Abstract

Industrial wireless sensor network (IWSN) is an emerging class of a generalized WSN having constraints of energy consumption, coverage, connectivity, and security. However, security and privacy is one of the major challenges in IWSN as the nodes are connected to Internet and usually located in an unattended environment with minimum human interventions. In IWSN, there is a fundamental requirement for a user to access the real-time information directly from the designated sensor nodes. This task demands to have a user authentication protocol. To satisfy this requirement, this paper proposes a lightweight and privacy-preserving mutual user authentication protocol in which only the user with a trusted device has the right to access the IWSN. Therefore, in the proposed scheme, we considered the physical layer security of the sensor nodes. We show that the proposed scheme ensures security even if a sensor node is captured by an adversary. The proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations. Security and performance analysis shows that the proposed scheme is secure, and is efficient for the resource-constrained sensing devices in IWSN.

Abstract

Recently, the Tactile Internet (TI) becomes a new era of the Internet. The TI provides ultra-reliable, ultra-responsive and intelligent network connectivity for delivering real-time control and physical haptic experiences from a remote location. The TI provides a different feeling to human–machine interaction by implementing the real-time interactive systems. In this review article, we discuss a generalized authentication model which can be used to perform authentication procedure among different communicating parties in order to secure remote surgery in the TI environment. By using the proposed authentication model, an authentication protocol can be designed so that an authenticated surgeon can use the robot/robotic arms to perform the surgery securely as well as remotely. Since the application is very critical, the important instructions provided by the surgeon to the robot/robotic arms must not be leaked in between the communication during the surgical procedure. To deal with this emerging research area, a secure mutual user authentication mechanism should be provided between a remote surgeon and the robot/robotic arms so that they can communicate securely using the established session key among them. Further, several security issues and challenges for such kind of communication are also discussed in this article. Finally, we discuss few points that need to be considered as future research works that are related to authentication for securing remote surgery in the TI environment.

Abstract

For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, ‘‘node authentication’’ and ‘‘key agreement’’ are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based ‘‘lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,’’ that utilizes the elliptic curve cryptography (ECC) along with the ‘‘collision-resistant one-way cryptographic hash function.’’ Through a detailed security analysis using the formal security under the ‘‘Real-Or-Random (ROR) model,’’ informal (non-mathematical) security analysis, and formal security verification using the broadly used ‘‘Automated Validation of Internet Security Protocols and Applications (AVISPA)’’ tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the ‘‘practical demonstration using the NS2 simulation’’ has been carried out on the LACKA-IoT to measure various network parameters

Abstract

With the smart grid (SG) and the social Internet of Things (SIoT), an electric vehicle operator can use reliable, flexible, and efficient charging service with vehicle-to-grid (V2G). However, open channels can be vulnerable to various attacks by a malicious adversary. Therefore, secure mutual authentication for V2G has become essential, and numerous related protocols have been proposed. In 2018, Shen et al. proposed a privacy-preserving and lightweight key agreement protocol for V2G in SIoT to ensure security. However, we demonstrate that their protocol does not withstand impersonation, privileged-insider, and offline password guessing attacks, and it does not also guarantee secure mutual authentication, session key security, and perfect forward secrecy. Therefore, this paper proposes a dynamic privacy-preserving and lightweight key agreement protocol for V2G in SIoT to resolve the security weaknesses of Shen et al.'s protocol. The proposed protocol resists several attacks including impersonation, offline password guessing, man-in-the-middle, replay, and trace attacks, ensures anonymity, perfect forward secrecy, session key security, and secure mutual authentication. We evaluate the security of the proposed protocol using formal security analysis under the broadly-accepted real-or-random (ROR) model, secure mutual authentication proof using the widely-accepted Burrows-Abadi-Needham (BAN) logic, informal (non-mathematical) security analysis, and also the formal security verification using the broadly-accepted automated validation of Internet security protocols and applications (AVISPA) tool. We then compare computation costs, and security and functionality features of the proposed protocol with related protocols. Overall, the proposed protocol provides superior security, and it can be efficiently deployed to practical SIoT-based V2G environment.

Abstract

The devices in smart grids (SG) transfer data to a utility center (UC) or to the remote control centers. Using these data, the energy balance is maintained between consumers and the grid. However, this flow of data may be tampered by the intruders, which may result in energy imbalance. Thus, a robust authentication protocol, which supports dynamic SG device validation and UC addition, both in the local and global domains, is an essential requirement. For this reason, ECCAuth: a novel elliptic curve cryptography-based authentication protocol is proposed in this paper for preserving demand response in SG. This protocol allows establishment of a secret session key between an SG device and a UC after mutual authentication. Using this key, they can securely communicate for exchanging the sensitive information. The formal security analysis, informal security analysis, and formal security verification show that ECCAuth can withstand several known attacks

Abstract

With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user's smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme's security using the broadly accepted real-or-random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.

Abstract

Internet of Vehicles (IoV) is an intelligent application of Internet of Things (IoT) in smart transportation that takes intelligent commitments to the passengers to improve traffic safety and efficiency, and generate a more enjoyable driving and riding environment. Fog cloud-based IoV is another variant of mobile cloud computing where vehicular cloud and Internet can co-operate in more effective way in IoV. However, more increasing dependence on wireless communication, control, and computing technology makes IoV more dangerous to prospective attacks. For secure communication among vehicles, road-side units, fog and cloud servers, we design a secure authenticated key management protocol in fog computing-based IoV deployment, called AKM-IoV. In the designed AKM-IoV, after mutual authentication between communicating entities in IoV they establish session keys for secure communications. AKM-IoV is tested for its security analysis using the formal security analysis under the widely accepted real-or-random (ROR) model, informal, and formal security verification using the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool. The practical demonstration of AKM-IoV is shown using the NS2 simulation. In addition, a detailed comparative study is conducted to show the efficiency and functionality and security features supported by AKM-IoV as compared to other existing recent protocols.

Abstract

The Internet of Things (IoT) comprises physical/virtual networked objects that collect and exchange data with each other via the public Internet. As this exchange often takes place over public networks, many security attacks in an IoT environment are possible. First, we briefly review the security issues in the IoT environment. Next, we focus on recent cryptographic protocol standards that are in use or have been recommended for IoT devices to ensure secure communications. We also highlight the advantages and weaknesses of the several protocol standards for various IoT application scenarios including connected vehicles, health, smart home, and consumer appliances and devices. Finally, we discuss some challenges in the area of cryptographic protocol standards that still require to be addressed for IoT applications in the future.

Abstract

The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing ‘‘cryptographic one-way hash function’’, ‘‘physically unclonable function (PUF)’’ and ‘‘bitwise exclusive-OR (XOR)’’ operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely ‘‘automated validation of internet security protocols and applications (AVISPA)’’ and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.

Abstract

Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Due to the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. We found that Mahmood et al. ’ s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted BAN logic and AVISPA tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.