5G wireless P2MP backhaul security protocol: an adaptive approach

Jiyoon Kim; Gaurav Choudhary; Jaejun Heo; Daniel Gerbi Duguma; Ilsun You

doi:10.1186/s13638-019-1592-0

5G wireless P2MP backhaul security protocol: an adaptive approach

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-019-1592-0 ◽

2019 ◽

Vol 2019 (1) ◽

Author(s):

Jiyoon Kim ◽

Gaurav Choudhary ◽

Jaejun Heo ◽

Daniel Gerbi Duguma ◽

Ilsun You

Keyword(s):

Security Policy ◽

Mutual Authentication ◽

Access Network ◽

Security Analysis ◽

Key Exchange ◽

Security Protocol ◽

Transport Layer ◽

Security Requirements ◽

Key Update ◽

Security Standards

Abstract5G has introduced various emerging demands for new services and technologies that raised the bar for quality of service, latency, handovers, and data rates. Such diverse and perplexing network requirements bring numerous issues, among which security stands in the first row. The backhaul, which can be implemented as a wired or wireless solution, serves as a bridge between the radio access and core networks assuring connectivity to end users. The recent trends in backhaul usage rely on wireless technologies implemented using point-to-point (PTP) or point-to-multipoint (P2MP) configurations. Unfortunately, due to the nature of the transmission medium, the wireless backhaul is vulnerable and exposed to more various security threats and attacks than the wired one. In order to protect the backhaul, there have been several researches, whose authentication and key exchange scheme mainly depends on the existing security standards such as transport layer security (TLS), Internet Key Exchange version 1 (IKEv1), IKEv2, Host Identity Protocol (HIP), and Authentication and Key Agreement (AKA). However, such security standards cannot completely fulfil the security requirements including security policy update, key update, and balancing between security and efficiency, which are necessary for the emerging 5G networks. This is basically the motive behind why we study and propose a new security protocol for the backhaul link of wireless access network based on P2MP model. The proposed protocol is designed to be 5G-aware, and provides mutual authentication, perfect forward secrecy, confidentiality, integrity, secure key exchange, security policy update, key update, and balancing trade-off between efficiency and security while preventing resource exhaustion attacks. The protocol’s correctness is formally verified by the well-known formal security analysis tools: BAN-logic and Scyther. Moreover, the derived lemmas prove that the security requirements are satisfied. Finally, from a comparison analysis, it is shown that the proposed protocol is better than other standard protocols.

Get full-text (via PubEx)

Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽

10.3390/s21062057 ◽

2021 ◽

Vol 21 (6) ◽

pp. 2057

Author(s):

Yongho Ko ◽

Jiyoon Kim ◽

Daniel Gerbi Duguma ◽

Philip Virgil Astillo ◽

Ilsun You ◽

...

Keyword(s):

Performance Evaluation ◽

Secure Communication ◽

Communication Protocol ◽

Denial Of Service ◽

Mutual Authentication ◽

Information Leakage ◽

Security Protocol ◽

Security Requirements ◽

Forward Secrecy ◽

Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

Get full-text (via PubEx)

RFID Mutual Authentication Protocols based on Gene Mutation and Transfer

Journal of Communications Software and Systems ◽

10.24138/jcomss.v9i1.157 ◽

2013 ◽

Vol 9 (1) ◽

pp. 44 ◽

Cited By ~ 1

Author(s):

Raghav V. Sampangi ◽

Srinivas Sampalli

Keyword(s):

Gene Mutation ◽

Radio Frequency Identification ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Rfid Tags ◽

Simulation Studies ◽

Frequency Identification ◽

Dynamic Updates ◽

Mutual Authentication Protocol

Radio Frequency Identification (RFID) is a technology that is very popular due to the simplicity in its technology and high adaptability in a variety of areas. The simplicity in the technology, however, comes with a caveat – RFID tags have severe resource restrictions, which make them vulnerable to a range of security attacks. Such vulnerability often results in the loss of privacy of the tag owner and other attacks on tags. Previous research in RFID security has mainly focused on authenticating entities such as readers / servers, which communicate with the tag. Any security mechanism is only as strong as the encryption keys used. Since RFID communication is wireless, critical messages such as key exchange messages are vulnerable to attacks. Therefore, we present a mutual authentication protocol that relies on independent generation and dynamic updates of encryption keys thereby removing the need for key exchange, which is based on the concept of gene mutation and transfer. We also present an enhanced version of this protocol, which improves the security offered by the first protocol. The novelty of the proposed protocols is in the independent generation, dynamic and continuous updates of encryption keys and the use of the concept of gene mutation / transfer to offer mutual authentication of the communicating entities. The proposed protocols are validated by simulation studies and security analysis.

