With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protecti...With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.展开更多
The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective se...The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λi of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server Sj and members Ci,with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memo...In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memory consumption.Given this,based on snapshot compressive ghost imaging,a public network cryptographic key distribution protocol is proposed,where the cryptographic keys and joint authentication information are encrypted into several color block diagrams to guarantee security.It transforms the previous single-pixel sequential multiple measurements into multi-pixel single exposure measurements,significantly reducing sampling time and memory storage.Both simulation and experimental results demonstrate the feasibility of this protocol and its ability to detect illegal attacks.Therefore,it takes GCKD a big step closer to practical applications.展开更多
Preserving privacy is imperative in the new unmanned aerial vehicle(UAV)-assisted mobile edge computing(MEC)architecture to ensure that sensitive information is protected and kept secure throughout the communication.S...Preserving privacy is imperative in the new unmanned aerial vehicle(UAV)-assisted mobile edge computing(MEC)architecture to ensure that sensitive information is protected and kept secure throughout the communication.Simultaneously,efficiency must be considered while developing such a privacy-preserving scheme because the devices involved in these architectures are resource constrained.This study proposes a lightweight and efficient authentication scheme for theUAV-assistedMECenvironment.The proposed scheme is a hardware-based password-less authentication mechanism that is based on the fact that temporal and memory-related efficiency can be significantly improved while maintaining the data security by adopting a hardwarebased solution with a simple implementation.The proposed scheme works in four stages:system initialization,EU registration,EU authentication,and session establishment.It is implemented as a single hardware chip comprising registers and XOR gates,and it can run the entire process in one clock cycle.Consequently,the proposed scheme has significantly higher efficiency in terms of runtime and memory consumption compared to other prevalent methods in the area.Simulations are conducted to evaluate the proposed authentication algorithm.The results show that the scheme has an average execution time of 0.986 ms and consumes average memory of 34 KB.The hardware execution time is approximately 0.39 ns,which is a significantly less than the prevalent schemes,whose execution times range in milliseconds.Furthermore,the security of the proposed scheme is examined,and it is resistant to brute-force attacks.Around 1.158×10^(77) trials are required to overcome the system’s security,which is not feasible using fastest available processors.展开更多
Smartphones have now become an integral part of our everyday lives.User authentication on smartphones is often accomplished by mechanisms(like face unlock,pattern,or pin password)that authenticate the user’s identity...Smartphones have now become an integral part of our everyday lives.User authentication on smartphones is often accomplished by mechanisms(like face unlock,pattern,or pin password)that authenticate the user’s identity.These technologies are simple,inexpensive,and fast for repeated logins.However,these technologies are still subject to assaults like smudge assaults and shoulder surfing.Users’touch behavior while using their cell phones might be used to authenticate them,which would solve the problem.The performance of the authentication process may be influenced by the attributes chosen(from these behaviors).The purpose of this study is to present an effective authentication technique that implicitly offers a better authentication method for smartphone usage while avoiding the cost of a particular device and considering the constrained capabilities of smartphones.We began by concentrating on feature selection methods utilizing the grey wolf optimization strategy.The random forest classifier is used to evaluate these tactics.The testing findings demonstrated that the grey wolf-based methodology works as a better optimum feature selection for building an implicit authentication mechanism for the smartphone environment when using a public dataset.It achieved a 97.89%accuracy rate while utilizing just 16 of the 53 characteristics like utilizing minimum mobile resources mainly;processing power of the device and memory to validate individuals.Simultaneously,the findings revealed that our approach has a lower equal error rate(EER)of 0.5104,a false acceptance rate(FAR)of 1.00,and a false rejection rate(FRR)of 0.0209 compared to the methods discussed in the literature.These promising results will be used to create a mobile application that enables implicit validation of authorized users yet avoids current identification concerns and requires fewer mobile resources.展开更多
With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing ...With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.展开更多
