Efficient Hierarchical Authentication Protocol for Multiserver Architecture

The multiserver architecture authentication (MSAA) protocol plays a significant role in achieving secure communications between devices. In recent years, researchers proposed many new MSAA protocols to gain more functionality and security. However, in the existing studies, registered users can access to all registered service providers in the system without any limitation. To ensure that the system can restrict users that are at different levels and can access to different levels of service providers, we propose a new lightweight hierarchical authentication protocol for multiserver architecture using a Merkle tree to verify user’s authentication right. The proposed protocol has hierarchical authentication functionality, high security, and reasonable computation and communication costs. Moreover, the security analysis demonstrates that the proposed protocol satisfies the security requirements in practical applications, and the proposed protocol is provably secure in the general security model.

Download Full-text

A Secure and Efficient Lightweight Vehicle Group Authentication Protocol in 5G Networks

Wireless Communications and Mobile Computing ◽

10.1155/2021/4079092 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Junfeng Miao ◽

Zhaoshun Wang ◽

Xue Miao ◽

Longyue Xing

Keyword(s):

Vehicular Networks ◽

Chinese Remainder Theorem ◽

Chaotic Map ◽

Security Analysis ◽

High Mobility ◽

Authentication Protocol ◽

Security Requirements ◽

Vehicle Group ◽

Communication Overhead ◽

5G Networks

When mobile network enters 5G era, 5G networks have a series of unparalleled advantages. Therefore, the application of 5G network technology in the Internet of Vehicles (IoV) can promote more intelligently vehicular networks and more efficiently vehicular information transmission. However, with the combination of 5G networks and vehicular networks technology, it requires safe and reliable authentication and low computation overhead. Therefore, it is a challenge to achieve such low latency, security, and high mobility. In this paper, we propose a secure and efficient lightweight authentication protocol for vehicle group. The scheme is based on the extended chaotic map to achieve authentication, and the Chinese remainder theorem distributes group keys. Scyther is used to verify the security of the scheme, and the verification results show that the security of the scheme can be guaranteed. In addition, through security analysis, the scheme can not only effectively resist various attacks but also guarantee security requirements such as anonymity and unlinkability. Finally, by performance analysis and comparison, our scheme has less computation and communication overhead.

Download Full-text

Provably Secure Crossdomain Multifactor Authentication Protocol for Wearable Health Monitoring Systems

Wireless Communications and Mobile Computing ◽

10.1155/2020/8818704 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Hui Zhang ◽

Yuanyuan Qian ◽

Qi Jiang

Keyword(s):

Health Monitoring ◽

Security Analysis ◽

Wearable Devices ◽

Authentication Protocol ◽

Security And Privacy ◽

Monitoring Systems ◽

Multifactor Authentication ◽

Health Monitoring Systems ◽

Wearable Health Monitoring Systems ◽

Provably Secure

Wearable health monitoring systems (WHMSs) have become the most effective and practical solutions to provide users with low-cost, noninvasive, long-term continuous health monitoring. Authentication is one of the key means to ensure physiological information security and privacy. Although numerous authentication protocols have been proposed, few of them cater to crossdomain WHMSs. In this paper, we present an efficient and provably secure crossdomain multifactor authentication protocol for WHMSs. First, we propose a ticket-based authentication model for multidomain WHMSs. Specifically, a mobile device of one domain can request a ticket from the cloud server of another domain with which wearable devices are registered and remotely access the wearable devices with the ticket. Secondly, we propose a crossdomain three-factor authentication scheme based on the above model. Only a doctor who can present all three factors can request a legitimate ticket and use it to access the wearable devices. Finally, a comprehensive security analysis of the proposed scheme is carried out. In particular, we give a provable security analysis in the random oracle model. The comparisons of security and efficiency with the related schemes demonstrate that the proposed scheme is secure and practical.

Download Full-text

Password authentication scheme based on smart card and QR code

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v23.i1.pp140-149 ◽

2021 ◽

Vol 23 (1) ◽

pp. 140

Author(s):

Mushtaq Hasson ◽

Ali A. Yassin ◽

Abdulla J. Yassin ◽

Abdullah Mohammed Rashid ◽

Aqeel A. Yaseen ◽

...

Keyword(s):

Smart Card ◽

Key Management ◽

Service Providers ◽

Mutual Authentication ◽

Security Analysis ◽

Cloud Service ◽

Cloud Services ◽

Authentication Scheme ◽

Qr Code ◽

Practical Applications

As a hopeful computing paradigm, cloud services are obtainable to end users based on pay-as-you-go service. Security is represented one of the vital issues for the extended adoption of cloud computing, with the object of accessing several cloud service providers, applications, and services by using anonymity features to authenticate the user. We present a good authentication scheme based on quick response (QR) code and smart card. Furthermore, our proposed scheme has several crucial merits such as key management, mutual authentication, one-time password, user anonymity, freely chosen password, secure password changes, and revocation by using QR code. The security of proposed scheme depends on crypto-hash function, QR-code validation, and smart card. Moreover, we view that our proposed scheme can resist numerous malicious attacks and are more appropriate for practical applications than other previous works. The proposed scheme has proved as a strong mutual authentication based on burrows-abadi-needham (BAN) logic and security analysis. Furthermore, our proposed scheme has good results compared with related work.