Get full-text (via PubEx)

A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch003 ◽

2013 ◽

pp. 35-51

Author(s):

Ioana Lasc ◽

Reiner Dojen ◽

Tom Coffey

Keyword(s):

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Service Condition ◽

Satellite Communications ◽

Authentication Protocol ◽

Security Protocol ◽

New Type ◽

Mobile Satellite ◽

Mutual Authentication Protocol

Many peer-to-peer security protocols proposed for wireless communications use one-time shared secrets for authentication purposes. This paper analyses online update mechanisms for one-time shared secrets. A new type of attack against update mechanisms, called desynchronisation attack, is introduced. This type of attack may lead to a permanent denial of service condition. A case study demonstrates the effectiveness of desynchronisation attacks against a security protocol for mobile satellite communications. A new mutual authentication protocol for satellite communications, incorporating a resynchronisation capability, is proposed to counter the disruptive effects of desynchronisation attacks. The new protocol has an esynchronisation phase that is initiated whenever desynchronisation is suspected. Thus, the possibility of causing permanent denial of service conditions by mounting desynchronisation attacks is eliminated. A security analysis of the proposed protocol establishes its resistance against attacks like replay attacks, dictionary attacks, and desynchronisation attacks.

Get full-text (via PubEx)

A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

Applied Sciences ◽

10.3390/app10103565 ◽

2020 ◽

Vol 10 (10) ◽

pp. 3565 ◽

Cited By ~ 3

Author(s):

SungJin Yu ◽

JoonYoung Lee ◽

YoHan Park ◽

YoungHo Park ◽

SangWoo Lee ◽

...

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Internet Security ◽

Mobile Technologies ◽

Security Requirements ◽

Replay Attacks ◽

Global Mobility ◽

Global Mobility Networks ◽

Three Factor

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

Get full-text (via PubEx)

A Novel RLWE-Based Anonymous Mutual Authentication Protocol for Space Information Network

Security and Communication Networks ◽

10.1155/2020/5167832 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Junyan Guo ◽

Ye Du

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Real Life ◽

Public Key Cryptography ◽

Wireless Channel ◽

Base Stations ◽

Security Requirements ◽

Information Network ◽

Privacy And Security ◽

Space Information Network

Currently, space information network (SIN) has become an increasingly important role in real life. As a large heterogeneous wireless network, SIN can better provide global mobile services to users anytime and anywhere, even in extreme geographic environments. In addition, there is no need to build the communication base-stations every few kilometers on the ground to ensure high service quality, which greatly reduces the construction costs and can be used as an economical communication method in sparsely populated areas. So there is a trend that more and more end users are more likely to get SIN services than traditional terrestrial cellular networks. However, due to the openness and publicity of the satellite wireless channel and the limited resources of the satellite nodes, the privacy and security cannot be perfectly guaranteed and may even be vulnerable to attacks initiated by the adversary such as replay attacks, impersonation attacks, and eavesdropping attacks. To improve the access security of SIN, researchers have proposed a series of authentication protocols based on different cryptographic assumptions. Nevertheless, existing research shows that these protocols cannot meet the requirements of higher and higher security and short authentication delay. In addition, these protocols are mainly based on public key cryptography mechanisms such as DLP and ECDLP, which can be solved by postquantum computers in polynomial time, so these protocols will no longer be secure. To solve the vulnerability of these protocols, in this paper, we propose a new RLWE-based anonymous mutual authentication and key agreement protocol, which guarantees higher security with low computational overhead even in the postquantum era. Detailed security analysis shows that our protocol meets security requirements and is resistant to a variety of known attacks. Besides, combining security comparison and performance analysis, our proposed protocol is more practical than other protocols in SIN.

