Abstract

A user (external party) is interested in accessing the real-time data from some designated drones of a particular fly zone in the Internet of Drones (IoD) deployment. However, to provide this facility, the user needs to be authenticated by an accessed remote drone and vice-versa. After successful authentication both parties can establish a secret session key for the secure communication. To handle this important problem in IoD environment, we design a novel temporal credential based anonymous lightweight user authentication mechanism for IoD environment, called TCALAS. A detailed security analysis using formal security under the broadly applied real-or-random (ROR) model, formal security verification under the broadly used software verification tool, known as automated validation of internet security protocols and applications, and also informal security analysis reveal that TCALAS has the capability to resist various known attacks against passive/active adversary. In addition, a detailed comparative study has been conducted for TCALAS and other related schemes, and the study also reveals that TCALAS provides better security and functionality features, and lower costs in both computation and communication as compared to existing schemes.

Abstract

An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using one-time registration. The practical realization of distribution of online services efficiently and transparently in multiple-server systems has come true by virtue of multi-server user authentication schemes. Due to distinguished properties like, difficulty to forge or copy, in-feasibility to lose or guess or forget, etc., biometrics have been widely preferred as a third authenticating factor in password and smart card based user authentication protocols. In this paper, we design a new biometrics-based multi-server authentication scheme based on trusted multiple-servers. We harness the concept of fuzzy extractor to provide the proper matching of biometric patterns. We evaluate our scheme through informal discussions on performance and also using Burrows-Abadi-Needham logic (BAN-logic) & random oracle model for formal security analysis. We also compose a comparative assessment of our scheme and the related ones. Outcome of the analysis and assessment shows our scheme an edge above many related and contemporary schemes.

Abstract

Remote user authentication without compromising user anonymity is an emerging area in the last few years. In this paper, we propose a new anonymity preserving mobile user authentication scheme for the global mobility networks (GLOMONETs). We also propose a new anonymity preserving group formation phase for roaming services in GLOMONETs that meets the extended anonymity requirement without compromising any standard security requirements. We provide the security analysis using the widely-accepted Burrows-Abadi-Needham logic and informal analysis for the proposed scheme to show that it is secure against possible well-known attacks, such as replay, man-in-the-middle, impersonation, privileged-insider, stolen smart card, ephemeral secret leakage, and password guessing attacks. In addition, the formal security verification with the help of the broadly accepted automated validation of internet security protocols and applications software simulation tool is tested on the proposed scheme and the simulation results confirm that the proposed scheme is safe. Moreover, the comparative study of the proposed scheme with other relevant schemes reveals that it performs well as compared to other techniques.

Abstract

Mobile cloud computing (MCC) allows mobile users to have on-demand access to cloud services. A mobile cloud model helps in analyzing the information regarding the patients' records and also in extracting recommendations in healthcare applications. In MCC, a fine-grained level access control of multiserver cloud data is a prerequisite for successful execution of end-users applications. In this paper, we propose a new scheme that provides a combined approach of fine-grained access control over cloud-based multiserver data along with a provably secure mobile user authentication mechanism for the Healthcare Industry 4.0. To the best of our knowledge, the proposed scheme is the first to pursue fine-grained data access control over multiple cloud servers in a MCC environment. The proposed scheme has been validated extensively in different heterogeneous environment where its performance was found good in comparison to other existing schemes.

Abstract

Security and privacy are the major concerns in cloud computing as users have limited access on the stored data at the remote locations managed by different service providers.These become more challenging especially for the data generated from the wearable devices as it is highly sensitive and heterogeneous in nature. Most of the existing techniques reported in the literature are having high computation and communication costs and are vulnerable to various known attacks, which reduce their importance for applicability in real-world environment. Hence, in this paper, we propose a new cloud based user authentication scheme for secure authentication of medical data. After successful mutual authentication between a user and wearable sensor node, both establish a secret session key that is used for future secure communications. The extensively-used Real-Or-Random (ROR) model based formal security analysis and the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool based formal security verification show that the proposed scheme provides the session-key security and protects active attacks. Theproposed scheme is also informally analyzed to show its resilience against other known attacks. Moreover, we have done a detailed comparative analysis for the communication and computation costs along with security and functionality features which proves its efficiency in comparison to the other existing schemes of its category.

Abstract

Research has proven that accomplishing security properties while improving performance of an authentication protocol is a challenging task. Numerous authentication protocols proposed in the recent times are still behind in achieving the concrete objectives. Qi et al. and Lu et al. recently proposed two-factor authenticated key-agreement protocols for client–server architecture. This paper revisits their protocols and analyzes the shortcomings of such approaches. We also propose an improved authenticated key agreement protocol for client–server environment to defeat mentioned weaknesses of existing protocols that are discussed in related works. The rigorous security analysis using Burrows–Abadi–Needham logic, formal security verification using Real-OR-Random model, simulations using the Automated Validation of Internet Security Protocols and Applications tool, and the informal security analysis shows that the proposed protocol is secure. Additionally, we summarize the results to ensure that the proposed protocol is efficient compared to the existing related protocols.

Abstract

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks.Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally,we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

Abstract

With the increasing use of mobile devices, a secure communication and key exchange become the significant security issues in mobile environments. However, because of open network envi-ronments, mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange.Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for mobile environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined above mentioned security vulnerabilities,we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications,on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEPis applicable to mobile environment efficiently.

Abstract

The Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since the communication often takes place over the Internet, it is vulnerable to various security threats in an IoT environment. We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to the IoT environment. We then present a taxonomy of security protocols for the IoT environment which includes important security services such as key management, user and device authentication, access control, privacy preservation, and identity management. We also present a comparative study of recently proposed IoT-related state-of-art security protocols in terms of various security and functionality features they support. Finally, we discuss some future challenges for IoT security protocols that need to be addressed in the future.

Abstract

Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the sameuser for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses,including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user’s password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the trade off among the security and functionality features and the communication and computation costs