Improved Authenticated Key Agreement Scheme for Fog-Driven IoT Healthcare System

The Internet of things (IoT) has been widely used for various applications including medical and transportation systems, among others. Smart medical systems have become the most effective and practical solutions to provide users with low-cost, noninvasive, and long-term continuous health monitoring. Recently, Jia et al. proposed an authentication and key agreement scheme for smart medical systems based on fog computing and indicated that it is safe and can withstand a variety of known attacks. Nevertheless, we found that it consists of several flaws, including known session-specific temporary information attacks and lack of per-verification. The opponent can readily recover the session key and user identity. In this paper, we propose a secure authentication and key agreement scheme, which compensates for the imperfections of the previously proposed. For a security evaluation of the proposed authentication scheme, informal security analysis and the Burrows–Abadi–Needham (BAN) logic analysis are implemented. In addition, the ProVerif tool is used to normalize the security verification of the scheme. Finally, the performance comparisons with the former schemes show that the proposed scheme is more applicable and secure.

Download Full-text

SALMAKA: Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme for WBAN

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327910999200507124851 ◽

2020 ◽

Vol 10 ◽

Cited By ~ 4

Author(s):

Bhawna Narwal ◽

Amar Kumar Mohapatra

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Internet Security ◽

Communication Process ◽

Security Evaluation ◽

Session Key ◽

Efficient Manner ◽

Authentication And Key Agreement ◽

Processing Cost ◽

And Performance

Background: It is paramount to secure the healthcare system from unauthorized users and security attacks through appropriate security mechanisms as a break in communication process leads to leaked or blurred messages, which is totally unacceptable. Moreover, mutual authentication is a core requirement for privacy protection as it is paramount to control who is accessing the sensed data and whether they are authenticated or not. In addition to this, energy efficiency is a major issue to be dealt with. Objective: After examination of the present related schemes, we proposed a novel Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology; where the scheme mutually authenticates the sensing nodes with the controller node in an anonymous, energy efficient manner and establishes session key securely. Method: To corroborate the accuracy of the proposed scheme, Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator are used. Apart from this, informal security evaluation is also performed in detail. Results: To exhibit the practical application and performance of the proposed scheme, it is compared with the existing related schemes and the results reveal that the proposed scheme reduces energy consumption, processing cost and processing time significantly. Conclusion: A Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology is propounded.

Download Full-text

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

10.21203/rs.3.rs-262554/v1 ◽

2021 ◽

Author(s):

Shubham Gupta ◽

Balu L. Parne ◽

Narendra S. Chaudhari ◽

Sandeep Saxena

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Base Station ◽

Security Evaluation ◽

Communication Overhead ◽

Session Key ◽

Handover Authentication ◽

Authentication And Key Agreement ◽

Security Proof ◽

5G Network

Abstract Recently, the Third Generation Partnership Project (3GPP) has initiated to work in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication methodologies available in the literature and identify the security vulnerabilities such as violation of global base-station, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy efficient mobile devices in 5G network. To overcome these concerns, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by random oracle model to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication property, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties. Moreover, the performance evaluation of the earlier 5G handover protocols and proposed SEAI protocol is carried out. From the evaluations, the significant results are obtained based on computation, transmission, and communication overhead.

Download Full-text

A machine learning-based scheme for the security analysis of authentication and key agreement protocols

Neural Computing and Applications ◽

10.1007/s00521-018-3929-8 ◽

2018 ◽

Vol 32 (22) ◽

pp. 16819-16831 ◽

Cited By ~ 5

Author(s):

Zhuo Ma ◽

Yang Liu ◽

Zhuzhu Wang ◽

Haoran Ge ◽

Meng Zhao

Keyword(s):

Machine Learning ◽

Key Agreement ◽

Security Analysis ◽

Authentication And Key Agreement ◽

Agreement Protocols

Download Full-text

An Enhanced Lightweight Dynamic Pseudonym Identity Based Authentication and Key Agreement Scheme Using Wireless Sensor Networks for Agriculture Monitoring

Sensors ◽

10.3390/s19051146 ◽

2019 ◽

Vol 19 (5) ◽

pp. 1146 ◽

Cited By ~ 3

Author(s):

