scholarly journals Anticollusion Attack Noninteractive Security Hierarchical Key Agreement Scheme in WHMS

2016 ◽  
Vol 2016 ◽  
pp. 1-14
Author(s):  
Kefei Mao ◽  
Jianwei Liu ◽  
Jie Chen
Keyword(s):  
Key Agreement ◽  
Security Analysis ◽  
Limited Resources ◽  
Wireless Health ◽  
Privacy And Security ◽  
Collusion Attack ◽  
Security Proof ◽  
Security Properties ◽  
Health Monitoring Systems ◽  
Biometric Information

Wireless Health Monitoring Systems (WHMS) have potential to change the way of health care and bring numbers of benefits to patients, physicians, hospitals, and society. However, there are crucial barriers not only to transmit the biometric information but also to protect the privacy and security of the patients’ information. The key agreement between two entities is an essential cryptography operation to clear the barriers. In particular, the noninteractive hierarchical key agreement scheme becomes an attractive direction in WHMS because each sensor node or gateway has limited resources and power. Recently, a noninteractive hierarchical key agreement scheme has been proposed by Kim for WHMS. However, we show that Kim’s cryptographic scheme is vulnerable to the collusion attack if the physicians can be corrupted. Obviously, it is a more practical security condition. Therefore, we proposed an improved key agreement scheme against the attack. Security proof, security analysis, and experimental results demonstrate that our proposed scheme gains enhanced security and more efficiency than Kim’s previous scheme while inheriting its qualities of one-round communication and security properties.

scholarly journals A Novel Machine Learning-Based Approach for Security Analysis of Authentication and Key Agreement Protocols

2020 ◽  
Vol 2020 ◽  
pp. 1-15
Author(s):  
Behnam Zahednejad ◽  
Lishan Ke ◽  
Jing Li
Keyword(s):  
Machine Learning ◽  
Key Agreement ◽  
Security Analysis ◽  
Replay Attack ◽  
Authentication And Key Agreement ◽  
Password Guessing Attack ◽  
Dataset Size ◽  
Security Properties ◽  
Guessing Attack ◽  
Construction Model

The application of machine learning in the security analysis of authentication and key agreement protocol was first launched by Ma et al. in 2018. Although they received remarkable results with an accuracy of 72% for the first time, their analysis is limited to replay attack and key confirmation attack. In addition, their suggested framework is based on a multiclassification problem in which every protocol or dataset instance is either secure or prone to a security attack such as replay attack, key confirmation, or other attacks. In this paper, we show that multiclassification is not an appropriate framework for such analysis, since authentication protocols may suffer different attacks simultaneously. Furthermore, we consider more security properties and attacks to analyze protocols against. These properties include strong authentication and Unknown Key Share (UKS) attack, key freshness, key authentication, and password guessing attack. In addition, we propose a much more efficient dataset construction model using a tenth number of features, which improves the solving speed to a large extent. The results indicate that our proposed model outperforms the previous models by at least 10–20 percent in all of the machine learning solving algorithms such that upper-bound performance reaches an accuracy of over 80% in the analysis of all security properties and attacks. Despite the previous models, the classification accuracy of our proposed dataset construction model rises in a rational manner along with the increase of the dataset size.

Security Analysis of Two Chaotic Maps-Based Authentication Scheme

2015 ◽  
Vol 740 ◽  
pp. 885-888 ◽  
Author(s):  
Chun Xia Du ◽  
Feng Tong Wen ◽  
Hao Lin
Keyword(s):  
Information Systems ◽  
Key Agreement ◽  
Chaotic Maps ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Medicine Information ◽  
Telecare Medicine Information Systems ◽  
Authentication And Key Agreement ◽  
Security Properties

In a recent paper, Chang et al. proposed an authentication scheme for E-coupon systems and proved that their scheme can prevent a range of attacks. In this paper, we reanalyze the Chang et al.’ scheme and demonstrate that it cannot resist off-line password attack, masquerading shop attack and masquerading customer attack. Moreover, it cannot achieve two security properties that is anonymity and traceability. Meanwhile, Lee proposed an efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. In the scheme, we find it also cannot resist off-line password attack, masquerading attack. Unfortunately, it resists an deadly error. So the scheme cannot run.

