scholarly journals TC-PSLAP: Temporal Credential-Based Provably Secure and Lightweight Authentication Protocol for IoT-Enabled Drone Environments

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Zeeshan Ali ◽  
Bander A. Alzahrani ◽  
Ahmed Barnawi ◽  
Abdullah Al-Barakati ◽  
Pandi Vijayakumar ◽  
...  

In smart cities, common infrastructures are merged and integrated with various components of information communication and technology (ICT) to be coordinated and controlled. Drones (unmanned aerial vehicles) are amongst those components, and when coordinated with each other and with the environment, the drones form an Internet of Drones (IoD). The IoD provides real-time data to the users in smart cities by utilizing traditional cellular networks. However, the delicate data gathered by drones are subject to many security threats and give rise to numerous privacy and security issues. A robust and secure authentication scheme is required to allow drones and users to authenticate and establish a session key. In this article, we proposed a provably secure symmetric-key and temporal credential-based lightweight authentication protocol (TC-PSLAP) to secure the drone communication. We prove that the proposed scheme is provably secure formally through the automated verification tool AVISPA and Burrows–Abadi–Needham logic (BAN logic). Informal security analysis is also performed to depict that the proposed TC-PSLAP can resist known attacks.

2020 ◽  
Vol 10 (5) ◽  
pp. 1758 ◽  
Author(s):  
SungJin Yu ◽  
KiSung Park ◽  
JoonYoung Lee ◽  
YoungHo Park ◽  
YoHan Park ◽  
...  

With the development in wireless communication and low-power device, users can receive various useful services such as electric vehicle (EV) charging, smart building, and smart home services at anytime and anywhere in smart grid (SG) environments. The SG devices send demand of electricity to the remote control center and utility center (UC) to use energy services, and UCs handle it for distributing electricity efficiently. However, in SG environments, the transmitted messages are vulnerable to various attacks because information related to electricity is transmitted over an insecure channel. Thus, secure authentication and key agreement are essential to provide secure energy services for legitimate users. In 2019, Kumar et al. presented a secure authentication protocol for demand response management in the SG system. However, we demonstrate that their protocol is insecure against masquerade, the SG device stolen, and session key disclosure attacks and does not ensure secure mutual authentication. Thus, we propose a privacy-preserving lightweight authentication protocol for demand response management in the SG environments to address the security shortcomings of Kumar et al.’s protocol. The proposed protocol withstands various attacks and ensures secure mutual authentication and anonymity. We also evaluated the security features of the proposed scheme using informal security analysis and proved the session key security of proposed scheme using the ROR model. Furthermore, we showed that the proposed protocol achieves secure mutual authentication between the SG devices and the UC using Burrows–Abadi–Needham (BAN) logic analysis. We also demonstrated that our authentication protocol prevents man-in-the-middle and replay attacks utilizing AVISPA simulation tool and compared the performance analysis with other existing protocols. Therefore, the proposed scheme provides superior safety and efficiency other than existing related protocols and can be suitable for practical SG environments.


2022 ◽  
Vol 16 (1) ◽  
pp. 0-0

Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.


Author(s):  
Gyozo Gódor ◽  
Sándor Imre

Radio frequency identification technology is becoming ubiquitous and, as a side effect, more authentication solutions come to light, which include numerous security issues. The authors’ have previously introduced a solely hash-based secure authentication algorithm that is capable of providing protection against most of the well-known attacks, which performs exceptionally well in very large systems. In this paper, the authors give a detailed examination of small computational capacity systems from the point of view of security. This paper defines the model of attacker and the well-known attacks that can be achieved in these kinds of environments, as well as an illustration of the proposed protocol’s performance characteristics with measurements carried out in a simulation environment. This paper shows the effects of numerous attacks and the system’s different parameters on the authentication time while examining the performance and security characteristics of two other protocols chosen from the literature to compare the SLAP algorithm and give a proper explanation for the differences between them.


Drones ◽  
2021 ◽  
Vol 6 (1) ◽  
pp. 10
Author(s):  
Tsu-Yang Wu ◽  
Xinglan Guo ◽  
Yeh-Cheng Chen ◽  
Saru Kumari ◽  
Chien-Ming Chen

At present, the great progress made by the Internet of Things (IoT) has led to the emergence of the Internet of Drones (IoD). IoD is an extension of the IoT, which is used to control and manipulate drones entering the flight area. Now, the fifth-generation mobile communication technology (5G) has been introduced into the IoD; it can transmit ultra-high-definition data, make the drones respond to ground commands faster and provide more secure data transmission in the IoD. However, because the drones communicate on the public channel, they are vulnerable to security attacks; furthermore, drones can be easily captured by attackers. Therefore, to solve the security problem of the IoD, Hussain et al. recently proposed a three-party authentication protocol in an IoD environment. The protocol is applied to the supervision of smart cities and collects real-time data about the smart city through drones. However, we find that the protocol is vulnerable to drone capture attacks, privileged insider attacks and session key disclosure attacks. Based on the security of the above protocol, we designed an improved protocol. Through informal analysis, we proved that the protocol could resist known security attacks. In addition, we used the real-oracle random model and ProVerif tool to prove the security and effectiveness of the protocol. Finally, through comparison, we conclude that the protocol is secure compared with recent protocols.


