all group users are same and ceived HMAC(Mj ) and HMAC(Mj ) are originated from an
active the group session, UEi hashes its self-generated session eligible UE in the group without revealing the real ID of it.
key as key seed SeedSID i
I
= H1 (SSKSID
i
I
) and sends SeedSID
i
I 3) Identity Anonymity:
to SN for verification. Proof: Since each UE uses a pseudonym, which is generated
Upon receiving all session key seeds from the group users, and distributed by SN randomly, instead of a real identity in
SN compares if all seeds are equal. If so, SN stores SeedSID I the group communications, only SN and UE itself can map
in a session management table and actives this group session the pseudonym with its real identity. The probability for an
SIDI by sending all group users an activation message. After adversary to reveal the real identity behind the pseudonym is
receiving the activation message, all group users can securely negligible. Thus, the identity privacy can be protected.
communicate with each other in this session using SSKSID I
. 4) Discussion: PPAKA-HMAC achieves secure session key
i
agreement, user anonymous authentication and group privacy
B. Security Analysis on PPAKA-HMAC preservation. It can resist external attacks who do not have the
HMAC key KSID m ac
I
. However, if a user inside the group does
In this section, we discuss security issues of the pro- not follow the protocol honestly and behaves maliciously, the
posed PPAKA-HMAC protocol according to our security protocol is unable to resist the attacks raised by these malicious
objectives. users. In order to resist internal attacks, we design the second
1) Secure Session Key Establishment: After successful pro- protocol in the following section. For other security properties,
tocol execution, a session key will be shared by all group mem- like internal attack resistance, group forward secrecy, and group
bers securely. forward secrecy, we will prove them in Section IV-E.
Proof: Our protocols are secure against both passive and ac-
tive adversaries under decisional Diffie–Hellman assumption.
Herein, we assume that the adversaries are external attackers C. PPAKA-IBS
outside of the group. They are capable of eavesdropping (pas- In this section, we propose the second protocol for secure
sive adversary), intercepting and modifying messages (active group D2D communications with privacy-preservation. This
adversary). Our proof follows security proof of authenticated protocol defends against internal attacks raised by malicious
key agreement protocol in [27]. We take advantage of HMAC group users by taking advantage of IBS instead of HMAC.
instead of digital signature used in [27]. We assume that HMAC The process of PPAKA-IBS is similar to PPAKA-HMAC ex-
is secure, then prove the claim below: cept for some operations in each phase. For concise description,
Claim 1: Let forge be the event that all HMACs are forged we present this protocol by emphasizing its difference from
by adversary A, then Prob[Forge] ≤ AdvHM AC (t ). PPAKA-HMAC and omitting their common processes. The de-
Proof of Claim: We assume that A is a polynomial tailed procedures of PPAKA-IBS are illustrated in Figs. 2–4,
time adversary of PPAKA-HMAC. It forges HMACs by marked with blue and green color.
querying send (V, i, M ), where M = SIDI |PID|l|Xi |HMACi , 1) System Setup: SN executes following operations to gen-
V (KSID
m ac
I
, SIDI |PID|l|Xi , HMACi ) = 1. V is the verifica- erate system parameters: On input a security parameter 1k ,
tion algorithm of HMAC. Using A, we construct an algorithm SN generates a tuple {G, GT , q, g, gt = e(g, g)} as defined
F to forges HMACs as follows: The forger F simulates all or- in [28]. Then, SN picks a random number s ∈ Z∗q as a sys-
acle queries of A by executing protocol PPAKA-HMAC and tem master key and computes Kpub = g s as a system pub-
obtaining the necessary information related to HMAC signa- lic key. It also chooses three cryptographic hash functions:
ture. If A ever ouputs a new valid message HMAC pairing with H1 : G → Z∗q , H2 : {0, 1}∗ → G and H3 : {0, 1}∗ → Z∗q . Fi-
respect to HMAC key KSID m ac
I
, F outputs this pair as its forgery. nally, SN keeps s secretly and publishes the system parameters
The success probability of F is parmas = {G, GT , q, g, gt , e, Kpub , H1 , H2 , H3 }.
2) User Registration: In this phase, UEi registers into SN
Prob [Forge] ≤ AdvHM AC (t ) .
with its real identifier RIDi just like the processes in PPAKA-
Thus, we can get the result of our proof following the proof HMAC except that UEi gets an extra public\private key pair
of Theorem 4.2 in [27]. from SN. The detail of this extra operation is shown as follows.
