An Authentication and Secure Communication Scheme for In-Vehicle Networks Based on SOME/IP

The rapid development of intelligent networked vehicles (ICVs) has brought many positive effects. Unfortunately, connecting to the outside exposes ICVs to security threats. Using secure protocols is an important approach to protect ICVs from hacker attacks and has become a hot research area for vehicle security. However, most of the previous studies were carried out on V2X networks, while those on in-vehicle networks (IVNs) did not involve Ethernet. To this end, oriented to the new IVNs based on Ethernet, we designed an efficient secure scheme, including an authentication scheme using the Scalable Service-Oriented Middleware over IP (SOME/IP) protocol and a secure communication scheme modifying the payload field of the original SOME/IP data frame. The security analysis shows that the designed authentication scheme can provide mutual identity authentication for communicating parties and ensure the confidentiality of the issued temporary session key; the designed authentication and secure communication scheme can resist the common malicious attacks conjointly. The performance experiments based on embedded devices show that the additional overhead introduced by the secure scheme is very limited. The secure scheme proposed in this article can promote the popularization of the SOME/IP protocol in IVNs and contribute to the secure communication of IVNs.

Download Full-text

An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

Applied Computational Intelligence and Soft Computing ◽

10.1155/2016/3916942 ◽

2016 ◽

Vol 2016 ◽

pp. 1-10

Author(s):

Yousheng Zhou ◽

Junfeng Zhou ◽

Feng Wang ◽

Feng Guo

Keyword(s):

Key Management ◽

Chaotic Map ◽

Mutual Authentication ◽

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Authentication Scheme ◽

Session Key ◽

The Real ◽

Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

Download Full-text

An Enhanced Authentication Scheme for Internet of Things Based E-Healthcare System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8658 ◽

2020 ◽

Vol 17 (1) ◽

pp. 246-253 ◽

Cited By ~ 1

Author(s):

Ravi Raushan Kumar Chaudhary ◽

Ashish Singh ◽

Kakali Chatterjee

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Key Generation ◽

Key Exchange Protocol ◽

Session Key ◽

Diffie Hellman ◽

Healthcare Monitoring ◽

Diffie Hellman Key Exchange ◽

Mutual Authentication Protocol

Security is a major challenge in modern IoT based healthcare monitoring systems. It provides many benefits such as critical patient monitoring, remote diagnosis at anytime, anywhere. Hence, security of this data is essential when the healthcare professionals access it. Also, while storing the patients record; it must be kept safe from misuse and modification of data as other devices can easily track it. To prevent this type of threats, we have proposed a mutual authentication protocol to enhance health care security and to resist vulnerable attacks. The proposed scheme used Challenge response protocol for the authentication purpose and the Diffie-Hellman key exchange protocol is used for generation of the session key generation. The security analysis of the proposed scheme shows that the scheme is more secure and resist all the major attacks as compared to other schemes. The Formal verification of this schema also ensures that it resists most probable attacks in this system. The result of the proposed authentication scheme shows that it has low computational and communicational load.

Download Full-text

Privacy-Preserving Authentication Scheme for Roaming Service in Global Mobility Networks

International journal of Computer Networks & Communications ◽

10.5121/ijcnc.2021.13507 ◽

2021 ◽

Vol 13 (5) ◽

pp. 111-128

Author(s):

Sung Woon Lee ◽

Hyunsung Kim

Keyword(s):

Rapid Development ◽

Security Analysis ◽

Mobile User ◽

Authentication Scheme ◽

Privacy Concerns ◽

Global Mobility ◽

Lightweight Authentication ◽

Symmetric Key Cryptography ◽

Exclusive Or ◽

Global Mobility Networks

With the rapid development of mobile intelligent technologies and services, users can freely experience ubiquitous services in global mobility networks. It is necessary to provide authentications and protection to the privacy of mobile users. Until now, many authentication and privacy schemes were proposed. However, most of the schemes have been exposed to some security problems. Recently, Madhusudhan and Shashidhara (M&S) proposed a lightweight authentication scheme, denoted as the M&S scheme, for roaming services in global mobility networks. This paper shows that the M&S scheme has security flaws including two masquerading attacks and a mobile user trace attack. After that, we propose a privacypreserving authentication scheme for global mobility networks. The proposed scheme not only focused on the required security but also added privacy concerns focused on anonymity based on a dynamic pseudonym, which is based on exclusive-or operation, hash operation and symmetric key cryptography. Formal security analysis is performed based on Burrow-Abadi-Needdham (BAN) logic and the ProVerif tool, which concludes that the proposed scheme is secure. The analysis shows that the proposed authentication scheme is secure and provides privacy with a reasonable performance.