2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Hui Zhang ◽  
Yuanyuan Qian ◽  
Qi Jiang

Wearable health monitoring systems (WHMSs) have become the most effective and practical solutions to provide users with low-cost, noninvasive, long-term continuous health monitoring. Authentication is one of the key means to ensure physiological information security and privacy. Although numerous authentication protocols have been proposed, few of them cater to crossdomain WHMSs. In this paper, we present an efficient and provably secure crossdomain multifactor authentication protocol for WHMSs. First, we propose a ticket-based authentication model for multidomain WHMSs. Specifically, a mobile device of one domain can request a ticket from the cloud server of another domain with which wearable devices are registered and remotely access the wearable devices with the ticket. Secondly, we propose a crossdomain three-factor authentication scheme based on the above model. Only a doctor who can present all three factors can request a legitimate ticket and use it to access the wearable devices. Finally, a comprehensive security analysis of the proposed scheme is carried out. In particular, we give a provable security analysis in the random oracle model. The comparisons of security and efficiency with the related schemes demonstrate that the proposed scheme is secure and practical.


2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Jiangheng Kou ◽  
Mingxing He ◽  
Ling Xiong ◽  
Zeqiong Lv

The multiserver architecture authentication (MSAA) protocol plays a significant role in achieving secure communications between devices. In recent years, researchers proposed many new MSAA protocols to gain more functionality and security. However, in the existing studies, registered users can access to all registered service providers in the system without any limitation. To ensure that the system can restrict users that are at different levels and can access to different levels of service providers, we propose a new lightweight hierarchical authentication protocol for multiserver architecture using a Merkle tree to verify user’s authentication right. The proposed protocol has hierarchical authentication functionality, high security, and reasonable computation and communication costs. Moreover, the security analysis demonstrates that the proposed protocol satisfies the security requirements in practical applications, and the proposed protocol is provably secure in the general security model.


2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Tsu-Yang Wu ◽  
Tao Wang ◽  
Yu-Qi Lee ◽  
Weimin Zheng ◽  
Saru Kumari ◽  
...  

The Internet of things (IoT) has been widely used for various applications including medical and transportation systems, among others. Smart medical systems have become the most effective and practical solutions to provide users with low-cost, noninvasive, and long-term continuous health monitoring. Recently, Jia et al. proposed an authentication and key agreement scheme for smart medical systems based on fog computing and indicated that it is safe and can withstand a variety of known attacks. Nevertheless, we found that it consists of several flaws, including known session-specific temporary information attacks and lack of per-verification. The opponent can readily recover the session key and user identity. In this paper, we propose a secure authentication and key agreement scheme, which compensates for the imperfections of the previously proposed. For a security evaluation of the proposed authentication scheme, informal security analysis and the Burrows–Abadi–Needham (BAN) logic analysis are implemented. In addition, the ProVerif tool is used to normalize the security verification of the scheme. Finally, the performance comparisons with the former schemes show that the proposed scheme is more applicable and secure.


2021 ◽  
Author(s):  
Muhammad Arslan Akram ◽  
Adnan Noor Mian

Abstract Due to the stringent computational capabilities of low-cost RFID tags, several lightweight secure authentication protocols have been proposed for an RFID-based supply chain using bitwise operations. In this paper, we study the vulnerabilities associated with bitwise operations by doing cryptanalysis of a secure lightweight authentication protocol for RFID tags. The bitwise operations like rotation and XOR show that the protocol is vulnerable to tag, reader, and supply chain node impersonation attacks. We find that the major cause of the vulnerability is bitwise operations and suggest using the physically unclonable functions rather than bitwise operations to secure such lightweight protocols.


Author(s):  
A. Denker

Abstract. The project of smart cities has emerged as a response to the challenges of twenty-first- century urbanization. Solutions to the fundamental conundrum of cities revolving around efficiency, convenience and security keep being sought by leveraging technology. Notwithstanding all the conveniences furnished by a smart city to all the citizens, privacy of a citizen is intertwined with the benefits of a smart city. The development processes which overlook privacy and security issues have left many of the smart city applications vulnerable to non-conventional security threats and susceptible to numerous privacy and personal data spillage risks. Among the challenges the smart city initiatives encounter, the emergence of the smartphone-big data-the cloud coalescence is perhaps the greatest, from the viewpoint of privacy and personal data protection. As our cities are getting digitalized, information comprising citizens' behavior, choices, and mobility, as well as their personal assets are shared over smartphone-big data-the cloud coalescences, thereby expanding cyber-threat surface and creating different security concerns. This coalescence refers to the practices of creating and analyzing vast sets of data, which comprise personal information. In this paper, the protection of privacy and personal data issues in the big data environment of smart cities are viewed through bifocal lenses, focusing on social and technical aspects. The protection of personal data and privacy in smart city enterprises is treated as a socio-technological operation where various actors and factors undertake different tasks. The article concludes by calling for novel developments, conceptual and practical changes both in technological and social realms.


Sign in / Sign up

Export Citation Format

Share Document