scholarly journals A Novel RLWE-Based Anonymous Mutual Authentication Protocol for Space Information Network

2020 ◽  
Vol 2020 ◽  
pp. 1-12
Author(s):  
Junyan Guo ◽  
Ye Du
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Real Life ◽  
Public Key Cryptography ◽  
Wireless Channel ◽  
Base Stations ◽  
Security Requirements ◽  
Information Network ◽  
Privacy And Security ◽  
Space Information Network

Currently, space information network (SIN) has become an increasingly important role in real life. As a large heterogeneous wireless network, SIN can better provide global mobile services to users anytime and anywhere, even in extreme geographic environments. In addition, there is no need to build the communication base-stations every few kilometers on the ground to ensure high service quality, which greatly reduces the construction costs and can be used as an economical communication method in sparsely populated areas. So there is a trend that more and more end users are more likely to get SIN services than traditional terrestrial cellular networks. However, due to the openness and publicity of the satellite wireless channel and the limited resources of the satellite nodes, the privacy and security cannot be perfectly guaranteed and may even be vulnerable to attacks initiated by the adversary such as replay attacks, impersonation attacks, and eavesdropping attacks. To improve the access security of SIN, researchers have proposed a series of authentication protocols based on different cryptographic assumptions. Nevertheless, existing research shows that these protocols cannot meet the requirements of higher and higher security and short authentication delay. In addition, these protocols are mainly based on public key cryptography mechanisms such as DLP and ECDLP, which can be solved by postquantum computers in polynomial time, so these protocols will no longer be secure. To solve the vulnerability of these protocols, in this paper, we propose a new RLWE-based anonymous mutual authentication and key agreement protocol, which guarantees higher security with low computational overhead even in the postquantum era. Detailed security analysis shows that our protocol meets security requirements and is resistant to a variety of known attacks. Besides, combining security comparison and performance analysis, our proposed protocol is more practical than other protocols in SIN.

scholarly journals A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

2020 ◽  
Vol 10 (10) ◽  
pp. 3565 ◽  
Author(s):  
SungJin Yu ◽  
JoonYoung Lee ◽  
YoHan Park ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Protocol ◽  
Internet Security ◽  
Mobile Technologies ◽  
Security Requirements ◽  
Replay Attacks ◽  
Global Mobility ◽  
Global Mobility Networks ◽  
Three Factor

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

scholarly journals SKINNY-Based RFID Lightweight Authentication Protocol

Sensors ◽  
2020 ◽  
Vol 20 (5) ◽  
pp. 1366 ◽  
Author(s):  
Liang Xiao ◽  
He Xu ◽  
Feng Zhu ◽  
Ruchuan Wang ◽  
Peng Li
Keyword(s):  
Radio Frequency Identification ◽  
Low Cost ◽  
Rapid Development ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Protocol ◽  
Security Requirements ◽  
Iot Devices ◽  
Lightweight Authentication

With the rapid development of the Internet of Things and the popularization of 5G communication technology, the security of resource-constrained IoT devices such as Radio Frequency Identification (RFID)-based applications have received extensive attention. In traditional RFID systems, the communication channel between the tag and the reader is vulnerable to various threats, including denial of service, spoofing, and desynchronization. Thus, the confidentiality and integrity of the transmitted data cannot be guaranteed. In order to solve these security problems, in this paper, we propose a new RFID authentication protocol based on a lightweight block cipher algorithm, SKINNY, (short for LRSAS). Security analysis shows that the LRSAS protocol guarantees mutual authentication and is resistant to various attacks, such as desynchronization attacks, replay attacks, and tracing attacks. Performance evaluations show that the proposed solution is suitable for low-cost tags while meeting security requirements. This protocol reaches a balance between security requirements and costs.

scholarly journals Secure Message Transmission for V2V Based on Mutual Authentication for VANETs

2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Jabar Mahmood ◽  
Zongtao Duan ◽  
Heng Xue ◽  
Yun Yang ◽  
Michael Abebe Berwo ◽  
...  
Keyword(s):  
Privacy Preservation ◽  
Vehicular Ad Hoc Networks ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Security Requirements ◽  
Security And Privacy ◽  
Transmission Scheme ◽  
Message Transmission ◽  
And Performance ◽  
Secure Message Transmission