Download Full-text

A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

Applied Sciences ◽

10.3390/app10103565 ◽

2020 ◽

Vol 10 (10) ◽

pp. 3565 ◽

Cited By ~ 3

Author(s):

SungJin Yu ◽

JoonYoung Lee ◽

YoHan Park ◽

YoungHo Park ◽

SangWoo Lee ◽

...

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Internet Security ◽

Mobile Technologies ◽

Security Requirements ◽

Replay Attacks ◽

Global Mobility ◽

Global Mobility Networks ◽

Three Factor

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

Download Full-text

SKINNY-Based RFID Lightweight Authentication Protocol

Sensors ◽

10.3390/s20051366 ◽

2020 ◽

Vol 20 (5) ◽

pp. 1366 ◽

Cited By ~ 2

Author(s):

Liang Xiao ◽

He Xu ◽

Feng Zhu ◽

Ruchuan Wang ◽

Peng Li

Keyword(s):

Radio Frequency Identification ◽

Low Cost ◽

Rapid Development ◽

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Security Requirements ◽

Iot Devices ◽

Lightweight Authentication

With the rapid development of the Internet of Things and the popularization of 5G communication technology, the security of resource-constrained IoT devices such as Radio Frequency Identification (RFID)-based applications have received extensive attention. In traditional RFID systems, the communication channel between the tag and the reader is vulnerable to various threats, including denial of service, spoofing, and desynchronization. Thus, the confidentiality and integrity of the transmitted data cannot be guaranteed. In order to solve these security problems, in this paper, we propose a new RFID authentication protocol based on a lightweight block cipher algorithm, SKINNY, (short for LRSAS). Security analysis shows that the LRSAS protocol guarantees mutual authentication and is resistant to various attacks, such as desynchronization attacks, replay attacks, and tracing attacks. Performance evaluations show that the proposed solution is suitable for low-cost tags while meeting security requirements. This protocol reaches a balance between security requirements and costs.

Download Full-text

Privacy-Preserving Two-Factor Key Agreement Protocol Based on Chebyshev Polynomials

Security and Communication Networks ◽

10.1155/2021/6697898 ◽

2021 ◽

Vol 2021 ◽

pp. 1-21

Author(s):

Zuowen Tan

Keyword(s):

Chebyshev Polynomials ◽

Key Agreement ◽

Chaotic Maps ◽

Security Analysis ◽

Random Oracle Model ◽

Security Requirements ◽

Security Level ◽

Authenticated Key Agreement ◽

Practical Applications ◽

Agreement Protocols

Two-factor authentication is one of the widely used approaches to allow a user to keep a weak password and establish a key shared with a server. Recently, a large number of chaotic maps-based authentication mechanisms have been proposed. However, since the Diffie–Hellman problem of the Chebyshev polynomials defined on the interval [−1,+1] can be solved by Bergamo et al.’s method, most of the secure chaotic maps-based key agreement protocols utilize the enhanced Chebyshev polynomials defined on the interval (−∞,+∞). Thus far, few authenticated key agreement protocols based on chaotic maps have been able to achieve user unlinkability. In this paper, we take the ﬁrst step in addressing this problem. More speciﬁcally, we propose the notions of privacy in authenticated key agreement protocols: anonymity-alone, weak unlinkability, medium unlinkability, and strong unlinkability. Then, we construct two two-factor authentication schemes with medium unlinkability based on Chebyshev polynomials defined on the interval [−1,1] and (−∞,+∞), respectively. We do the formal security analysis of the proposed schemes under the random oracle model. In addition, the proposed protocols satisfy all known security requirements in practical applications. By using Burrows-Abadi-Needham logic (BAN-logic) nonce verification, we demonstrate that the proposed schemes achieve secure authentication. In addition, the detailed comparative security and performance analysis shows that the proposed schemes enable the same functionality but improve the security level.