2) Anonymous User Authentication: After generating pseudonym PIDi for UEi , SN computes
Proof: In PPAKA-HMAC, UE achieves anonymous authen- the public/private key pair associating with PIDi for UEi ,
tication by verifying HMAC(Mj ) from their neighbors and where public key PKi = H2 (PIDi ) ∈ G and private key SKi =
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
3642 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
PKi s ∈ G. Then, SN sends PIDi , the corresponding key pair 2) compute Ui = g y i , hi = H3 (Mi , Ui ), and Vi =
PKi /SKi and the system parameters parmas to UEi via a secure PKi y i · SKi h i ;
channel and stores information of UEi , which includes RIDi , 3) sign a signature on message Mi as σi = (Ui , Vi ).
PIDi , and PKi /SKi . Finally, UEi broadcasts Mi |σi to all the other group users
3) D2D Discovery: The D2D Discovery phase is the same UEj , where j = 1, 2, . . . , n, j = i.
as the operations in PPAKA-HMAC. In key generation as shown in Fig. 4, upon receiving
4) Session Request: In this phase, UEi sends a request mes- all second key agreement messages Mi |σi from UEj (j =
sage to SN for D2D group session establishment and gets session 1, 2, . . . , n, j = i), UEi first verifies all signatures in a batch as
related information from SN. The process of this phase is similar follows:
to PPAKA-HMAC except that SN does not generate the HMAC 1) compute UEj ’s public key PKj = H2 (PIDj );
key KSIDm ac
I
for all users in the group. So, the response message 2) compute hi = H3 (Mi , Ui );
rsp
MSID I in PPAKA-IBS only consists of the group session iden- ?
3) verify e(g, nj= i,1 Vi ) = nj= i,1 e(P Kj , Ui · Kpub h i )
tifier SIDI and the ring structure of group users’ pseudonyms
and accept UEj and Mj if the verification equation holds.
PSID I = {PID1 , . . . , PIDn }, which is described as follows:
After verification, UEi computes the session key SSKSID i
I
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
WANG AND YAN: PRIVACY-PRESERVING AUTHENTICATION AND KEY AGREEMENT PROTOCOLS FOR D2D GROUP COMMUNICATIONS 3643
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
3644 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
TABLE I TABLE II
COMPUTATION COMPLEXITY OF PPAKAS COMMUNICATION OVERHEAD COMPARISONS
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
WANG AND YAN: PRIVACY-PRESERVING AUTHENTICATION AND KEY AGREEMENT PROTOCOLS FOR D2D GROUP COMMUNICATIONS 3645
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
3646 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
that the operation time of both protocols increases linearly with [9] H. Kwon, C. Hahn, D. Kim, K. Kang, and J. Hur, “Secure device-to-device
the number of joining users except one user joining case. The authentication in mobile multi-hop networks,” in Proc. Int. Conf. Wireless
Algorithms, Syst. Appl., 2014, pp. 267–278.
reason is that, in one user joining case, the joining user joins the [10] A. Zhang, J. Chen, R. Q. Hu, and Y. Qian, “SeDS: Secure data shar-
group by only conducting DHKE with one existing member. No ing strategy for D2D communication in LTE-advanced networks,” IEEE
new group is built. When more than one users join the group, a Trans. Veh. Technol., vol. 65, no. 4, pp. 2659–2672, Apr. 2016.
[11] A. Zhang, L. Wang, X. Ye, and X. Lin, “Light-weight and robust security-
new group should be built first, which makes the operation time aware d2d-assist data transmission protocol for mobile-health systems,”
increases linearly with the number of joining users. In Scenario IEEE Trans. Inf. Forensics Security, vol. 12, no. 3, pp. 662–675, Mar.
4, since the operations for old member leaving and new user 2017.
[12] R.-H. Hsu and J. Lee, “Group anonymous D2D communication with end-
joining are independent and operated in turn, the operation time to-end security in LTE-A,” in Proc. IEEE Conf. Commun. Netw. Security,
of key update in this scenario is the addition of that in Scenario 2015, pp. 451–459.