Get full-text (via PubEx)

Unlinkable Affiliation-Hiding Authenticated Key Exchange

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.467-469.640 ◽

2011 ◽

Vol 467-469 ◽

pp. 640-644

Author(s):

Yong Ding ◽

Bin Li ◽

Zheng Tao Jiang

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Public Key ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Authentication And Key Agreement ◽

Other Information ◽

Authenticated Key Exchange Protocol

Affiliation-hiding authenticated key exchange protocol, also called secret handshake, makes two parties from the same organization realize mutual authentication and key agreement via public key certificates without leaking the organization information to any others. Moreover, if the peer involved in the protocol is not from the same group, no any information of the affiliation can be known. In previous secret handshakes protocols, there is a problem which is linkability. That is to say, two activities of the same people can be associated by the attackers. It is not desirable for privacy because the association may deduce it’s affiliation with some other information. In this paper, an unlinkable affiliation-hiding authenticated key exchange protocol is brought out to conquer the linkability. Security analysis is given finally.

Get full-text (via PubEx)

SKINNY-Based RFID Lightweight Authentication Protocol

Sensors ◽

10.3390/s20051366 ◽

2020 ◽

Vol 20 (5) ◽

pp. 1366 ◽

Cited By ~ 2

Author(s):

Liang Xiao ◽

He Xu ◽

Feng Zhu ◽

Ruchuan Wang ◽

Peng Li

Keyword(s):

Radio Frequency Identification ◽

Low Cost ◽

Rapid Development ◽

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Security Requirements ◽

Iot Devices ◽

Lightweight Authentication

With the rapid development of the Internet of Things and the popularization of 5G communication technology, the security of resource-constrained IoT devices such as Radio Frequency Identification (RFID)-based applications have received extensive attention. In traditional RFID systems, the communication channel between the tag and the reader is vulnerable to various threats, including denial of service, spoofing, and desynchronization. Thus, the confidentiality and integrity of the transmitted data cannot be guaranteed. In order to solve these security problems, in this paper, we propose a new RFID authentication protocol based on a lightweight block cipher algorithm, SKINNY, (short for LRSAS). Security analysis shows that the LRSAS protocol guarantees mutual authentication and is resistant to various attacks, such as desynchronization attacks, replay attacks, and tracing attacks. Performance evaluations show that the proposed solution is suitable for low-cost tags while meeting security requirements. This protocol reaches a balance between security requirements and costs.

Get full-text (via PubEx)

Lightweight Payload Encryption-Based Authentication Scheme for Advanced Metering Infrastructure Sensor Networks

Sensors ◽

10.3390/s22020534 ◽

2022 ◽

Vol 22 (2) ◽

pp. 534

Author(s):

Nasr Abosata ◽

Saba Al-Rubaye ◽

Gokhan Inalhan

Keyword(s):

Mutual Authentication ◽

Authentication Scheme ◽

Transport Layer ◽

Security Requirements ◽

Security And Privacy ◽

Smart Sensors ◽

Consumption Pattern ◽

Advanced Metering Infrastructure ◽

Distributed Sensors ◽

Advanced Metering

The Internet of Things (IoT) connects billions of sensors to share and collect data at any time and place. The Advanced Metering Infrastructure (AMI) is one of the most important IoT applications. IoT supports AMI to collect data from smart sensors, analyse and measure abnormalities in the energy consumption pattern of sensors. However, two-way communication in distributed sensors is sensitive and tends towards security and privacy issues. Before deploying distributed sensors, data confidentiality and privacy and message authentication for sensor devices and control messages are the major security requirements. Several authentications and encryption protocols have been developed to provide confidentiality and integrity. However, many sensors in distributed systems, resource constraint smart sensors, and adaptability of IoT communication protocols in sensors necessitate designing an efficient and lightweight security authentication scheme. This paper proposes a Payload Encryption-based Optimisation Scheme for lightweight authentication (PEOS) on distributed sensors. The PEOS integrates and optimises important features of Datagram Transport Layer Security (DTLS) in Constrained Application Protocol (CoAP) architecture instead of implementing the DTLS in a separate channel. The proposed work designs a payload encryption scheme and an Optimised Advanced Encryption Standard (OP-AES). The PEOS modifies the DTLS handshaking and retransmission processes in PEOS using payload encryption and NACK messages, respectively. It also removes the duplicate features of the protocol version and sequence number without impacting the performance of CoAP. Moreover, the PEOS attempts to improve the CoAP over distributed sensors in the aspect of optimised AES operations, such as parallel execution of S-boxes in SubBytes and delayed Mixcolumns. The efficiency of PEOS authentication is evaluated on Conitki OS using the Cooja simulator for lightweight security and authentication. The proposed scheme attains better throughput while minimising the message size overhead by 9% and 23% than the existing payload-based mutual authentication PbMA and basic DTLS/CoAP scheme in random network topologies with less than 50 nodes.

