The satellite-terrestrial integrated network is the next-generation information infrastructure that integrates satellite communications and ground communications. Its openness, dynamism and heterogeneity significantly enhance communication capabilities but also bring more severe challenges to identity authentication. Traditional authentication mechanisms for fixed topology structures are difficult to adapt to the authentication requirements brought by heterogeneous nodes, high-speed dynamic switching and complex spatiotemporal states in the satellite-ground fusion environment. Aiming at the common attack threats in the satellite-ground fusion network, the challenges of inter-satellite networking and satellite-ground access authentication were discussed firstly. Then, the key technical paths of the identity authentication in the satellite-ground fusion network were systematically reviewed, focusing on the current research status of physical layer authentication technology, cryptographic authentication technology, fusion authentication technology and intelligent assisted authentication technology. Finally, the different implementation methods of current satellite-ground integrated network identity authentication technology were summarized in depth, and future research directions, including multi-factor collaborative authentication mechanism, were proposed to provide theoretical support and technical reference for promoting secure and trusted communications in the satellite-ground fusion network.
Unmanned aerial vehicle (UAV) networks with such characteristics as high dynamics and open airspace communication environment are highly vulnerable to replay attacks, resulting in serious consequences such as illegal access and even privacy leakage. The traditional authentication mechanisms rely on fixed identity identifiers and have a large overhead, which is difficult to adapt to the resource-constrained and highly dynamic UAV network environment, and to satisfy the dual requirements of low overhead and high security authentication. To this end, a lightweight authentication approach for UAVs based on reinforcement learning was proposed, which could efficiently defend against the replay attacks and reduce the overhead of authentication. Firstly, the constructed constructs the Remote ID as the identity identifier based on the real-time location information of UAVs, and used the elliptic curve encryption technology to achieve identity authentication for unknown UAVs. Secondly, a risk-aware RL algorithm was designed to achieve adaptive optimization of the authentication policy, including the encryption strategy of the authentication message and the session duration, and to achieve the low-overhead and high-security authentication. Comprehensively considering resource limitations and tasks requirements, the algorithm constructed a punishment function to evaluate the short-term risks of the selected authentication policy, further guiding the selection of algorithm policies and avoiding exploring policies that could cause authentication failure. On this basis, the algorithm designed a hierarchical architecture to compress the policy dimension, thereby improving the optimization efficiency of the authentication policy and adapting to the high dynamic characteristics of UAVs. Experimental results showed that the proposed approach effectively reduced the authentication latency, the energy consumption the and attack success rate compared with the traditional methods.
Free-form gesture authentication, offering more complex input patterns and a larger key space, is considered a promising alternative for password authentication in mobile environments. However, recent research reveals that online dictionary attacks can compromise over 10.33% of gestures within 20 attempts, posing a potential threat to the security and usability of gesture authentication systems. To build a more secure yet practical solution, we present StrokeFG, an enhanced free-form gesture authentication scheme that leverages behavioral biometrics. In addition to measuring trajectory similarity, StrokeFG exploits users’ unique behavioral traits exhibited during gesture input to verify identity. Experiments on same-category gesture datasets show that StrokeFG achieves an equal-error rate of 5.64%~6.81%, reducing the recognition error of the baseline by 64.25%~70.67%. Against an adversary who knows the gesture, StrokeFG achieves 6.50~8.41 bits of α-guesswork entropy under online dictionary attacks, effectively raising the security boundary of the baseline model.
In recent years, the mobile Internet's rapid growth has made mobile smart terminals essential in daily life. With their widespread use, user age distribution has diversified. Problems like children's smartphone addiction, excessive online game recharges, and accidental info leakage from improper operations are now common social issues.Current regulatory efforts mainly rely on ID based identity verification, but children can evade it by using parents' info. Thus, identifying users' age groups during smartphone use to curb children's overuse is a pressing concern.To solve this, a large scale human-computer interaction dataset covering gaming and free use scenarios has been built. A cross-scenario agegroup recognition method based on multi-task learning is proposed to address children's smartphone addiction, achieving an equal error rate (EER) of 0.09 overall, and 0.06 for children under 13.