Face authentication is an important biometric authentication method commonly used in security applications.It is vulnerable to different types of attacks that use authorized users’facial images and videos captured fr...Face authentication is an important biometric authentication method commonly used in security applications.It is vulnerable to different types of attacks that use authorized users’facial images and videos captured from social media to perform spoofing attacks and dynamic movements for penetrating secur-ity applications.This paper presents an innovative challenge-response emotions authentication model based on the horizontal ensemble technique.The proposed model provides high accurate face authentication process by challenging the authorized user using a random sequence of emotions to provide a specific response for every authentication trial with a different sequence of emotions.The proposed model is applied to the KDEF dataset using 10-fold cross-valida-tions.Several improvements are made to the proposed model.First,the VGG16 model is applied to the seven common emotions.Second,the system usability is enhanced by analyzing and selecting only the four common and easy-to-use emotions.Third,the horizontal ensemble technique is applied to enhance the emotion recognition accuracy and minimize the error during authen-tication processes.Finally,the Horizontal Ensemble Best N-Losses(HEBNL)is applied using challenge-response emotion to improve the authentication effi-ciency and minimize the computational power.The successive improvements implemented on the proposed model led to an improvement in the accuracy from 92.1%to 99.27%.展开更多
The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuou...The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuous authentication initiating to be loftier to conventional authentication mechanisms by continuously confirming users’identities on continuing basis and mark the instant at which an illegitimate hacker grasps dominance of the session.However,divergent issues remain unaddressed.This research aims to investigate the power of Deep Reinforcement Learning technique to implicit continuous authentication for mobile devices using a method called,Gaussian Weighted Cauchy Kriging-based Continuous Czekanowski’s(GWCK-CC).First,a Gaussian Weighted Non-local Mean Filter Preprocessing model is applied for reducing the noise pre-sent in the raw input face images.Cauchy Kriging Regression function is employed to reduce the dimensionality.Finally,Continuous Czekanowski’s Clas-sification is utilized for proficient classification between the genuine user and attacker.By this way,the proposed GWCK-CC method achieves accurate authen-tication with minimum error rate and time.Experimental assessment of the pro-posed GWCK-CC method and existing methods are carried out with different factors by using UMDAA-02 Face Dataset.The results confirm that the proposed GWCK-CC method enhances authentication accuracy,by 9%,reduces the authen-tication time,and error rate by 44%,and 43%as compared to the existing methods.展开更多
The development of the Internet of Things has facilitated the rapid development of various industries.With the improvement in people’s living standards,people’s health requirements are steadily improving.However,owi...The development of the Internet of Things has facilitated the rapid development of various industries.With the improvement in people’s living standards,people’s health requirements are steadily improving.However,owing to the scarcity of medical and health care resources in some areas,the demand for remote surgery has gradually increased.In this paper,we investigate remote surgery in the healthcare environment.Surgeons can operate robotic arms to perform remote surgery for patients,which substantially facilitates successful surgeries and saves lives.Recently,Kamil et al.proposed a secure protocol for surgery in the healthcare environment.However,after cryptanalyzing their protocol,we deduced that their protocols are vulnerable to temporary value disclosure and insider attacks.Therefore,we design an improved authentication and key agreement protocol for remote surgeries in the healthcare environment.Accordingly,we adopt the real or random(ROR)model and an automatic verification tool Proverif to verify the security of our protocol.Via security analysis and performance comparison,it is confirmed that our protocol is a relatively secure protocol.展开更多
The recent surge in the number of machines,appliances,and services connected to the Internet demands secure processing and transmission of sensory data.Authentication plays a crucial role in a typical security model u...The recent surge in the number of machines,appliances,and services connected to the Internet demands secure processing and transmission of sensory data.Authentication plays a crucial role in a typical security model used in the Internet of Things(IoT),and it protects data communications from various attacks,such as impersonation and denial of service,by verifying and allowing legitimate users to access the IoT resources.However,recent authentication literature has not addressed the need for developing a scalable and efficient authentication method in this field.This paper proposes a secure and anonymous ticket-based authentication method for the IoT.The proposed method protects the network from various security and privacy threats such as data alternation and denial of service while also offering mutual authentication and sensor anonymity.Our security and performance evaluations confirm the improvement.展开更多
Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterior...Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterioration of network link quality.Therefore,high mobility scenarios require handover schemes with less handover overhead.However,some existing schemes that meet this requirement cannot provide strong security guarantees,while some schemes that can provide strong security guarantees have large handover overheads.To solve this dilemma,we propose a privacy-preserving handover authentication scheme that can provide strong security guarantees with less computational cost.Based on Orthogonal Time Frequency Space(OTFS)link and Key Encapsulation Mechanism(KEM),we establish the shared key between protocol entities in the initial authentication phase,thereby reducing the overhead in the handover phase.Our proposed scheme can achieve mutual authentication and key agreement among the user equipment,relay node,and authentication server.We demonstrate that our proposed scheme can achieve user anonymity,unlinkability,perfect forward secrecy,and resistance to various attacks through security analysis including the Tamarin.The performance evaluation results show that our scheme has a small computational cost compared with other schemes and can also provide a strong guarantee of security properties.展开更多
Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured...Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.展开更多
Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocol...Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.展开更多
The mobile cellular network provides internet connectivity for heterogeneous Internet of Things(IoT)devices.The cellular network consists of several towers installed at appropriate locations within a smart city.These ...The mobile cellular network provides internet connectivity for heterogeneous Internet of Things(IoT)devices.The cellular network consists of several towers installed at appropriate locations within a smart city.These cellular towers can be utilized for various tasks,such as e-healthcare systems,smart city surveillance,traffic monitoring,infrastructure surveillance,or sidewalk checking.Security is a primary concern in data broadcasting,particularly authentication,because the strength of a cellular network’s signal is much higher frequency than the associated one,and their frequencies can sometimes be aligned,posing a significant challenge.As a result,that requires attention,and without information authentication,such a barrier cannot be removed.So,we design a secure and efficient information authentication scheme for IoT-enabled devices tomitigate the flaws in the e-healthcare system.The proposed protocol security shall check formally using the Real-or-Random(ROR)model,simulated using ProVerif2.03,and informally using pragmatic discussion.In comparison,the performance phenomenon shall tackle by the already result available in the MIRACL cryptographic lab.展开更多
Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and w...Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and widespread connections.Wireless sensor networks(WSNs),which comprise various sensors,are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection,and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol forWSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSNis proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable forWSN environments.展开更多
Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between differe...Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between different medical institutions and improved the utilization of medical data.However,some problems in the information transfer process between wireless medical devices and mobile medical apps,such as information leakage and privacy disclosure.This paper first designs a cross-device key agreement model for blockchain-enabled IoMT.This model can establish a key agreement mechanism for secure medical data sharing.Meanwhile,a certificateless authenticated key agreement(KA)protocol has been proposed to strengthen the information transfer security in the cross-device key agreement model.The proposed KA protocol only requires one exchange of messages between the two parties,which can improve the protocol execution efficiency.Then,any unauthorized tampering of the transmitted signed message sent by the sender can be detected by the receiver,so this can guarantee the success of the establishment of a session key between the strange entities.The blockchain ledger can ensure that the medical data cannot be tampered with,and the certificateless mechanism can weaken the key escrow problem.Moreover,the security proof and performance analysis are given,which show that the proposed model and KA protocol are more secure and efficient than other schemes in similar literature.展开更多