scholarly journals A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

2021 ◽  
Author(s):  
Rahman Hajian ◽  
Abbas Haghighat ◽  
S.Hossein Erfani
Keyword(s):  
Key Agreement ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Third Party ◽  
Security Requirements ◽  
Authentication And Key Agreement ◽  
Key Agreement Protocol ◽  
Security Proof ◽  
Private And Public ◽  
Shared Networks

Abstract Internet of Things (IoT) is a developing technology in our time that is prone to security problems as it uses wireless and shared networks. A challenging scenario in IoT environments is Device-to-Device (D2D) communication that an authentication server as a trusted third-party, does not involve in the authentication and key agreement process. It is only involved in the process of allocating long-term secret keys and their update. A lot of authentication protocols have been suggested for such situations. This article demonstrated that three state-of-the-art related protocols failed to remain anonymous, insecure against key compromise impersonation (KCI) attack, and clogging attack. To counter the pitfalls of them, a new D2D mutual authentication and key agreement protocol is designed here. The proposed protocol is anonymous, untraceable, and highly secure. Moreover, there is no need for a secure channel to generate a pair of private and public keys in the registration phase.) Formal security proof and security analysis using BAN logic, Real-Or-Random (ROR) model, and Scyther tool showed that our proposed protocol satisfied security requirements. Furthermore, communication cost, computation cost, and energy consumption comparisons denoted our schema has better performance, compared to other protocols.

scholarly journals Privacy-Preserving Machine Authenticated Key Agreement for Internet of Things

2021 ◽  
Vol 13 (2) ◽  
pp. 99-120
Author(s):  
Beaton Kapito ◽  
Mwawi Nyirenda ◽  
Hyunsung Kim
Keyword(s):  
Internet Of Things ◽  
Key Agreement ◽  
Security Analysis ◽  
Physical World ◽  
Privacy Preserving ◽  
Security And Privacy ◽  
Research Gaps ◽  
Authenticated Key Agreement ◽  
Privacy And Security ◽  
Active Attacks

Internet of things (IoT) is the integration of computer-based systems and the physical world in which things interact with each other. Due to heterogeneity and resource-constrained feature of IoT devices, there are many privacy and security challenges resulting in many threat vulnerabilities in IoT environments. After reviewing and analyzing the recent IoT security, privacy, and authentication protocols, we will withdraw research gaps focused on the elimination of human factors in IoT authentication. In order to fill these research gaps, this paper proposes a privacy-preserving machine authenticated key agreement based on IoT, denoted as IoTMAKA. IoTMAKA uses dynamic identity and machine fingerprint to provide security and privacy. Security analysis shows that IoTMAKA provides anonymity and untraceability, provides freshness, and is secure against passive and active attacks. IoTMAKA reduces communication overheads by 20% and computational overheads by 25% on average as compared to the previous related works.

scholarly journals Bio Parameters Monitoring System for Sea Researchers using LiFi

2021 ◽  
Vol 9 (VI) ◽  
pp. 5416-5422
Author(s):  
Liya George
Keyword(s):  
Monitoring System ◽  
Health Monitoring ◽  
Health Condition ◽  
Maximum Efficiency ◽  
Wireless Health ◽  
Health Monitoring System ◽  
Scuba Divers ◽  
Communication Method ◽  
Health Monitoring Systems ◽  
Parameter Values

Different types of health monitoring systems are now available in the market. We are using them as a part of our day-to-day life to analyze health conditions. In the case of sea researchers and scuba divers, the medium they are working is water. The health difficulties are more inside the water. So there is a need to develop a health monitoring system for sea researcher’s/scuba divers to analyze their health condition frequently to ensure their safety. The proposed work uses LiFi technology as the communication method to transmit and receive corresponding bio parameter values. This work aims to provide a harmless wireless health monitoring system that will provide maximum efficiency inside the water.

scholarly journals Anonymously Establishing Digital  Provenance in Reseller Chains