At present, biometric authentication systems generally adopt a server-centric centralized architecture, and users need to rely on the server to store and manage their biometric templates, which has a serious risk of privacy leakage. In order to improve the privacy protection ability, the researchers proposed a user-centered scheme, which stores and encrypts biometric data through local devices, which enhances user control, but is limited by device dependency, computing performance and scalability, and is difficult to support efficient authentication in multi-terminal or large-scale environments. The existing two types of solutions struggle to strike a balance between privacy, computational overhead, and system scalability. In order to solve the above problems, a distributed privacy-preserving biometric authentication framework integrating blockchain technology and lattice-based cryptography was proposed. The framework adopts a blockchain-driven multi-factor authentication architecture to realize the decentralized storage of biometric data and the verification mechanism controlled by smart contracts, and designs a Function-Hiding Inner Product Encryption (FHIPE) scheme based on the Learning With Errors (LWE) assumption. Experiments show that the LWE-FHIPE scheme is significantly better than the traditional method in terms of computing efficiency and communication overhead, and can provide an identity authentication solution with privacy protection, scalability and post-quantum security for the decentralized environment.
With the rapid proliferation of cloud services and online platforms, Single Sign-On (SSO) systems have been widely adopted for their "one-time authentication, universal access" capability. However, existing SSO schemes typically rely on a centralized Identity Provider (IdP), which exposes users to risks of single-point failures and privacy leakage. To address these issues, this paper proposes a privacy-preserving threshold IdP scheme for SSO. Built upon the Password-based Threshold Authentication (PbTA) framework, the scheme distributes IdP functionality across a cluster of
The Metaverse, an immersive parallel digital world, faces critical security challenges such as data leakage and impersonation attack. Existing authentication schemes often suffer from single-point failures due to centralization, incomplete decentralization, and low efficiency. To address these challenges, this paper proposes TDID, a three-factor decentralized identity authentication scheme. Our core contribution lies in the novel synergy of a confidential smart contract, executed within a Trusted Execution Environment (TEE), with the offline attack-resistant OPAQUE password-authenticated key exchange protocol. The scheme achieves full decentralization by using the TEE-based contract as a decentralized root of trust. It allows users to establish a globally unique, collision-resistant identity, and ensures that a user's password and biometric key are never revealed to the server during authentication, thus providing robust resistance against offline dictionary attacks even from a compromised server. Rigorous security analysis, including formal verification using ProVerif and a provable security proof, along with performance evaluations, demonstrates that the proposed scheme significantly enhances security while maintaining efficient computational and communication performance.
The field of cybersecurity operation faces challenges such as fragmentation of knowledge, low response efficiency, and professional data sensitivity. In order to better cope with the above challenges, a local fine-tuned vertical domain Large Language Model (LLM) for cybersecurity—LEAD-Cyber was proposed based on the open-source LLMs and full-cycle training datasets. A multi-step generation method was used to build a professional knowledge dataset in the field of cybersecurity, which met the needs of three training stages of LLMs: pre-training, instruction fine-tuning and reasoning fine-tuning. The DeepSeek and QWen open-source LLMs were also optimized in full cycles using full-parameter fine-tuning methods and low-rank adaptation (LoRA). Based on subjective and objective indicator, the performance of LLM on different benchmarks was evaluated using indicators such as Rouge, BLEU and WinRate analysis to verify its effectiveness in handling different tasks. Experimental results showed that the LLM after fine-tuning was significantly better than the baseline model. The research verified the advantages of the full-cycle fine-tuning strategy in optimizing the field of knowledge expression and maintaining general capabilities, providing an efficient and reliable solution for intelligent and cybersecurity operation and maintenance.