Download Full-text

A Novel Authentication Scheme for Multi-Server Environment of Industrial Internet

CONVERTER ◽

10.17762/converter.105 ◽

2021 ◽

pp. 718-729

Author(s):

Yu Zhang, Guangmin Sun

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Performance Comparison ◽

Authentication Scheme ◽

Session Key ◽

Industrial Internet ◽

The Face ◽

And Performance ◽

Value Decomposition ◽

Multi Server

Aiming at the security problems of authentication in multi-server environments, a novel three-factor authentication scheme for multi-server environments of industrial Internet is proposed. After verifying password and face, a temporary session key is established for the user and server. Then the user obtains the permission of application services and accessing resources. In process of verifying password, hash function is used to hide password. The method of verifying face is the face recognition based on singular value decomposition. During the key agreement phase, only four dot multiplication operations based on elliptic curve cryptography is used to realize one-time key for cryptograph transmission and mutual authentication. Through security analysis and performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value for multi-server environments of industrial Internet.

Download Full-text

A Robust and Efficient Password Authentication Scheme Using Smart Cards

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.1172 ◽

2014 ◽

Vol 571-572 ◽

pp. 1172-1175

Author(s):

Wei Jing Li ◽

Ping Zhu ◽

Hua Zhang ◽

Zheng Ping Jin

Keyword(s):

Elliptic Curve Cryptography ◽

Secure Communication ◽

User Anonymity ◽

Smart Cards ◽

Authentication Scheme ◽

Forward Secrecy ◽

Session Key ◽

Password Authentication ◽

Computation Cost ◽

Remote User

Password authentication scheme using smart cards is an important part of securely accessing the server program. In 2012, Chen et al. proposed a robust smart-card-based remote user password authentication scheme. Recently, Li et al. discovered the scheme of Chen et al. cannot really ensure forward secrecy, and it cannot achieve the goal of efficiency for wrong password login. Then, they proposed an enhanced remote user password authentication scheme based on smart cards. In this paper, we propose a novel authentication scheme by using elliptic curve cryptography. The new scheme can achieve both the user anonymity and the goal of efficiency of incorrect password detection, and can also establish a session key for the subsequent secure communication. Moreover, we show by a detailed analysis that it requires lower computation cost while improving the security of the scheme.

Download Full-text

A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure

Wireless Communications and Mobile Computing ◽

10.1155/2020/3805058 ◽

2020 ◽

Vol 2020 ◽

pp. 1-15 ◽

Cited By ~ 3

Author(s):

Feifei Wang ◽

Guosheng Xu ◽

Guoai Xu ◽

Yuejie Wang ◽

Junhao Peng

Keyword(s):

Cloud Computing ◽

Resource Sharing ◽

Secure Communication ◽

Formal Analysis ◽

Mutual Authentication ◽

Authentication Scheme ◽

User Privacy ◽

Session Key ◽

Three Factor ◽

Key Exposure

With the development of Internet of Things (IoT) technologies, Internet-enabled devices have been widely used in our daily lives. As a new service paradigm, cloud computing aims at solving the resource-constrained problem of Internet-enabled devices. It is playing an increasingly important role in resource sharing. Due to the complexity and openness of wireless networks, the authentication protocol is crucial for secure communication and user privacy protection. In this paper, we discuss the limitations of a recently introduced IoT-based authentication scheme for cloud computing. Furthermore, we present an enhanced three-factor authentication scheme using chaotic maps. The session key is established based on Chebyshev chaotic-based Diffie–Hellman key exchange. In addition, the session key involves a long-term secret. It ensures that our scheme is secure against all the possible session key exposure attacks. Besides, our scheme can effectively update user password locally. Burrows–Abadi–Needham logic proof confirms that our scheme provides mutual authentication and session key agreement. The formal analysis under random oracle model proves the semantic security of our scheme. The informal analysis shows that our scheme is immune to diverse attacks and has desired features such as three-factor secrecy. Finally, the performance comparisons demonstrate that our scheme provides optimal security features with an acceptable computation and communication overheads.