Download Full-text

Lightweight Data Aggregation Scheme against Internal Attackers in Smart Grid Using Elliptic Curve Cryptography

Wireless Communications and Mobile Computing ◽

10.1155/2017/3194845 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 19

Author(s):

Debiao He ◽

Sherali Zeadally ◽

Huaqun Wang ◽

Qin Liu

Keyword(s):

Smart Grid ◽

Elliptic Curve ◽

Data Aggregation ◽

Elliptic Curve Cryptography ◽

Secure Communication ◽

Security Analysis ◽

Security Requirements ◽

Grid Environment ◽

Practical Applications ◽

Aggregation Scheme

Recent advances of Internet and microelectronics technologies have led to the concept of smart grid which has been a widespread concern for industry, governments, and academia. The openness of communications in the smart grid environment makes the system vulnerable to different types of attacks. The implementation of secure communication and the protection of consumers’ privacy have become challenging issues. The data aggregation scheme is an important technique for preserving consumers’ privacy because it can stop the leakage of a specific consumer’s data. To satisfy the security requirements of practical applications, a lot of data aggregation schemes were presented over the last several years. However, most of them suffer from security weaknesses or have poor performances. To reduce computation cost and achieve better security, we construct a lightweight data aggregation scheme against internal attackers in the smart grid environment using Elliptic Curve Cryptography (ECC). Security analysis of our proposed approach shows that it is provably secure and can provide confidentiality, authentication, and integrity. Performance analysis of the proposed scheme demonstrates that both computation and communication costs of the proposed scheme are much lower than the three previous schemes. As a result of these aforementioned benefits, the proposed lightweight data aggregation scheme is more practical for deployment in the smart grid environment.

Download Full-text

TC-PSLAP: Temporal Credential-Based Provably Secure and Lightweight Authentication Protocol for IoT-Enabled Drone Environments

Security and Communication Networks ◽

10.1155/2021/9919460 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Zeeshan Ali ◽

Bander A. Alzahrani ◽

Ahmed Barnawi ◽

Abdullah Al-Barakati ◽

Pandi Vijayakumar ◽

...

Keyword(s):

Smart Cities ◽

Security Analysis ◽

Authentication Protocol ◽

Time Data ◽

Session Key ◽

Privacy And Security ◽

Security Issues ◽

Lightweight Authentication ◽

Secure Authentication ◽

Provably Secure

In smart cities, common infrastructures are merged and integrated with various components of information communication and technology (ICT) to be coordinated and controlled. Drones (unmanned aerial vehicles) are amongst those components, and when coordinated with each other and with the environment, the drones form an Internet of Drones (IoD). The IoD provides real-time data to the users in smart cities by utilizing traditional cellular networks. However, the delicate data gathered by drones are subject to many security threats and give rise to numerous privacy and security issues. A robust and secure authentication scheme is required to allow drones and users to authenticate and establish a session key. In this article, we proposed a provably secure symmetric-key and temporal credential-based lightweight authentication protocol (TC-PSLAP) to secure the drone communication. We prove that the proposed scheme is provably secure formally through the automated verification tool AVISPA and Burrows–Abadi–Needham logic (BAN logic). Informal security analysis is also performed to depict that the proposed TC-PSLAP can resist known attacks.

Download Full-text

Tenant-Oriented Monitoring for Customized Security Services in the Cloud

Symmetry ◽

10.3390/sym11020252 ◽

2019 ◽

Vol 11 (2) ◽

pp. 252 ◽

Cited By ~ 3

Author(s):

Huaizhe Zhou ◽

Haihe Ba ◽

Yongjun Wang ◽

Zhiying Wang ◽

Jun Ma ◽

...

Keyword(s):

Virtual Machines ◽

Service Providers ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Sensitive Information ◽

Cloud Environment ◽

Security Issues ◽

Security Services ◽

Runtime Information

The dramatic proliferation of cloud computing makes it an attractive target for malicious attacks. Increasing solutions resort to virtual machine introspection (VMI) to deal with security issues in the cloud environment. However, the existing works are not feasible to support tenants to customize individual security services based on their security requirements flexibly. Additionally, adoption of VMI-based security solutions makes tenants at the risk of exposing sensitive information to attackers. To alleviate the security and privacy anxieties of tenants, we present SECLOUD, a framework for monitoring VMs in the cloud for security analysis in this paper. By extending VMI techniques, SECLOUD provides remote tenants or their authorized security service providers with flexible interfaces for monitoring runtime information of guest virtual machines (VMs) in a non-intrusive manner. The proposed framework enhances effectiveness of monitoring by taking advantages of architectural symmetry of cloud environment. Moreover, we harden our framework with a privacy-preserving capacity for tenants. The flexibility and effectiveness of SECLOUD is demonstrated through a prototype implementation based on Xen hypervisor, which results in acceptable performance overhead.

Download Full-text

DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽

10.3390/network1020006 ◽

2021 ◽

Vol 1 (2) ◽

pp. 75-94

Author(s):

Ed Kamya Kiyemba Edris ◽

Mahdi Aiash ◽

Jonathan Loo

Keyword(s):

Mobile Networks ◽

Service Providers ◽

Security Analysis ◽

Mobile Network ◽

End Users ◽

Third Party ◽

Control Mechanisms ◽

Security Measures ◽

Data Caching ◽

Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Download Full-text