2 and Scenario 3. Thus, it is not shown in Fig. 7. [13] R.-H. Hsu, J. Lee, T. Q. Quek, and J.-C. Chen, “GRAAD: Group
anonymous and accountable D2D communication in mobile networks,”
With regard to the success rate of group session establishment, IEEE Trans. Inf. Forensics Security, vol. 13, no. 12, pp. 449–464, Feb.
we think it is meaningful to test it in a real D2D communication 2017.
system since it is impacted by many factors in reality (e.g., [14] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans.
Inf. Theory, vol. 22, no. 6, pp. 644–654, Nov. 1976.
environmental factors, bandwidth, available spectrum, battery [15] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based
level and computation capacity of UE, etc.). Some important encryption,” in Proc. IEEE Symp. Security Privacy, 2007, pp. 321–334.
impact factors are not related to protocol design. This paper work [16] H. Xiong and Z. Qin, “Revocable and scalable certificateless remote au-
thentication protocol with anonymity for wireless body area networks,”
focuses on secure D2D group communication protocol design. IEEE Trans. Inf. Forensics Security, vol. 10, no. 7, pp. 1442–1455,
Security and operation performance evaluation is our focus. Jul. 2015.
[17] C.-M. Yu, C.-S. Lu, and S.-Y. Kuo, “Noninteractive pairwise key estab-
lishment for sensor networks,” IEEE Trans. Inf. Forensics Security, vol. 5,
VI. CONCLUSION no. 3, pp. 556–569, Sep. 2010.
[18] J. Liu, Z. Zhang, X. Chen, and K. S. Kwak, “Certificateless remote
In this paper, we proposed two privacy-preserving authenti- anonymous authentication schemes for wirelessbody area networks,”
cation and key agreement protocols for group D2D communica- IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 332–342, Feb.
tions. The first protocol PPAKA-HMAC helps a group of D2D 2014.
[19] H. Xiong, “Cost-effective scalable and anonymous certificateless remote
users establish a secure D2D group session without leaking their authentication protocol,” IEEE Trans. Inf. Forensics Security, vol. 9,
identity privacy. It is secure against external malicious attackers no. 12, pp. 2327–2339, Dec. 2014.
with lightweight operations. The second protocol PPAKA-IBS [20] Y. Sun, R. Lu, X. Lin, X. Shen, and J. Su, “An efficient pseudonymous
authentication scheme with strong privacy preservation for vehicular com-
can establish secure D2D group communications by provid- munications,” IEEE Trans. Veh. Technol., vol. 59, no. 7, pp. 3589–3603,
ing better security than PPAKA-HMAC in terms of resisting Sep. 2010.
internal attacks. Formal security analysis and extensive experi- [21] A. Wasef and X. Shen, “EMAP: Expedite message authentication protocol
for vehicular ad hoc networks,” IEEE Trans. Mobile Comput., vol. 12,
mental test showed the security, efficiency, and effectiveness of no. 1, pp. 78–89, Jan. 2013.
our protocols. [22] J. Li, H. Lu, and M. Guizani, “ACPN: A novel authentication frame-
With regard to future work, we will further test the success work with conditional privacy-preservation and non-repudiation for
VANETs,” IEEE Trans. Parallel Distrib. Syst., vol. 26, no. 4, pp. 938–948,
rate of group session establishment in a 5G D2D communication Apr. 2015.
test bed in order to evaluate the real applicability of our proposed [23] A. Castiglione, P. D’Arco, A. De Santis, and R. Russo, “Secure group com-
protocols. munication schemes for dynamic heterogeneous distributed computing,”
Future Gener. Comput. Syst., vol. 74, pp. 313–324, 2017.
[24] A. Castiglione, A. De Santis, B. Masucci, F. Palmieri, A. Castiglione,
REFERENCES and X. Huang, “Cryptographic hierarchical access control for dynamic
structures,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 10, pp. 2349–
[1] K. Doppler, M. Rinne, C. Wijting, C. B. Ribeiro, and K. Hugl, “Device-to- 2364, Oct. 2016.
device communication as an underlay to LTE-advanced networks,” IEEE [25] A. Castiglione, A. De Santis, B. Masucci, F. Palmieri, X. Huang, and
Commun. Mag., vol. 47, no. 12, pp. 42–49, Dec. 2009. A. Castiglione, “Supporting dynamic updates in storage clouds with the
[2] P. Janis et al., “Device-to-device communication underlaying cellular Akl–Taylor scheme,” Inf. Sci., vol. 387, pp. 56–74, 2017.
communications systems,” Int. J. Commun., Netw. Syst. Sci., vol. 2, no. 3, [26] “Study on architecture enhancements to support proximity-based services
pp. 169–178, 2009. (ProSe),” Stage 2, 3rd Generation Partnership Project; Technical Specifi-
[3] O. Bello and S. Zeadally, “Intelligent device-to-device communication cation Group Services and System Aspects; 3GPP TS 23.3034, V15.0.0,
in the internet of things,” IEEE Syst. J., vol. 10, no. 3, pp. 1172–1182, Jun. 2017.