The rapid and accurate authentication of traditional Chinese medicines(TCMs)has always been a key scientific and technical problem in the field of pharmaceutical analysis.Herein,a novel heating online extraction elect...The rapid and accurate authentication of traditional Chinese medicines(TCMs)has always been a key scientific and technical problem in the field of pharmaceutical analysis.Herein,a novel heating online extraction electrospray ionization mass spectrometry(H-oEESI-MS)was developed for the rapid and direct analysis of extremely complex substances without the requirement for any sample pretreatment or pre-separation steps.The overall molecular profile and fragment structure features of various herbal medicines could be completely captured within 10–15 s,with minimal sample(<0.5 mg)and solvent consumption(<20μL for one sample).Furthermore,a rapid differentiation and authentication strategy for TCMs based on H-oEESI-MS was proposed,including metabolic profile characterization,characteristic marker screening and identification,and multivariate statistical analysis model validation.In an analysis of 52 batches of seven types of Aconitum medicinal materials,20 and 21 key compounds were screened out as the characteristic markers of raw and processed Aconitum herbal medicines,respectively,and the possible structures of all the characteristic markers were comprehensively identified based on Compound Discoverer databases.Finally,multivariate statistical analysis showed that all the different types of herbal medicines were well differentiated and identified(R^(2)X>0.87,R^(2)Y>0.91,and Q^(2)>0.72),which further verified the feasibility and reliability of this comprehensive strategy for the rapid authentication of different TCMs based on H-oEESI-MS.In summary,this rapid authentication strategy realized the ultra-high-throughput,low-cost,and standardized detection of various complex TCMs for the first time,thereby demonstrating wide applicability and value for the development of quality standards for TCMs.展开更多
基金Wenzhou Key Scientific and Technological Projects(No.ZG2020031)Wenzhou Polytechnic Research Projects(No.WZY2021002)+3 种基金Key R&D Projects in Zhejiang Province(No.2021C01117)Major Program of Natural Science Foundation of Zhejiang Province(LD22F020002)the Cloud Security Key Technology Research Laboratorythe Researchers Supporting Project Number(RSP2023R509),King Saud University,Riyadh,Saudi Arabia.
文摘With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.
文摘The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λi of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server Sj and members Ci,with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金supported by the Beijing Natural Science Foundation(Grant No.4222016).
文摘In the existing ghost-imaging-based cryptographic key distribution(GCKD)protocols,the cryptographic keys need to be encoded by using many modulated patterns,which undoubtedly incurs long measurement time and huge memory consumption.Given this,based on snapshot compressive ghost imaging,a public network cryptographic key distribution protocol is proposed,where the cryptographic keys and joint authentication information are encrypted into several color block diagrams to guarantee security.It transforms the previous single-pixel sequential multiple measurements into multi-pixel single exposure measurements,significantly reducing sampling time and memory storage.Both simulation and experimental results demonstrate the feasibility of this protocol and its ability to detect illegal attacks.Therefore,it takes GCKD a big step closer to practical applications.
基金This work was funded by the Deanship of Scientific Research of King Faisal University through research project(Grant Number GRANT228).
文摘Preserving privacy is imperative in the new unmanned aerial vehicle(UAV)-assisted mobile edge computing(MEC)architecture to ensure that sensitive information is protected and kept secure throughout the communication.Simultaneously,efficiency must be considered while developing such a privacy-preserving scheme because the devices involved in these architectures are resource constrained.This study proposes a lightweight and efficient authentication scheme for theUAV-assistedMECenvironment.The proposed scheme is a hardware-based password-less authentication mechanism that is based on the fact that temporal and memory-related efficiency can be significantly improved while maintaining the data security by adopting a hardwarebased solution with a simple implementation.The proposed scheme works in four stages:system initialization,EU registration,EU authentication,and session establishment.It is implemented as a single hardware chip comprising registers and XOR gates,and it can run the entire process in one clock cycle.Consequently,the proposed scheme has significantly higher efficiency in terms of runtime and memory consumption compared to other prevalent methods in the area.Simulations are conducted to evaluate the proposed authentication algorithm.The results show that the scheme has an average execution time of 0.986 ms and consumes average memory of 34 KB.The hardware execution time is approximately 0.39 ns,which is a significantly less than the prevalent schemes,whose execution times range in milliseconds.Furthermore,the security of the proposed scheme is examined,and it is resistant to brute-force attacks.Around 1.158×10^(77) trials are required to overcome the system’s security,which is not feasible using fastest available processors.
基金This work was funded by the University of Jeddah,Jeddah,Saudi Arabia,under grant No.(UJ-21-DR-25)The authors,therefore,acknowledge with thanks the University of Jeddah technical and financial support.