The advancements in Vehicular Ad Hoc Networks (VANETs) require more intelligent security protocols that ultimately provide unbreakable security to vehicles and other components of VANETs. VANETs face various types of security pitfalls due to the openness characteristics of the VANET communication infrastructure. Researchers have recently proposed different mutual authentication schemes that address security and privacy issues in vehicle-to-vehicle (V2V) communication. However, some V2V security schemes suffer from inadequate design and are hard to implement practically. In addition, some schemes face vehicle traceability and lack anonymity. Hence, this paper’s primary goal is to enhance privacy preservation through mutual authentication and to achieve better security and performance. Therefore, this article first describes the vulnerabilities of a very recent authentication scheme presented by Vasudev et al. Our analysis proves that the design of Vasudev et al.’s scheme is incorrect, and resultantly, the scheme does not provide mutual authentication between a vehicle and vehicle server when multiple vehicles are registered with the vehicle sever. Furthermore, this paper proposes a secure message transmission scheme for V2V in VANETs. The proposed scheme fulfills the security and performance requirements of VANETs. The security analysis of the proposed scheme using formal BAN and informal discussion on security features confirm that the proposed scheme fulfills the security requirements, and the performance comparisons show that the proposed scheme copes with the lightweightness requirements of VANETs.

scholarly journals A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps

2021 ◽  
Vol 26 (3) ◽  
Author(s):  
Majid Hatamian ◽  
Samuel Wairimu ◽  
Nurul Momen ◽  
Lothar Fritsch
Keyword(s):  
Time Pressure ◽  
Security Analysis ◽  
Security Requirements ◽  
Security And Privacy ◽  
Contact Tracing ◽  
Privacy Policy ◽  
Privacy And Security ◽  
Android Apps ◽  
Dynamic Performances ◽  
The Impact

AbstractAs this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

scholarly journals A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

2021 ◽  
Author(s):  
Rahman Hajian ◽  
Abbas Haghighat ◽  
S.Hossein Erfani
Keyword(s):  
Key Agreement ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Third Party ◽  
Security Requirements ◽  
Authentication And Key Agreement ◽  
Key Agreement Protocol ◽  
Security Proof ◽  
Private And Public ◽  
Shared Networks

Abstract Internet of Things (IoT) is a developing technology in our time that is prone to security problems as it uses wireless and shared networks. A challenging scenario in IoT environments is Device-to-Device (D2D) communication that an authentication server as a trusted third-party, does not involve in the authentication and key agreement process. It is only involved in the process of allocating long-term secret keys and their update. A lot of authentication protocols have been suggested for such situations. This article demonstrated that three state-of-the-art related protocols failed to remain anonymous, insecure against key compromise impersonation (KCI) attack, and clogging attack. To counter the pitfalls of them, a new D2D mutual authentication and key agreement protocol is designed here. The proposed protocol is anonymous, untraceable, and highly secure. Moreover, there is no need for a secure channel to generate a pair of private and public keys in the registration phase.) Formal security proof and security analysis using BAN logic, Real-Or-Random (ROR) model, and Scyther tool showed that our proposed protocol satisfied security requirements. Furthermore, communication cost, computation cost, and energy consumption comparisons denoted our schema has better performance, compared to other protocols.

scholarly journals 5G wireless P2MP backhaul security protocol: an adaptive approach

2019 ◽  
Vol 2019 (1) ◽  
Author(s):  
Jiyoon Kim ◽  
Gaurav Choudhary ◽  
Jaejun Heo ◽  
Daniel Gerbi Duguma ◽  
Ilsun You
Keyword(s):  
Security Policy ◽  
Mutual Authentication ◽  
Access Network ◽  
Security Analysis ◽  
Key Exchange ◽  
Security Protocol ◽  
Transport Layer ◽  
Security Requirements ◽  
Key Update ◽  
Security Standards

