SALMAKA: Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme for WBAN

2020 ◽  
Vol 10 ◽  
Author(s):  
Bhawna Narwal ◽  
Amar Kumar Mohapatra
Keyword(s):  
Key Agreement ◽  
Mutual Authentication ◽  
Internet Security ◽  
Communication Process ◽  
Security Evaluation ◽  
Session Key ◽  
Efficient Manner ◽  
Authentication And Key Agreement ◽  
Processing Cost ◽  
And Performance

Background: It is paramount to secure the healthcare system from unauthorized users and security attacks through appropriate security mechanisms as a break in communication process leads to leaked or blurred messages, which is totally unacceptable. Moreover, mutual authentication is a core requirement for privacy protection as it is paramount to control who is accessing the sensed data and whether they are authenticated or not. In addition to this, energy efficiency is a major issue to be dealt with. Objective: After examination of the present related schemes, we proposed a novel Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology; where the scheme mutually authenticates the sensing nodes with the controller node in an anonymous, energy efficient manner and establishes session key securely. Method: To corroborate the accuracy of the proposed scheme, Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator are used. Apart from this, informal security evaluation is also performed in detail. Results: To exhibit the practical application and performance of the proposed scheme, it is compared with the existing related schemes and the results reveal that the proposed scheme reduces energy consumption, processing cost and processing time significantly. Conclusion: A Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology is propounded.

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

2021 ◽  
Author(s):  
Shubham Gupta ◽  
Balu L. Parne ◽  
Narendra S. Chaudhari ◽  
Sandeep Saxena
Keyword(s):  
Key Agreement ◽  
Mutual Authentication ◽  
Base Station ◽  
Security Evaluation ◽  
Communication Overhead ◽  
Session Key ◽  
Handover Authentication ◽  
Authentication And Key Agreement ◽  
Security Proof ◽  
5G Network

Abstract Recently, the Third Generation Partnership Project (3GPP) has initiated to work in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication methodologies available in the literature and identify the security vulnerabilities such as violation of global base-station, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy efficient mobile devices in 5G network. To overcome these concerns, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by random oracle model to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication property, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties. Moreover, the performance evaluation of the earlier 5G handover protocols and proposed SEAI protocol is carried out. From the evaluations, the significant results are obtained based on computation, transmission, and communication overhead.

scholarly journals A lightweight authentication and key agreement scheme for smart grid

2017 ◽  
Vol 13 (2) ◽  
pp. 155014771769417 ◽  
Author(s):  
Lili Yan ◽  
Yan Chang ◽  
Shibin Zhang
Keyword(s):  
Smart Grid ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Special Importance ◽  
Advanced Metering Infrastructure ◽  
Electrical Grid ◽  
Authentication And Key Agreement ◽  
And Performance ◽  
Advanced Metering ◽  
Lightweight Authentication

Smart grid is a modernized electrical grid. It is used to collect information about behaviors of suppliers and consumers and improve the efficiency, reliability, and economics of electricity. Recently, advanced metering infrastructure is proposed as a critical part of the smart grid. The security of advanced metering infrastructure is special importance for smart grid. In order to achieve data confidentiality, privacy, and authentication in advanced metering infrastructure, a lightweight authentication and key agreement scheme is proposed in this article. The scheme provides mutual authentication, key agreement, key refreshment, and multicast mechanism which can prevent various attacks. Furthermore, we analyze the security and performance of the scheme. The analysis shows that the proposed scheme is suitable for smart grid.

scholarly journals Improved Authenticated Key Agreement Scheme for Fog-Driven IoT Healthcare System

2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Tsu-Yang Wu ◽  
Tao Wang ◽  
Yu-Qi Lee ◽  
Weimin Zheng ◽  
Saru Kumari ◽  
...  
Keyword(s):  
Key Agreement ◽  
Low Cost ◽  
Fog Computing ◽  
Security Analysis ◽  
Transportation Systems ◽  
Security Evaluation ◽  
Medical Systems ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Secure Authentication

