Abstract

Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertextpolicy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can ‘‘write’’ the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has O(1) timecomplexity for each decryption and encryption. Our scheme is then shown to be secure against a chosenciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.

Abstract

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.

Abstract

Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user’s privacy. A viable solution is user authentication set-up for multi-cloud-server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-server up on registration with a registration authority. Biometrics is a widely used authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based authentication scheme for multi-cloud-server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.

Abstract

A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi-Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.

Abstract

A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anticounterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.

Abstract

The recent proliferation of mobile devices, such as smartphones and wearable devices has given rise to crowdsourcing Internet of Things (IoT) applications. E-healthcare service is one of the important services for the crowdsourcing IoT applications that facilitates remote access or storage of medical server data to the authorized users (for example, doctors, patients, and nurses) via wireless communication. As wireless communication is susceptible to various kinds of threats and attacks, remote user authentication is highly essential for a hazard-free use of these services. In this paper, we aim to propose a new secure three-factor user remote user authentication protocol based on the extended chaotic maps. The three factors involved in the proposed scheme are: 1) smart card; 2) password; and 3) personal biometrics. As the proposed scheme avoids computationally expensive elliptic curve point multiplication or modular exponentiation operation, it is lightweight and efficient. The formal security verification using the widely-accepted verification tool, called the ProVerif 1.93, shows that the presented scheme is secure. In addition, we present the formal security analysis using the both widely accepted real-or-random model and Burrows-Abadi-Needham logic. With the combination of high security and appreciably low communication and computational overheads, our scheme is very much practical for battery limited devices for the healthcare applications as compared to other existing related schemes.

Abstract

Implantable medical devices (IMDs) are man-made devices, which can be implanted in the human body to improve the functioning of various organs. The IMDs monitor and treat physiological condition of the human being (for example, monitoring of blood glucose level by insulin pump). The advancement of information and communication technology enhances the communication capabilities of IMDs. In healthcare applications, after mutual authentication, a user (for example, doctor) can access the health data from the IMDs implanted in a patient's body. However, in this kind of communication environment, there are always security and privacy issues, such as leakage of health data and malfunctioning of IMDs by an unauthorized access. To mitigate these issues, in this paper, we propose a new secure remote user authentication scheme for IMDs communication environment to overcome security and privacy issues in existing schemes. We provide the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. We also provide the informal security analysis of the proposed scheme. The formal security verification and informal security analysis prove that the proposed scheme is secure against known attacks. The practical demonstration of the proposed scheme is performed using the broadly accepted NS2 simulation tool. The computation and communication costs of the proposed scheme are also comparable with the existing schemes. Moreover, the scheme provides additional functionality features, such as anonymity, untraceability, and dynamic implantable medical device addition.

Abstract

Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanović et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.

Abstract

Due to the widespread popularity in both academia and industry, vehicular ad hoc networks (VANETs) have been used in a wide range of applications starting from intelligent transportation to e-health and itinerary planning. This paper proposes a new decentralized lightweight authentication and key agreement scheme for VANETs. In the proposed scheme, there are three types of mutual authentications: 1) between vehicles; 2) between vehicles and their respective cluster heads; and 3) between cluster heads and their respective roadside units. Apart from these authentications, the proposed scheme also maintains secret keys between roadside units for their secure communications. The rigorous formal and informal security analysis shows that the proposed scheme is capable to defend various malicious attacks. Moreover, the ns-2 simulation demonstrates the practicability of the proposed scheme in VANET environment.

Abstract

Smart grid (SG) technology has recently received significant attention due to its usage in maintaining demand response management in power transmission systems. In SG, charging of electric vehicles becomes one of the emerging applications. However, authentication between a vehicle user and a smart meter is required so that both of them can securely communicate for managing demand response during peak hours. To address the above mentioned issues, in this paper, we propose a new efficient three-factor user authentication scheme for a renewable energy-based smart grid environment (TUAS-RESG), which uses the lightweight cryptographic computations such as one-way hash functions, bitwise XOR operations, and elliptic curve cryptography. The detailed security analysis shows the robustness of TUAS-RESG against various well-known attacks. Moreover, TUAS-RESG provides superior security with additional features, such as dynamic smart meter addition, flexibility for password and biometric update, user and smart meter anonymity, and untraceability as compared to other related existing schemes. The practical demonstration of TUAS-RESG is also proved using the widely accepted NS2 simulation.