文摘Smartphones have now become an integral part of our everyday lives.User authentication on smartphones is often accomplished by mechanisms(like face unlock,pattern,or pin password)that authenticate the user’s identity.These technologies are simple,inexpensive,and fast for repeated logins.However,these technologies are still subject to assaults like smudge assaults and shoulder surfing.Users’touch behavior while using their cell phones might be used to authenticate them,which would solve the problem.The performance of the authentication process may be influenced by the attributes chosen(from these behaviors).The purpose of this study is to present an effective authentication technique that implicitly offers a better authentication method for smartphone usage while avoiding the cost of a particular device and considering the constrained capabilities of smartphones.We began by concentrating on feature selection methods utilizing the grey wolf optimization strategy.The random forest classifier is used to evaluate these tactics.The testing findings demonstrated that the grey wolf-based methodology works as a better optimum feature selection for building an implicit authentication mechanism for the smartphone environment when using a public dataset.It achieved a 97.89%accuracy rate while utilizing just 16 of the 53 characteristics like utilizing minimum mobile resources mainly;processing power of the device and memory to validate individuals.Simultaneously,the findings revealed that our approach has a lower equal error rate(EER)of 0.5104,a false acceptance rate(FAR)of 1.00,and a false rejection rate(FRR)of 0.0209 compared to the methods discussed in the literature.These promising results will be used to create a mobile application that enables implicit validation of authorized users yet avoids current identification concerns and requires fewer mobile resources.
基金Beijing Postdoctoral Research Foundation(No.2021-ZZ-077,No.2020-YJ-006)Chongqing Industrial Control System Security Situational Awareness Platform,2019 Industrial Internet Innovation and Development Project-Provincial Industrial Control System Security Situational Awareness Platform,Center for Research and Innovation in Software Engineering,School of Computer and Information Science(Southwest University,Chongqing 400175,China)Chongqing Graduate Education Teaching Reform Research Project(yjg203032).
文摘With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.
基金This work is partially supported by the Deanship of Scientific Research at Jouf University under Grant No(DSR-2021–02–0369).
文摘Face authentication is an important biometric authentication method commonly used in security applications.It is vulnerable to different types of attacks that use authorized users’facial images and videos captured from social media to perform spoofing attacks and dynamic movements for penetrating secur-ity applications.This paper presents an innovative challenge-response emotions authentication model based on the horizontal ensemble technique.The proposed model provides high accurate face authentication process by challenging the authorized user using a random sequence of emotions to provide a specific response for every authentication trial with a different sequence of emotions.The proposed model is applied to the KDEF dataset using 10-fold cross-valida-tions.Several improvements are made to the proposed model.First,the VGG16 model is applied to the seven common emotions.Second,the system usability is enhanced by analyzing and selecting only the four common and easy-to-use emotions.Third,the horizontal ensemble technique is applied to enhance the emotion recognition accuracy and minimize the error during authen-tication processes.Finally,the Horizontal Ensemble Best N-Losses(HEBNL)is applied using challenge-response emotion to improve the authentication effi-ciency and minimize the computational power.The successive improvements implemented on the proposed model led to an improvement in the accuracy from 92.1%to 99.27%.
文摘The predominant method for smart phone accessing is confined to methods directing the authentication by means of Point-of-Entry that heavily depend on physiological biometrics like,fingerprint or face.Implicit continuous authentication initiating to be loftier to conventional authentication mechanisms by continuously confirming users’identities on continuing basis and mark the instant at which an illegitimate hacker grasps dominance of the session.However,divergent issues remain unaddressed.This research aims to investigate the power of Deep Reinforcement Learning technique to implicit continuous authentication for mobile devices using a method called,Gaussian Weighted Cauchy Kriging-based Continuous Czekanowski’s(GWCK-CC).First,a Gaussian Weighted Non-local Mean Filter Preprocessing model is applied for reducing the noise pre-sent in the raw input face images.Cauchy Kriging Regression function is employed to reduce the dimensionality.Finally,Continuous Czekanowski’s Clas-sification is utilized for proficient classification between the genuine user and attacker.By this way,the proposed GWCK-CC method achieves accurate authen-tication with minimum error rate and time.Experimental assessment of the pro-posed GWCK-CC method and existing methods are carried out with different factors by using UMDAA-02 Face Dataset.The results confirm that the proposed GWCK-CC method enhances authentication accuracy,by 9%,reduces the authen-tication time,and error rate by 44%,and 43%as compared to the existing methods.