Get full-text (via PubEx)

Secure Message Transmission for V2V Based on Mutual Authentication for VANETs

Wireless Communications and Mobile Computing ◽

10.1155/2021/3400558 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Jabar Mahmood ◽

Zongtao Duan ◽

Heng Xue ◽

Yun Yang ◽

Michael Abebe Berwo ◽

...

Keyword(s):

Privacy Preservation ◽

Vehicular Ad Hoc Networks ◽

Mutual Authentication ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Transmission Scheme ◽

Message Transmission ◽

And Performance ◽

Secure Message Transmission

The advancements in Vehicular Ad Hoc Networks (VANETs) require more intelligent security protocols that ultimately provide unbreakable security to vehicles and other components of VANETs. VANETs face various types of security pitfalls due to the openness characteristics of the VANET communication infrastructure. Researchers have recently proposed different mutual authentication schemes that address security and privacy issues in vehicle-to-vehicle (V2V) communication. However, some V2V security schemes suffer from inadequate design and are hard to implement practically. In addition, some schemes face vehicle traceability and lack anonymity. Hence, this paper’s primary goal is to enhance privacy preservation through mutual authentication and to achieve better security and performance. Therefore, this article first describes the vulnerabilities of a very recent authentication scheme presented by Vasudev et al. Our analysis proves that the design of Vasudev et al.’s scheme is incorrect, and resultantly, the scheme does not provide mutual authentication between a vehicle and vehicle server when multiple vehicles are registered with the vehicle sever. Furthermore, this paper proposes a secure message transmission scheme for V2V in VANETs. The proposed scheme fulfills the security and performance requirements of VANETs. The security analysis of the proposed scheme using formal BAN and informal discussion on security features confirm that the proposed scheme fulfills the security requirements, and the performance comparisons show that the proposed scheme copes with the lightweightness requirements of VANETs.

Get full-text (via PubEx)

MAKE-IT—A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things

Sensors ◽

10.3390/s20185166 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5166 ◽

Cited By ~ 2

Author(s):

Karanjeet Choudhary ◽

Gurjot Singh Gaba ◽

Ismail Butun ◽

Pardeep Kumar

Keyword(s):

Internet Of Things ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Efficient Computation ◽

Secret Key ◽

Industrial Internet Of Things ◽

Key Exchange Protocol ◽

Security Issues ◽

Industrial Internet

Continuous development of the Industrial Internet of Things (IIoT) has opened up enormous opportunities for the engineers to enhance the efficiency of the machines. Despite the development, many industry administrators still fear to use Internet for operating their machines due to untrusted nature of the communication channel. The utilization of internet for managing industrial operations can be widespread adopted if the authentication of the entities are performed and trust is ensured. The traditional schemes with their inherent security issues and other complexities, cannot be directly deployed to resource constrained network devices. Therefore, we have proposed a strong mutual authentication and secret key exchange protocol to address the vulnerabilities of the existing schemes. We have used various cryptography operations such as hashing, ciphering, and so forth, for providing secure mutual authentication and secret key exchange between different entities to restrict unauthorized access. Performance and security analysis clearly demonstrates that the proposed work is energy efficient (computation and communication inexpensive) and more robust against the attacks in comparison to the traditional schemes.

Get full-text (via PubEx)