Abstract

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks.Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally,we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

Abstract

With the increasing use of mobile devices, a secure communication and key exchange become the significant security issues in mobile environments. However, because of open network envi-ronments, mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange.Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for mobile environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined above mentioned security vulnerabilities,we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications,on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEPis applicable to mobile environment efficiently.

Abstract

The Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since the communication often takes place over the Internet, it is vulnerable to various security threats in an IoT environment. We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to the IoT environment. We then present a taxonomy of security protocols for the IoT environment which includes important security services such as key management, user and device authentication, access control, privacy preservation, and identity management. We also present a comparative study of recently proposed IoT-related state-of-art security protocols in terms of various security and functionality features they support. Finally, we discuss some future challenges for IoT security protocols that need to be addressed in the future.

Abstract

Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the sameuser for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses,including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user’s password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the trade off among the security and functionality features and the communication and computation costs

Abstract

The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future

Abstract

In the recent years, vehicular adhoc networks (VANETs) can be an attractive choice for collecting and transferring the healthcare data of the passengers to the remote healthcare centers. In VANETs, some of the intermediate nodes may act as relay nodes in which case, these networks are called as vehicular relay networks (VRNs). However, the transmitted information in VRNs can be captured by intruders during transmission. Moreover, an attacker can launch selective forwarding, blackhole, and sinkhole attacks in the network, which may in turn degrade the network performance parameters like high end-to-end delay, low packet delivery ratio (PDR) and network throughput. Hence, to address these issues, a secure data dissemination scheme using VRNs is proposed. In the proposed scheme, first, a secure vehicular medical relay network system is designed for the users belonging to disconnected rural areas. The collected information is filtered at zonal levels before transmission to a nearby road side units, which further pass it to the incoming vehicles. Second, a secure passenger health monitoring network is designed which continuously monitors health services of the passengers traveling in different vehicles. The information collected through small body sensors installed in the vehicles act as data sets that is forwarded to the on-board monitoring unit within the vehicle. This collected data is then transmitted to centralized healthcare centers for processing by using VRNs. Lastly, a strong elliptic curve cryptography-based cryptographic solution is designed for secure communication among different vehicles. The performance of the proposed scheme is evaluated in various network scenarios with respect to different selected parameters, such as throughput, network delay, PDR, jitter, transmission and computation overheads, and key distribution overhead. The obtained results indicate that the proposed scheme provides improvement of 52% in average delay and 5% in PDR. This further indicates effective message delivery even with high mobility of the vehicles.

Abstract

Due to recent advances in various technologies such as integrated circuit, embedded systems and wireless communications, the wireless body area network (WBAN) becomes a propitious networking paradigm. WBANs play a very important role in modern medical systems as the real-time biomedical data through intelligent medical sensors in or around the patients' body can be collected and sent the data to remote medical personnel for clinical diagnostics. However, wireless nature of communication makes an adversary to intercept or modify the private and secret data collected by the sensors in WBANs. In critical applications of WBANs, there is a great requirement to access directly the sensing information collected by the body sensors by an external user (e.g., a doctor) in order to monitor the health condition of a patient. In order to do so, the user needs to first authenticate with the accessed body sensors, and only after mutual authentication between that user and the body sensors the real-time data can be directly accessed securely by the user. In this paper, we propose a new user authentication and key management scheme for this purpose. The proposed scheme allows mutual authentication between a user and personal server connected to WBAN via the healthcare server situated at the cloud, and once the mutual authentication is successful, both user and personal server are able to establish a secret session key for their future communication. In addition, key management process is provided for establishment of secret keys among the sensors and personal server for their secure communication. The formal security based on broadly-accepted Real-Or-Random (ROR) model and informal security give confidence that the proposed scheme can withstand several known attacks needed for WBAN security. A detailed comparative analysis among the proposed scheme and other schemes shows that the proposed scheme provides better security & functionality features, low computation and comparable communication costs as compared to recently proposed related schemes. Finally, the practical demonstration using the NS2 based simulation is shown for the proposed scheme and also for other schemes.

Abstract

Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.

Abstract

Designing a secure and efficient handover authentication scheme has al-ways been a concern of cellular networks especially in 4G Long Term Evolution(LTE) wireless networks. What makes their handover so complex, is the presence of different types of base stations namely eNodeB (eNB) and Home eNodeB (HeNB).In addition, they cannot directly communicate with each other. Recently, an efficient proxy signature-based handover authentication scheme has been suggested by Qui etal. Despite its better performance and security advantages than previous schemes, itsuffers serious vulnerabilities, namely being prone to DoS attack , eNB imperson-ation attack and lack of perfect forward secrecy. In this paper, we propose an im-proved handover authentication scheme in LTE wireless networks that resists against such attacks. Further, we validate the security of the proposed scheme using Real-Or-Random (ROR) model and ProVerif analysis tool. The results confirm our security claims of the proposed scheme. In addition, the performance analysis shows that compared to other schemes, our proposed scheme is more efficient.

Abstract

Hadoop framework has been evolved to manage big data in cloud. Hadoop distributedfile system and MapReduce, the vital components of this framework, provide scalable and fault-tolerantbig data storage and processing services at a lower cost. However, Hadoop does not provide any robustauthentication mechanism for principals’ authentication. In fact, the existing state-of-the-art authenticationprotocols are vulnerable to various security threats, such as man-in-the-middle, replay, password guessing,stolen-verifier, privileged-insider, identity compromization, impersonation, denial-of-service, online/off-linedictionary, chosen plaintext, workstation compromization, and server-side compromisation attacks. Besidethese threats, the state-of-the-art mechanisms lack to address the server-side data integrity and confidentialityissues. In addition to this, most of the existing authentication protocols follow a single-server-based userauthentication strategy, which, in fact, originates single point of failure and single point of vulnerabilityissues. To address these limitations, in this paper, we propose a fault-tolerant authentication protocol suitablefor the Hadoop framework, which is called the efficient authentication protocol for Hadoop (HEAP). HEAPalleviates the major issues of the existing state-of-the-art authentication mechanisms, namely operating-system-based authentication, password-based approach, and delegated token-based schemes, respectively,which are presently deployed in Hadoop. HEAP follows two-server-based authentication mechanism. HEAPauthenticates the principal based on digital signature generation and verification strategy utilizing bothadvanced encryption standard and elliptic curve cryptography. The security analysis using both the formalsecurity using the broadly accepted real-or-random (ROR) model and the informal (non-mathematical)security shows that HEAP protects several well-known attacks. In addition, the formal security verificationusing the widely used automated validation of Internet security protocols and applications ensures that HEAPis resilient against replay and man-in-the-middle attacks. Finally, the performance study contemplates thatthe overheads incurred in HEAP is reasonable and is also comparable to that of other existing state-of-the-art authentication protocols. High security along with comparable overheads makes HEAP to be robust andpractical for a secure access to the big data storage and processing services.