Abstract5G has introduced various emerging demands for new services and technologies that raised the bar for quality of service, latency, handovers, and data rates. Such diverse and perplexing network requirements bring numerous issues, among which security stands in the first row. The backhaul, which can be implemented as a wired or wireless solution, serves as a bridge between the radio access and core networks assuring connectivity to end users. The recent trends in backhaul usage rely on wireless technologies implemented using point-to-point (PTP) or point-to-multipoint (P2MP) configurations. Unfortunately, due to the nature of the transmission medium, the wireless backhaul is vulnerable and exposed to more various security threats and attacks than the wired one. In order to protect the backhaul, there have been several researches, whose authentication and key exchange scheme mainly depends on the existing security standards such as transport layer security (TLS), Internet Key Exchange version 1 (IKEv1), IKEv2, Host Identity Protocol (HIP), and Authentication and Key Agreement (AKA). However, such security standards cannot completely fulfil the security requirements including security policy update, key update, and balancing between security and efficiency, which are necessary for the emerging 5G networks. This is basically the motive behind why we study and propose a new security protocol for the backhaul link of wireless access network based on P2MP model. The proposed protocol is designed to be 5G-aware, and provides mutual authentication, perfect forward secrecy, confidentiality, integrity, secure key exchange, security policy update, key update, and balancing trade-off between efficiency and security while preventing resource exhaustion attacks. The protocol’s correctness is formally verified by the well-known formal security analysis tools: BAN-logic and Scyther. Moreover, the derived lemmas prove that the security requirements are satisfied. Finally, from a comparison analysis, it is shown that the proposed protocol is better than other standard protocols.

scholarly journals Design and Implementation of RFID Active Tags and Mutual Authentication Protocol with Ownership Transfer Stage

2017 ◽  
Vol 13 (1) ◽  
pp. 83-103
Author(s):  
Issam Hussein ◽  
Ramzy Ali ◽  
Basil Jasim
Keyword(s):  
Radio Frequency Identification ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Wireless Channel ◽  
Privacy And Security ◽  
Ownership Transfer ◽  
Data Capturing ◽  
Mutual Authentication Protocol ◽  
Transfer Stage

Radio frequency identification (RFID) technology is being used widely in the last few years. Its applications classifies into auto identification and data capturing issues. The purpose of this paper is to design and implement RFID active tags and reader using microcontroller ATmega328 and 433 MHz RF links. The paper also includes a proposed mutual authentication protocol between RFID reader and active tags with ownership transfer stage. Our protocol is a mutual authentication protocol with tag’s identifier updating mechanism. The updating mechanism has the purpose of providing forward security which is important in any authentication protocol to prevent the attackers from tracking the past transactions of the compromised tags. The proposed protocol gives the privacy and security against all famous attacks that RFID system subjected for due to the transfer of data through unsecure wireless channel, such as replay, denial of service, tracking and cloning attacks. It also ensures ownership privacy when the ownership of the tag moves to a new owner.

scholarly journals Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2057
Author(s):  
Yongho Ko ◽  
Jiyoon Kim ◽  
Daniel Gerbi Duguma ◽  
Philip Virgil Astillo ◽  
Ilsun You ◽  
...  
Keyword(s):  
Performance Evaluation ◽  
Secure Communication ◽  
Communication Protocol ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Information Leakage ◽  
Security Protocol ◽  
Security Requirements ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

scholarly journals Cryptanalysis of ultralightweight mutual authentication protocol for radio frequency identification enabled Internet of Things networks

2018 ◽  
Vol 14 (8) ◽  
pp. 155014771879512 ◽  
Author(s):  
Madiha Khalid ◽  
Umar Mujahid ◽  
Muhammad Najam-ul-Islam
Keyword(s):  
Internet Of Things ◽  
Radio Frequency ◽  
Radio Frequency Identification ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Wireless Channel ◽  
Frequency Identification ◽  
Mutual Authentication Protocol ◽  
Attack Models ◽  
Internet Of Thing

Internet of Things is one of the most important components of modern technological systems. It allows the real time synchronization and connectivity of devices with each other and with the rest of the world. The radio frequency identification system is used as node identification mechanism in the Internet of Thing networks. Since Internet of Things involve wireless channel for communication that is open for all types of malicious adversaries, therefore many security protocols have been proposed to ensure encryption over wireless channel. To reduce the overall cost of radio frequency identification enabled Internet of Thing network security, the researchers use simple bitwise logical operations such as XOR, AND, OR, and Rot and have proposed many ultralightweight mutual authentication protocols. However, almost all the previously proposed protocols were later found to be vulnerable against several attack models. Recently, a new ultralightweight mutual authentication protocol has been proposed which involves only XOR and Rotation functions in its design and claimed to be robust against all possible attack models. In this article, we have performed cryptanalysis of this recently proposed ultralightweight mutual authentication protocol and found many pitfalls and vulnerabilities in the protocol design. We have exploited weak structure of the protocol messages and proposed three attacks against the said protocol: one desynchronization and two full disclosure attacks.

Sign in / Sign up

Export Citation Format

Share Document