Sep. 2016. [27] R. Dutta and R. Barua, “Provably secure constant round contributory group
[4] L. Militano, G. Araniti, M. Condoluci, I. Farris, and A. Iera, “Device-to- key agreement in dynamic setting,” IEEE Trans. Inf. Theory, vol. 54, no. 5,
device communications for 5g internet of things,” EAI Endorsed Trans. pp. 2007–2025, May 2008.
Internet Things, vol. 1, no. 1, pp. 1–15, 2015. [28] D. Boneh and M. Franklin, “Identity-based encryption from the Weil
[5] M. Wang and Z. Yan, “A survey on security in D2D communications,” pairing,” in Proc. Adv. Cryptol., 2001, pp. 213–229.
Mobile Netw. Appl., vol. 22, no. 2, pp. 195–208, 2017. [29] J. Katz and J. S. Shin, “Modeling insider attacks on group key-exchange
[6] M. Wang, Z. Yan, and V. Niemi, “UAKA-D2D: Universal authentication protocols,” in Proc. 12th ACM Conf. Comput. Commun. Security, 2005,
and key agreement protocol in D2D communications,” Mobile Netw. Appl., pp. 180–189.
vol. 22, no. 3, pp. 510–525, 2017. [30] R. Canetti, “Universally composable security: A new paradigm for crypto-
[7] W. Shen, W. Hong, X. Cao, B. Yin, D. M. Shila, and Y. Cheng, “Secure graphic protocols,” in Proc. 42nd IEEE Symp. Found. Comput. Sci., 2001,
key establishment for device-to-device communications,” in Proc. IEEE pp. 136–145.
Global Commun. Conf., 2014, pp. 336–340. [31] PBC: The pairing-based cryptography library, 2013. [Online]. Available:
[8] L. Goratti, G. Steri, K. M. Gomez, and G. Baldini, “Connectivity and https://crypto.stanford.edu/pbc/
security in a D2D communication protocol for public safety applications,” [32] OpenSSL, “SSL/TLS Toolkit,” 2011, [Online]. Available: http://www.
in Proc. 11th Int. Symp. Wireless Commun. Syst., 2014, pp. 548–552. openssl.org
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.
WANG AND YAN: PRIVACY-PRESERVING AUTHENTICATION AND KEY AGREEMENT PROTOCOLS FOR D2D GROUP COMMUNICATIONS 3647
Mingjun Wang received the B.Sc. degree in Zheng Yan (M’06–SM’14) received the B.Eng.
communication and information systems from degree in electrical engineering and the M.Eng.
Henan Normal University, Xinxiang, China, in degree in computer science and engineering,
2011. He is currently working toward the Ph.D. both from Xi’an Jiaotong University, Xi’an, China,
degree in information security at Xidian Univer- in 1994 and 1997, respectively, the second
sity, Xi’an, China. M.Eng. degree in information security from the
His research interests include security, pri- National University of Singapore, Singapore, in
vacy and trust management in the next gen- 2000, and the Licentiate of Science and the Doc-
eration mobile communication networks and tor of Science degrees in technology in electri-
wireless systems, social networking and cloud cal engineering from Helsinki University of Tech-
computing. nology, Helsinki, Finland, in 2005 and 2007,
respectively.
She is currently a Professor at Xidian University, Xi’an, China, and a
Visiting Professor at the Aalto University, Espoo, Finland. Her research
interests are in trust, security and privacy.
Prof. Yan is an Organization and Program Committee Member for
numerous international conferences. She is also an Associate Editor of
many reputable journals, e.g., Information Sciences, Information Fusion,
IEEE INTERNET OF THINGS JOURNAL, IEEE ACCESS, and others.
Authorized licensed use limited to: MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY. Downloaded on April 27,2022 at 06:35:07 UTC from IEEE Xplore. Restrictions apply.