文摘The development of the Internet of Things has facilitated the rapid development of various industries.With the improvement in people’s living standards,people’s health requirements are steadily improving.However,owing to the scarcity of medical and health care resources in some areas,the demand for remote surgery has gradually increased.In this paper,we investigate remote surgery in the healthcare environment.Surgeons can operate robotic arms to perform remote surgery for patients,which substantially facilitates successful surgeries and saves lives.Recently,Kamil et al.proposed a secure protocol for surgery in the healthcare environment.However,after cryptanalyzing their protocol,we deduced that their protocols are vulnerable to temporary value disclosure and insider attacks.Therefore,we design an improved authentication and key agreement protocol for remote surgeries in the healthcare environment.Accordingly,we adopt the real or random(ROR)model and an automatic verification tool Proverif to verify the security of our protocol.Via security analysis and performance comparison,it is confirmed that our protocol is a relatively secure protocol.
文摘The recent surge in the number of machines,appliances,and services connected to the Internet demands secure processing and transmission of sensory data.Authentication plays a crucial role in a typical security model used in the Internet of Things(IoT),and it protects data communications from various attacks,such as impersonation and denial of service,by verifying and allowing legitimate users to access the IoT resources.However,recent authentication literature has not addressed the need for developing a scalable and efficient authentication method in this field.This paper proposes a secure and anonymous ticket-based authentication method for the IoT.The proposed method protects the network from various security and privacy threats such as data alternation and denial of service while also offering mutual authentication and sensor anonymity.Our security and performance evaluations confirm the improvement.
基金supported by Natural Science Foundation of China(No.62002006,U2241213,U21B2021,62172025,61932011,61932014,61972018,61972019,61772538,32071775,91646203)Defense Industrial Technology Development Program(No.JCKY2021211B017)。
文摘Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterioration of network link quality.Therefore,high mobility scenarios require handover schemes with less handover overhead.However,some existing schemes that meet this requirement cannot provide strong security guarantees,while some schemes that can provide strong security guarantees have large handover overheads.To solve this dilemma,we propose a privacy-preserving handover authentication scheme that can provide strong security guarantees with less computational cost.Based on Orthogonal Time Frequency Space(OTFS)link and Key Encapsulation Mechanism(KEM),we establish the shared key between protocol entities in the initial authentication phase,thereby reducing the overhead in the handover phase.Our proposed scheme can achieve mutual authentication and key agreement among the user equipment,relay node,and authentication server.We demonstrate that our proposed scheme can achieve user anonymity,unlinkability,perfect forward secrecy,and resistance to various attacks through security analysis including the Tamarin.The performance evaluation results show that our scheme has a small computational cost compared with other schemes and can also provide a strong guarantee of security properties.
基金Taif University Researchers Supporting Project number(TURSP-2020/98),Taif University,Taif,Saudi Arabia。
文摘Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.
基金Korean Government (Ministry of Science and ICT)through the National Research Foundation of Korea (NRF)Grant 2021R1A2C1010481.
文摘Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.
基金supported by the Natural Science Foundation of Beijing Municipality under Grant M21039.
文摘The mobile cellular network provides internet connectivity for heterogeneous Internet of Things(IoT)devices.The cellular network consists of several towers installed at appropriate locations within a smart city.These cellular towers can be utilized for various tasks,such as e-healthcare systems,smart city surveillance,traffic monitoring,infrastructure surveillance,or sidewalk checking.Security is a primary concern in data broadcasting,particularly authentication,because the strength of a cellular network’s signal is much higher frequency than the associated one,and their frequencies can sometimes be aligned,posing a significant challenge.As a result,that requires attention,and without information authentication,such a barrier cannot be removed.So,we design a secure and efficient information authentication scheme for IoT-enabled devices tomitigate the flaws in the e-healthcare system.The proposed protocol security shall check formally using the Real-or-Random(ROR)model,simulated using ProVerif2.03,and informally using pragmatic discussion.In comparison,the performance phenomenon shall tackle by the already result available in the MIRACL cryptographic lab.