Download Full-text

LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT Deployment

Sensors ◽

10.3390/s19245539 ◽

2019 ◽

Vol 19 (24) ◽

pp. 5539 ◽

Cited By ~ 7

Author(s):

Mohammad Wazid ◽

Ashok Kumar Das ◽

Sachin Shetty ◽

Joel J. P. C. Rodrigues ◽

Youngho Park

Keyword(s):

Key Management ◽

Secure Communication ◽

Network Performance ◽

Security Analysis ◽

Internet Security ◽

Session Key ◽

Open Communication ◽

Management Mechanism ◽

Novel Device ◽

Edge Based

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication is successful, they establish a session key between them for secure communication. To achieve this goal, a novel device authentication and key management mechanism for the edge based IoT environment, called the lightweight authentication and key management scheme for the edge based IoT environment (LDAKM-EIoT), was designed. The detailed security analysis and formal security verification conducted by the widely used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool prove that the proposed LDAKM-EIoT is secure against several attack vectors that exist in the infrastructure of the edge based IoT environment. The elaborated comparative analysis of the proposed LDAKM-EIoT and different closely related schemes provides evidence that LDAKM-EIoT is more secure with less communication and computation costs. Finally, the network performance parameters are calculated and analyzed using the NS2 simulation to demonstrate the practical facets of the proposed LDAKM-EIoT.

Download Full-text

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

The Scientific World JOURNAL ◽

10.1155/2014/687879 ◽

2014 ◽

Vol 2014 ◽

pp. 1-8 ◽

Cited By ~ 1

Author(s):

Youngsook Lee ◽

Juryon Paik

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Mobile User ◽

Authentication Scheme ◽

Third Party ◽

Dictionary Attack ◽

Session Key ◽

Foreign Agent ◽

Anonymous Authentication ◽

Man In The Middle

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

Download Full-text

A Certificateless Pairing-Free Authentication Scheme for Unmanned Aerial Vehicle Networks

Security and Communication Networks ◽

10.1155/2021/9463606 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Jingyi Li ◽

Yujue Wang ◽

Yong Ding ◽

Wanqing Wu ◽

Chunhai Li ◽

...

Keyword(s):

Unmanned Aerial Vehicles ◽

Unmanned Aerial Vehicle ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Security Issues ◽

Aerial Vehicles ◽

Vehicle Networks ◽

Aerial Vehicle ◽

Certificateless Signature

In unmanned aerial vehicle networks (UAVNs), unmanned aerial vehicles with restricted computing and communication capabilities can perform tasks in collaborative manner. However, communications in UAVN confront many security issues, for example, malicious entities may launch impersonate attacks. In UAVN, the command center (CMC) needs to perform mutual authentication with unmanned aerial vehicles in clusters. The aggregator (AGT) can verify the authenticity of authentication request from CMC; then, the attested authentication request is broadcasted to the reconnaissance unmanned aerial vehicle (UAV) in the same cluster. The authentication responses from UAVs can be verified and aggregated by AGT before being sent to CMC for validation. Also, existing solutions cannot resist malicious key generation center (KGC). To address these issues, this paper proposes a pairing-free authentication scheme (CLAS) for UAVNs based on the certificateless signature technology, which supports batch verification at both AGT and CMC sides so that the verification efficiency can be improved greatly. Security analysis shows that our CLAS scheme can guarantee the unforgeability for (attested) authentication request and (aggregate) responses in all phases. Performance analysis indicates that our CLAS scheme enjoys practical efficiency.

Download Full-text

Design and SOPC-Based Realization of a Video Chaotic Secure Communication Scheme

International Journal of Bifurcation and Chaos ◽

10.1142/s0218127418501602 ◽

2018 ◽

Vol 28 (13) ◽

pp. 1850160 ◽

Cited By ~ 5

Author(s):

Ping Chen ◽

Simin Yu ◽

Baoju Chen ◽

Liangshan Xiao ◽

Jinhu Lü

Keyword(s):

Real Time ◽

Secure Communication ◽

Security Analysis ◽

New Approach ◽

Time Performance ◽

Hardware Realization ◽

Communication Scheme ◽

Chaotic Secure Communication

This paper proposes a new approach for hardware realization based on a system with programmable chip (SOPC) technology. The main feature of the SOPC-based scheme is that it can make full use of both FPGA and ARM, where the FPGA is used for video capturing, displaying, encrypting and decrypting, the ARM is adopted for TCP/IP protocol, Ethernet sending and receiving. SOPC technology gives full play to the advantages of both FPGA and ARM that complement each other, leading to better real-time performance and is more convenient for hardware realization. In addition, some results of security analysis are also given. Hardware realization results verify the feasibility and effectiveness of the proposed SOPC-based approach.

Download Full-text