New Secure and Practical E-Mail Protocol with Perfect Forward Secrecy

The invention of electronic mail (e-mail) has made communication through the Internet easier than before. However, because the fundamental functions of the Internet are built on opensource technologies, it is critical to keep all transmitted e-mail secure and secret. Most current e-mail protocols only allow recipients to check their e-mail after the recipients are authenticated by the e-mail server. Unfortunately, the subsequent e-mail transmission from the server to the recipient remains unprotected in the clear form without encryption. Sometimes, this is not allowed, especially in consideration of issues such as confidentiality and integrity. In this paper, we propose a secure and practical e-mail protocol with perfect forward secrecy, as well as a high security level, in which the session keys used to encrypt the last e-mail will not be disclosed even if the long-term secret key is compromised for any possible reason. Thus, the proposed scheme benefits from the following advantages: (1) providing mutual authentication to remove the threat of not only impersonation attacks, but also spam; (2) guaranteeing confidentiality and integrity while providing the service of perfect forward secrecy; (3) simplifying key management by avoiding the expense of public key infrastructure involvement; and (4) achieving lower computational cost while meeting security criteria compared to the related works. The security analysis and the discussion demonstrate that the proposed scheme works well.

Download Full-text

A puncturable attribute-based data sharing scheme for the Internet of Medical Robotic Things

Library Hi Tech ◽

10.1108/lht-08-2021-0254 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Sultan Basudan

Keyword(s):

Data Sharing ◽

Mutual Authentication ◽

The Internet ◽

Security Model ◽

Secret Key ◽

Forward Secrecy ◽

Content Type ◽

Sensing Data ◽

Sharing Scheme ◽

Security Proof

PurposeIn line with the fast development of information technology, the Internet of Medical Robotic Things (IoMRT) is gaining more ground in health care. Sharing patients' information effectively and securely can improve sensing data usage and confidentiality. Nevertheless, current IoMRT data sharing schemes are lacking in terms of supporting efficient forward secrecy; when secret key for a robotic nurse as a data requester is compromised, all the historically shared data with this robotic nurse will be leaked.Design/methodology/approachThe presented paper suggests an efficient puncturable attribute-based data sharing scheme enabling guaranteed firm security and versatile access control over health sensing data in IoMRT. This scheme integrates attribute-based and puncturable encryption to avail a shared secret key for data sharing that can be encrypted by an access structure over the Data Requester (DR) attributes. Additionally, the establishment of the shared key and the mutual authentication is simultaneously done between the cloud servers and DRs.FindingsThe proposed scheme can achieve forward secrecy by adopting the bloom filter technique that efficiently helps the updating of a private key with no need for the key distributor to reissue the key. The security proof illustrates that this scheme adheres to the security model. Besides, the performance evaluation expresses the feasibility of the suggested scheme.Originality/valueThe main goal of designing a puncture algorithm is to devise an updated key from the ciphertext and a secret key, allowing the decryption of all ciphertexts except the one that has been punctured on. This research illustrates the first effort to develop a puncturable attribute-based encryption scheme to achieve efficient finegrained data sharing in IoMRT.

Download Full-text

Efficient Multi-linear Key Pairing Cryptosystem for Reliable Cloud-based Service Provisioning

Revista Gestão Inovação e Tecnologias ◽

10.47059/revistageintec.v11i4.2471 ◽

2021 ◽

Vol 11 (4) ◽

pp. 4440-4455

Author(s):

Dr. Sabout Nagaraju ◽

S.K.V. Jayakumar ◽

C. Swetha Priya

Keyword(s):

Cloud Computing ◽

Key Management ◽

Mutual Authentication ◽

Critical Role ◽

Service Provisioning ◽

Secret Key ◽

Session Key ◽

Perfect Forward Secrecy ◽

Key Leakage ◽

Accuracy Rates

Cloud computing has gained rapid growth in the development of different fields of science and engineering. However, due to the distributed nature of cloud computing, session key generation and establishment is the pressing issue. Session key management plays the utmost important role in the secure exchange of sensitive login credentials and transaction information. Moreover, conventional session key management mechanisms are inadequate and cannot be directly adopted in cloud-based environments. Hence, session key management is very much solely needed solution for reliable cloud-based service provisioning. In mutual authentication, bi-linear key pairing cryptosystem plays a critical role to generate and establish a session key. The existing mutual authentication schemes fail to support true mutual authentication in cloud-based environments as they are vulnerable to secret key leakage, perfect forward secrecy, and untraceability. To mitigate the effect of these attacks, this research develops an efficient multi-linear key pairing cryptosystem. In this cryptosystem, challenge-response messages are used for generating and establishing a one-time shared session key. Furthermore, the performance analysis of the proposed cryptosystem depicts a significant reduction of computation cost, authentication accuracy rates, and resistance to the aforementioned attacks.

Download Full-text

Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽

10.3390/s21062057 ◽

2021 ◽

Vol 21 (6) ◽

pp. 2057

Author(s):

Yongho Ko ◽

Jiyoon Kim ◽

Daniel Gerbi Duguma ◽

Philip Virgil Astillo ◽

Ilsun You ◽

...

Keyword(s):

Performance Evaluation ◽

Secure Communication ◽

Communication Protocol ◽

Denial Of Service ◽

Mutual Authentication ◽

Information Leakage ◽

Security Protocol ◽

Security Requirements ◽

Forward Secrecy ◽

Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

Download Full-text

An Improvement on Secure E-mail Protocols Providing Perfect Forward Secrecy

Proceedings of the 9th Joint Conference on Information Sciences (JCIS) ◽

10.2991/jcis.2006.102 ◽

2006 ◽

Cited By ~ 3

Author(s):

Iuon-Chang Lin ◽

Yang-Bin Lin ◽

Chung-Ming Wang

Keyword(s):

Forward Secrecy ◽

Perfect Forward Secrecy ◽

E Mail

Download Full-text

Electronic Mail Security

Handbook of Research on Information Communication Technology Policy ◽

10.4018/978-1-61520-847-0.ch010 ◽

2011 ◽

pp. 147-160 ◽

Cited By ~ 1

Author(s):

Edwin I. Achugbue

Keyword(s):

Electronic Mail ◽

The Internet ◽

Security Threat ◽

The Future ◽

History Of ◽

The Individual ◽

Mail Address ◽

E Mail

The chapter focuses on the history of the internet system of e-mail; e-mail security; threat to e-mail security, usefulness of e-mail address and country codes, how e-mails can be secured by the individual and electronic mail policy. The future of e-mail security is also described.

Download Full-text

Future of Small Business E-Commerce

Electronic Commerce ◽

10.4018/978-1-59904-943-4.ch166 ◽

2011 ◽

pp. 2159-2163 ◽

Cited By ~ 1

Author(s):

Simpson Poon

Keyword(s):

Small Business ◽

Small Businesses ◽

Electronic Mail ◽

The Internet ◽

File Transfer Protocol ◽

File Transfer ◽

Research Findings ◽

Use Of The Internet ◽

In The Beginning ◽

E Mail

The use of the Internet for business purposes among small businesses started quite early in the e-commerce evolution. In the beginning, innovative and entrepreneurial owners of small businesses attempted to use rudimentary Internet tools such as electronic mail (e-mail) and file transfer protocol (FTP) to exchange messages and documents. While primitive, it fulfilled much of the business needs at the time. Even to date, e-mail and document exchange, according to some of the latest research findings, are still the most commonly used tools despite the fact that tools themselves have become more sophisticated.

Download Full-text