The Internet of things (IoT) has been widely used for various applications including medical and transportation systems, among others. Smart medical systems have become the most effective and practical solutions to provide users with low-cost, noninvasive, and long-term continuous health monitoring. Recently, Jia et al. proposed an authentication and key agreement scheme for smart medical systems based on fog computing and indicated that it is safe and can withstand a variety of known attacks. Nevertheless, we found that it consists of several flaws, including known session-specific temporary information attacks and lack of per-verification. The opponent can readily recover the session key and user identity. In this paper, we propose a secure authentication and key agreement scheme, which compensates for the imperfections of the previously proposed. For a security evaluation of the proposed authentication scheme, informal security analysis and the Burrows–Abadi–Needham (BAN) logic analysis are implemented. In addition, the ProVerif tool is used to normalize the security verification of the scheme. Finally, the performance comparisons with the former schemes show that the proposed scheme is more applicable and secure.

scholarly journals Formal security analysis of lightweight authenticated key agreement protocol for IoT in cloud computing

2021 ◽  
Vol 24 (1) ◽  
pp. 621
Author(s):  
Ahmed H. Aly ◽  
Atef Ghalwash ◽  
Mona M. Nasr ◽  
Ahmed A. Abd-El Hafez
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Internet Security ◽  
Cyber Attacks ◽  
Session Key ◽  
Sensitive Data ◽  
Processing Power ◽  
Iot Devices

The internet of things (IoT) and cloud computing are evolving technologies in the information technology field. Merging the pervasive IoT technology with cloud computing is an innovative solution for better analytics and decision-making. Deployed IoT devices offload different types of data to the cloud, while cloud computing converges the infrastructure, links up the servers, analyzes information obtained from the IoT devices, reinforces processing power, and offers huge storage capacity. However, this merging is prone to various cyber threats that affect the IoT-Cloud environment. Mutual authentication is considered as the forefront mechanism for cyber-attacks as the IoT-Cloud participants have to ensure the authenticity of each other and generate a session key for securing the exchanged traffic. While designing these mechanisms, the constrained nature of the IoT devices must be taken into consideration. We proposed a novel lightweight protocol (Light-AHAKA) for authenticating IoT-Cloud elements and establishing a key agreement for encrypting the exchanged sensitive data was proposed. In this paper, the formal verification of (Light-AHAKA) was presented to prove and verify the correctness of our proposed protocol to ensure that the protocol is free from design flaws before the deployment phase. The verification is performed based on two different approaches, the strand space model and the automated validation of internet security protocols and applications (AVISPA) tool.

scholarly journals Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing

2020 ◽  
Vol 10 (18) ◽  
pp. 6268
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
MyeongHyun Kim ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Malicious Attacks ◽  
Session Key ◽  
Vehicular Cloud Computing ◽  
Vehicular Cloud ◽  
Man In The Middle

With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.

scholarly journals An Extended Chaotic Map-Based Authentication and Key Agreement Scheme for Multi-Server Environment

Mathematics ◽  
2021 ◽  
Vol 9 (8) ◽  
pp. 798
Author(s):  
Yicheng Yu ◽  
Oliver Taylor ◽  
Rui Li ◽  
Baiho Sunagawa
Keyword(s):  
Secure Communication ◽  
Key Agreement ◽  
Chaotic Map ◽  
Mutual Authentication ◽  
Network Services ◽  
Authentication And Key Agreement ◽  
Key Agreement Protocol ◽  
And Performance ◽  
Multi Server ◽  
Three Factor

With the increasing number of users and the emergence of different types of network services, a multi-server architecture has emerged in recent years. In order to ensure the secure communication of Internet participants in an open network environment, the authentication and key agreement protocol for multi-server architectures were proposed in the past. In 2018, Chatterjee et al. put forward a lightweight three-factor authentication and key agreement protocol for a multi-server environment, and they claimed that all known security features with satisfactory performance could be realized in their protocol. However, it is found that their scheme is vulnerable to user impersonation attacks and cannot achieve user un-traceability and three-factor security through our cryptanalysis. In order to solve these shortcomings, we propose a new lightweight and anonymous three-factor authentication scheme for the multi-server environment in this article. Furthermore, the proposed protocol is proved to be AKE secure theoretically, and we use BAN-logic to prove that our protocol realizes mutual authentication between communication participants. Finally, we show that our proposed scheme is practical and efficient through the comparison of security features and performance.

scholarly journals Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Younsung Choi ◽  
Junghyun Nam ◽  
Donghoon Lee ◽  
Jiye Kim ◽  
Jaewook Jung ◽  
...  
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Smart Cards ◽  
Security Requirements ◽  
Impersonation Attack ◽  
Single Server ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Sign in / Sign up

Export Citation Format

Share Document