Secure MQTT PUF-Based Key Exchange Protocol for Smart Healthcare

Replay and eavesdropping attacks threaten the information security that is held by smart healthcare devices. An authenticated key exchange method to provide cryptography sessions is the best way to provide information security and secure authentication. However, smart healthcare devices do not have sufficient computation to perform heavy cryptography processes due to the limitations of the embedded devices used. We propose an authenticated key exchange protocol based on a physical unclonable function (PUF). The proposed protocol aimed to countermeasure from replay and eavesdropping attacks. We designed our protocol with one handshake process and three authentication processes. We evaluated our proposed protocol using Tamarin Prover. From the results of the evaluation, our proposed protocol can exchange properties correctly between communication actors and is valid in proving each lemma in eavesdropping and replay attacks.

Download Full-text

A New Password- and Position-Based Authenticated Key Exchange

Security and Communication Networks ◽

10.1155/2021/6613392 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Jia Fan ◽

Lanfei Qiao ◽

Yunfei Cao ◽

Shanglin Liu ◽

Wenke Zhang ◽

...

Keyword(s):

Unmanned Aerial Vehicles ◽

Key Exchange ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Position Information ◽

Popular Method ◽

Aerial Vehicles ◽

Aerial Vehicle ◽

Secure Authentication ◽

The Military

Password-based authenticated key exchange is a popular method for secure authentication and key exchange. With the wide application of unmanned aerial vehicles, position information has also become an important factor in authentication. In this paper, we present a new key exchange protocol, which firstly realizes dual authentication for both password and position, and we propose two applicable scenarios for the PPAKE mechanism: one is unmanned aerial vehicle authentication, and the other one is authentication in the military base. By adding position authentication, the reliability of authentication has improved, and the difficulty of adversarial attacks also increases. Any arbitrary adversary who can listen, tamper, and send messages can only perform an online attack for password guessing at a specified position. Finally, we provide security proofs under the defined model.

Download Full-text

A Note on an Enhanced Three-Party Authentication Key Exchange Protocol

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.439-440.1367 ◽

2010 ◽

Vol 439-440 ◽

pp. 1367-1372 ◽

Cited By ~ 1

Author(s):

Zuo Wen Tan

Keyword(s):

Digital Signature ◽

Elliptic Curve Cryptography ◽

Denial Of Service ◽

Key Exchange ◽

Signature Scheme ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Replay Attacks ◽

Resource Limited ◽

Digital Signature Scheme

Recently, Chen et al. proposed an efficient three-party encrypted key exchange protocol based upon Schnorr’s digital signature scheme with fewer rounds. However, J.H. Yang and C. C. Chang showed that Chen et al.’s protocol still has the high computation cost and communication cost. Moreover, Chen et al.’s protocol suffers from stolen-verifier attacks. Then J.H. Yang and C. C. Chang proposed a three-party authenticated key exchange protocol without password by using elliptic curve cryptography. Their improved protocol requires smaller transmitted message size and less communication times, which is well suitable for resource-limited environments such as mobile communication and mobile commerce. Unfortunately, we find that Yang et al.’s protocol is vulnerable to replay attacks, denial-of-Service attacks and impersonation attacks.

Download Full-text