Abstract

The session initiation protocol (SIP) is a signaling protocol which is used to controlling communication in the Internet. It is also used for initiating, terminating and maintaining the sessions. A strong authentication scheme plays a pivotal role in safeguarding communications over the Internet. In order to ensure the secure communication, several authentication schemes have been proposed for SIP in the literature. Recently, Lu et al. proposed an authentication scheme for SIP-based communications and proved that their scheme can resist various network attacks. In this paper, we show that their scheme is susceptible to the user and server impersonation attacks. Also, their scheme fails to achieve user anonymity and mutual authentication. Hence, there is a need to propose a secure ECC-based authentication scheme with user anonymity for SIP to overcome the shortcomings of Lu et al.’s scheme. Security analysis shows that the proposed scheme is able to fix the flaws found in Lu et al.’s scheme. In addition to informal security discussions, we give formal security analysis of the proposed scheme under the generic group model of cryptography. Performance analysis also shows that the proposed scheme is suitable for SIP based communication

Abstract

We first show the security limitations of a recent user authentication scheme proposed for wireless healthcare sensor networks. We then present a provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. The proposed scheme supports functionality features, such as dynamic sensor node addition, password as well as biometrics update, smart card revocation along with other usual features required for user authentication in wireless sensor networks. Our scheme is shown to be secure through the rigorous formal security analysis under the Real-Or-Random (ROR) model and broadly-accepted Burrows-Abadi-Needham (BAN) logic. Furthermore, the simulation through the widely-known Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that our scheme is also secure. High security, and low communication and computation costs make our scheme more suitable for practical application in healthcare applications as compared to other related existing schemes

Abstract

With an exponential increase in the popularity of Internet, the real-time data collected by various smart sensing devices can be analyzed remotely by a remote user (e.g., a manager) in the Industrial Internet of Things (IIoT). However, in the IIoT environment, the gathered real-time data is transmitted over the public channel, which raises the issues of security and privacy in this environment. Therefore, to protect illegal access by an adversary, user authentication mechanism is one of the promising security solutions in the IIoT environment. To achieve this goal, we propose a new user authenticated key agreement scheme in which only authorized users can access the services from the designated IoT sensing devices installed in the IIoT environment. In the proposed scheme, fuzzy extractor technique is used for biometric verification. Moreover, three factors, namely smart card, password and personal biometrics of a legal registered user are applied in the proposed scheme to increase the level of security in the system. The proposed scheme supports new devices addition after initial deployment of the devices, password/biometric change phase and also smart card revocation phase in case the smart card is lost or stolen by an adversary. In addition, the proposed scheme is lightweight in nature. We carry out the formal security analysis using the broadly accepted Real-Or-Random (ROR) model and also the non-mathematical (informal) security analysis on the proposed scheme. Furthermore, the formal security verification using the popularly-used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool is carried out on the proposed scheme. The detailed security analysis assures that the proposed scheme can withstand several well-known attacks in the IIoT environment. A practical demonstration using the NS2 simulation study is also performed for the proposed scheme and other related existing schemes. Also, a detailed comparative study shows that the proposed scheme is efficient, and provides superior security in comparison to the other schemes.

Abstract

As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.

Abstract

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.

Abstract

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SKsecurity along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.

Abstract

The prolonged usage of non-renewable resources like petroleum and coal have adverse affect on the environment and has led to energy crisis in the world. In order to mitigate the situation, efficient strategies have been proposed for generation, distribution and consumption of energy obtained from renewable sources such as tidal, wind and solar power. With the advent of Smart Grids being developed world wide, the most widely accepted strategy is Demand-Response management. In this strategy, the customers or end-users are incentivized to change their energy-utility behavior with time in response to fluid price changes or to induce lower energy consumption during peak demand time. The system is controlled by a cloud of servers that monitor the demand- supply chain over a network all the time. This brings up the issue of security within the operations of the system. Current security mechanisms such as Rivest-Shamir-Alderman (RSA) public key encryption, Advanced Encryption Standard (AES) symmetric encryption, Elliptic Curve Cryptography (ECC) public-key cryptosytem and the recently proposed works are not future- proof in the world of post-quantum cryptography. This paper proposes a lattice based cryptographic scheme to ensure proper security in the system. The proposed scheme has been proven secure against major known attacks

Abstract

Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. These devices can be remotely accessed and controlled using existing network infrastructure, thus allowing a direct integration of computing systems with the physical world. This also reduces human involvement along with improving accuracy and efficiency, resulting in economic benefit. The devices in IoT facilitate the day-to-day life of people. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between user and devices happens. In this paper, we present a new signature-based authenticated key establishment scheme for the IoT environment. The proposed scheme is tested for security with the help of the widely used Burrows-Abadi-Needham logic, informal security analysis, and also the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool. The proposed scheme is also implemented using the widely accepted NS2 simulator, and the simulation results demonstrate the practicability of the scheme. Finally, the proposed scheme provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.

Abstract

In the wearable communication environment, wearable devices are used for various applications including fitbit flex tracks steps, sleep cycles, workout stats, and recording health-related sensitive information. The decreasing costs and increasing performance of Information Communication Technologies (ICTs) have made wearable devices more cost effective. Different types of wearable devices are being used today by citizens to improve their health and lifestyle. However, the data (such as health-related or movement data) generated from the user’s daily activities is often private and therefore, ensuring the security and privacy of this data is important. First, we present some emerging trends of wearable devices followed by a discussion of the main security and functionality requirements along with the threats to the wearable communication environment. We then present a review of some of the recently proposed lightweight authentication protocols for wearable devices based on performance metrics such as computation cost and communication cost. We also compare these authentication protocols in terms of various security features they support. Finally, we discuss some future challenges in the area of security protocols for wearable devices that need to be addressed in the future.

Abstract

In global mobility networks, a mobile user can access roaming services using a mobile device at anytime and anywhere. However, mobile users can be vulnerable to various attacks by adversaries, because the roaming services are provided through public network. Therefore, an anonymous mobile user authentication for roaming services is an essential security issue in global mobility networks. Recently, Lee et al. pointed out the security weaknesses of a previous scheme and proposed an advanced secure anonymous authentication scheme for roaming services in global mobility networks. However, we found that the scheme proposed by Lee et al. is vulnerable to password guessing and user impersonation attacks, and that it cannot provide perfect forward secrecy and secure password altered phase. In this paper, to overcome the security weaknesses of the scheme proposed by Lee et al., we propose an improved secure anonymous authentication scheme using shared secret keys between home agent and foreign agent. In addition, we analyze the security of our proposed scheme against various attacks and prove that it provides secure mutual authentication using Burrows–Abadi–Needham logic. In addition, the formal security analysis using the broadly-accepted real-or-random (ROR) random oracle model and the formal security verification using the widely accepted automated validation of the Internet security protocols and applications tool show that the proposed scheme provides the session key security and protection against replay as well as man-in-themiddle attacks, respectively. Finally, we compare the performance of the proposed scheme with the related schemes, and the results show that the proposed scheme provides better security and comparable efficiency as compared with those for the existing schemes.