2021 ◽  
Author(s):  
◽  
Benjamin Philip Palmer
Keyword(s):  
Security Analysis ◽  
Security Requirements ◽  
Model Checker ◽  
Extended Version ◽  
Design Development ◽  
Provenance Information ◽  
Security Properties ◽  
History Of ◽  
Sequential Processes ◽  
A Chain

<p>An increasing number of products are exclusively digital items, such as media files, licenses, services, or subscriptions. In many cases customers do not purchase these items directly from the originator of the product but through a reseller instead. Examples of some well known resellers include GoDaddy, the iTunes music store, and Amazon. This thesis considers the concept of provenance of digital items in reseller chains. Provenance is defined as the origin and ownership history of an item. In the context of digital items, the origin of the item refers to the supplier that created it and the ownership history establishes a chain of ownership from the supplier to the customer. While customers and suppliers are concerned with the provenance of the digital items, resellers will not want the details of the transactions they have taken part in made public. Resellers will require the provenance information to be anonymous and unlinkable to prevent third parties building up large amounts of information on the transactions of resellers. This thesis develops security mechanisms that provide customers and suppliers with assurances about the provenance of a digital item, even when the reseller is untrusted, while providing anonymity and unlinkability for resellers . The main contribution of this thesis is the design, development, and analysis of the tagged transaction protocol. A formal description of the problem and the security properties for anonymously providing provenance for digital items in reseller chains are defined. A thorough security analysis using proofs by contradiction shows the protocol fulfils the security requirements. This security analysis is supported by modelling the protocol and security requirements using Communicating Sequential Processes (CSP) and the Failures Divergences Refinement (FDR) model checker. An extended version of the tagged transaction protocol is also presented that provides revocable anonymity for resellers that try to conduct a cloning attack on the protocol. As well as an analysis of the security of the tagged transaction protocol, a performance analysis is conducted providing complexity results as well as empirical results from an implementation of the protocol.</p>

Cyber Physical Security Solutions for Pervasive Health Monitoring Systems

2013 ◽  
pp. 143-162 ◽  
Author(s):  
Krishna K. Venkatasubramanian ◽  
Sidharth Nabar ◽  
Sandeep K. S. Gupta ◽  
Radha Poovendran
Keyword(s):  
Health Monitoring ◽  
Key Agreement ◽  
Cyber Physical Systems ◽  
Monitoring Systems ◽  
Critical Systems ◽  
Physical Security ◽  
Physical Systems ◽  
Physiological Signal ◽  
Health Monitoring Systems ◽  
Pervasive Health

With a rapidly aging population, the healthcare community will soon face severe medical personnel shortage and rising costs. Pervasive Health Monitoring Systems (PHMS) can help alleviate this situation. PHMS provides continuous real-time monitoring of a person’s health using a (usually wireless) network of medical and ambient sensors/devices on the host (patients), called Body Area Networks (BANs). The sensitive nature of health information collected by PHMS mandates that patient’s privacy be protected by securing the medical data from any unauthorized access. The authors’ approach for addressing these issues focuses on a key observation that PHMS are cyber-physical systems (CPS). Cyber-physical systems are networked, computational platforms, deeply embedded in specific physical processes for monitoring and actuation purposes. In this work, they therefore present a novel perspective on securing PHMS, called Cyber Physical Security (CYPSec) solutions. CYPSec solutions are environmentally-coupled security solutions, which operate by combining traditional security primitives along with environmental features. Its use results in not only secure operation of a system but also the emergence of additional “allied” properties which enhance its overall capabilities. The principal focus of this chapter is the development of a new security approach for PHMS called CYPsec that leverages their cyber-physical nature. The authors illustrate the design issues and principals of CYPSec through two specific examples of this generic approach: (a) Physiological Signal based key Agreement (PSKA) is designed to enable automated key agreement between sensors in the BAN based on physiological signals from the body; and (b) Criticality Aware Access Control (CAAC) which has the ability to provide controlled opening of the system for emergency management. Further, they also discuss aspects such as altered threat-model, increased complexity, non-determinism, and mixed critical systems, that must be addressed to make CYPSec a reality.

Sign in / Sign up

Export Citation Format

Share Document