文摘Nowadays,the widespread application of 5G has promoted rapid development in different areas,particularly in the Internet of Things(IoT),where 5G provides the advantages of higher data transfer rate,lower latency,and widespread connections.Wireless sensor networks(WSNs),which comprise various sensors,are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection,and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol forWSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSNis proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable forWSN environments.
基金supported by the National Natural Science Foundation of China under Grant 92046001,61962009,the JSPS KAKENHI Grant Numbers JP19K20250,JP20H04174,JP22K11989Leading Initiative for Excellent Young Researchers (LEADER),MEXT,Japan,and JST,PRESTO Grant Number JPMJPR21P3+1 种基金Japan.Mianxiong Dong is the corresponding author,the Doctor Scientific Research Fund of Zhengzhou University of Light Industry under Grant 2021BSJJ033Key Scientific Research Project of Colleges and Universities in Henan Province (CN)under Grant No.22A413010.
文摘Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between different medical institutions and improved the utilization of medical data.However,some problems in the information transfer process between wireless medical devices and mobile medical apps,such as information leakage and privacy disclosure.This paper first designs a cross-device key agreement model for blockchain-enabled IoMT.This model can establish a key agreement mechanism for secure medical data sharing.Meanwhile,a certificateless authenticated key agreement(KA)protocol has been proposed to strengthen the information transfer security in the cross-device key agreement model.The proposed KA protocol only requires one exchange of messages between the two parties,which can improve the protocol execution efficiency.Then,any unauthorized tampering of the transmitted signed message sent by the sender can be detected by the receiver,so this can guarantee the success of the establishment of a session key between the strange entities.The blockchain ledger can ensure that the medical data cannot be tampered with,and the certificateless mechanism can weaken the key escrow problem.Moreover,the security proof and performance analysis are given,which show that the proposed model and KA protocol are more secure and efficient than other schemes in similar literature.
基金supported by the CACMS Innovation Fund,China(Grant Nos.:CI2021A04504 and CI2021A05206)the National Natural Science Foundation of China(Grant Nos.:82104380,81891010,81891013,and 82074012)+2 种基金the Fundamental Research Funds for the Central Public Welfare Research Institutes,China(Grant Nos.:ZZ14-YQ-047 and ZZXT202105)the Key Project at Central Government Level(Grant No.:2060302-2201-26)the Beijing Nova Program.
文摘The rapid and accurate authentication of traditional Chinese medicines(TCMs)has always been a key scientific and technical problem in the field of pharmaceutical analysis.Herein,a novel heating online extraction electrospray ionization mass spectrometry(H-oEESI-MS)was developed for the rapid and direct analysis of extremely complex substances without the requirement for any sample pretreatment or pre-separation steps.The overall molecular profile and fragment structure features of various herbal medicines could be completely captured within 10–15 s,with minimal sample(<0.5 mg)and solvent consumption(<20μL for one sample).Furthermore,a rapid differentiation and authentication strategy for TCMs based on H-oEESI-MS was proposed,including metabolic profile characterization,characteristic marker screening and identification,and multivariate statistical analysis model validation.In an analysis of 52 batches of seven types of Aconitum medicinal materials,20 and 21 key compounds were screened out as the characteristic markers of raw and processed Aconitum herbal medicines,respectively,and the possible structures of all the characteristic markers were comprehensively identified based on Compound Discoverer databases.Finally,multivariate statistical analysis showed that all the different types of herbal medicines were well differentiated and identified(R^(2)X>0.87,R^(2)Y>0.91,and Q^(2)>0.72),which further verified the feasibility and reliability of this comprehensive strategy for the rapid authentication of different TCMs based on H-oEESI-MS.In summary,this rapid authentication strategy realized the ultra-high-throughput,low-cost,and standardized detection of various complex TCMs for the first time,thereby demonstrating wide applicability and value for the development of quality standards for TCMs.