Meriske Chen ◽

Tian-Fu Lee ◽

Jiann-I Pan

Keyword(s):

Key Agreement ◽

Raw Materials ◽

Denial Of Service ◽

Modern Technology ◽

User Privacy ◽

Session Key ◽

Authentication And Key Agreement ◽

Monitoring Process ◽

Perfect Forward Secrecy ◽

Enhance Efficiency

Agriculture plays an important role for many countries. It provides raw materials for foodand provides large employment opportunities for people in the country, especially for countrieswith a dense population. To enhance agriculture productivity, modern technology such as wirelesssensor networks (WSNs) can be utilized to help in monitoring important parameters in thwagricultural field such as temperature, light, soil moisture, etc. During the monitoring process, ifsecurity compromises happen, such as interception or modification of the parameters, it may leadto false decisions and bring damage to agriculture productivity. Therefore, it is very important todevelop secure authentication and key agreement for the system. Recently, Ali et al. proposed anauthentication and key agreement scheme using WSNs for agriculture monitoring. However, it failsto provide user untraceability, user anonymity, and session key security; it suffers from sensor nodeimpersonation attack and perfect forward secrecy attack; and even worse has denial of service as aservice. This study discusses these limitations and proposes a new secure and more efficientauthentication and key agreement scheme for agriculture monitoring using WSNs. The proposedscheme utilizes dynamic pseudonym identity to guarantee user privacy and eliminates redundantcomputations to enhance efficiency.

Download Full-text

Security analysis for chaotic maps-based mutual authentication and key agreement using smart cards for wireless networks

Journal of Information and Optimization Sciences ◽

10.1080/02522667.2018.1470752 ◽

2019 ◽

Vol 40 (3) ◽

pp. 725-750 ◽

Cited By ~ 1

Author(s):

A. Shakiba

Keyword(s):

Wireless Networks ◽

Key Agreement ◽

Chaotic Maps ◽

Mutual Authentication ◽

Security Analysis ◽

Smart Cards ◽

Authentication And Key Agreement

Download Full-text

A Lightweight Three-Factor Authentication and Key Agreement Scheme in Wireless Sensor Networks for Smart Homes

Sensors ◽

10.3390/s19092012 ◽

2019 ◽

Vol 19 (9) ◽

pp. 2012 ◽

Cited By ~ 6

Author(s):

Sooyeon Shin ◽

Taekyoung Kwon

Keyword(s):

Smart Home ◽

Key Agreement ◽

Smart Homes ◽

Security Requirements ◽

Wireless Sensor ◽

Impersonation Attack ◽

Secret Key ◽

Session Key ◽

Authentication And Key Agreement ◽

Three Factor

A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our home life. For protecting WSNs for smart homes from those threats, authentication and key agreement are basic security requirements. There have been a large number of proposed authentication and key agreement scheme for WSNs. In 2017, Jung et al. proposed an efficient and security enhanced anonymous authentication with key agreement scheme by employing biometrics information as the third authentication factor. They claimed that their scheme resists on various security attacks and satisfies basic security requirements. However, we have discovered that Jung et al.’s scheme possesses some security weaknesses. Their scheme cannot guarantee security of the secret key of gateway node and security of session key and protection against user tracking attack, information leakage attack, and user impersonation attack. In this paper, we describe how those security weaknesses occur and propose a lightweight three-factor authentication and key agreement scheme in WSNs for smart homes, as an improved version of Jung et al.’s scheme. We then present a detailed analysis of the security and performance of the proposed scheme and compare the analysis results with other related schemes.

Download Full-text

A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

Symmetry ◽

10.3390/sym12010150 ◽

2020 ◽

Vol 12 (1) ◽

pp. 150 ◽

Cited By ~ 2

Author(s):

Yicheng Yu ◽

Liang Hu ◽

Jianfeng Chu

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Secure Communication ◽

Key Agreement ◽

Security Analysis ◽

Computing Environment ◽

Cloud Computing Environment ◽

Authentication And Key Agreement ◽

Insider Attack ◽

Cloud Servers

The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

Download Full-text