Protecting the Security and Privacy of the Virtual Machine through Privilege Separation

AbstractInternet of Things (IoT) has been a most important research area for almost a decade now, where a huge network of billions or trillions of “things” communicating with one another is facing many technical and application challenges. Although there are many uncertainties about its security and privacy, the literature presents different techniques to handle the security issues and challenges in order to develop a well-defined security architecture. This paper reviews 50 research papers that are related to the security of IoT. The security techniques were classified with respect to time consumption, energy consumption, power consumption, lightweight property, reliability, robustness, and smart applicability. Also, the security techniques were analyzed based on the considered attacks, application, utilized simulation tool, security model, and attributes. The objective of the survey is focused on the security loopholes arising out of the information exchange technologies used in IoT. Finally, the important research issues are addressed for the researchers to find the way for further research in the security of IoT. The survey signifies that multilevel and mutual authentication based on attribute-based profile modeling bring more security for access control and authentication.

Download Full-text

A Secure Lightweight Mutual Authentication for RFID Systems

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.4496 ◽

2014 ◽

Vol 644-650 ◽

pp. 4496-4500

Author(s):

Hang Qin ◽

Yi Liu

Keyword(s):

Radio Frequency Identification ◽

Low Cost ◽

Mutual Authentication ◽

Security Analysis ◽

Limited Resource ◽

Authentication Protocol ◽

Security And Privacy ◽

Linear Feedback ◽

Security Issues ◽

Rfid Systems

Radio Frequency Identification (RFID) technology is an automated identification technology which is widely used to identify and track all kind of objects. It is well suitable for many fields and is expected to replace barcodes in the near future. However, it is a challenging task to design an authentication protocol because of the limited resource of low-cost RFID tags. Recently, a lightweight RFID authentication protocol presented by Kulseng et al uses Physically Unclonable Functions (PUFs) and Linear Feedback Shift Registers (LFSRs) which are well known lightweight operations. The number of gates which the protocol require can be significantly decreased. Unfortunately, their protocol faces several serious security issues. In this paper, based PUFs and LFSRs, we suggest a secure mutual authentication for low-cost RFID Systems. Security analysis shows that our protocol owns security and privacy.

Download Full-text

An Evaluation of the RFID Security Benefits of the APF System

Health Information Systems ◽

10.4018/978-1-60566-988-5.ch058 ◽

2011 ◽

pp. 933-944

Author(s):

John Ayoade ◽

Judith Symonds

Keyword(s):

Data Protection ◽

Mutual Authentication ◽

Patient Data ◽

Security And Privacy ◽

Line Of Sight ◽

Prototype System ◽

Hospital Patient ◽

Rfid Security ◽

Processing Framework ◽

Require Information

The main features of RFID are the ability to identify objects without a line of sight between reader and tag, read/write capability and ability of readers to read many tags at the same time. The read/write capability allows information to be stored in the tags embedded in the objects as it travels through a system. Some applications require information to be stored in the tag and be retrieved by the readers. This paper discusses the security and privacy challenges involve in such applications and how the proposed and implemented prototype system Authentication Processing Framework (APF) would be a solution to protect hospital patient data. The deployment of the APF provides mutual authentication for both tags and readers and the mutual authentication process in the APF provides security for the information stored in the tags. A prototype solution for hospital patient data protection for information stored on RFID bracelets is offered.

Download Full-text

An Evaluation of the RFID Security Benefits of the APF System

Ubiquitous and Pervasive Computing ◽

10.4018/978-1-60566-960-1.ch085 ◽

2010 ◽

pp. 1374-1385

Author(s):

John Ayoade ◽

Judith Symonds

Keyword(s):

Data Protection ◽

Mutual Authentication ◽

Patient Data ◽

Security And Privacy ◽

Line Of Sight ◽

Prototype System ◽

Hospital Patient ◽

Rfid Security ◽

Processing Framework ◽

Require Information

The main features of RFID are the ability to identify objects without a line of sight between reader and tag, read/write capability and ability of readers to read many tags at the same time. The read/write capability allows information to be stored in the tags embedded in the objects as it travels through a system. Some applications require information to be stored in the tag and be retrieved by the readers. This paper discusses the security and privacy challenges involve in such applications and how the proposed and implemented prototype system Authentication Processing Framework (APF) would be a solution to protect hospital patient data. The deployment of the APF provides mutual authentication for both tags and readers and the mutual authentication process in the APF provides security for the information stored in the tags. A prototype solution for hospital patient data protection for information stored on RFID bracelets is offered.

Download Full-text

An Evaluation of the RFID Security Benefits of the APF System

Emerging Pervasive and Ubiquitous Aspects of Information Systems ◽

10.4018/978-1-60960-487-5.ch003 ◽

2011 ◽

pp. 37-48

Author(s):

John Ayoade ◽

Judith Symonds

Keyword(s):

Data Protection ◽

Mutual Authentication ◽

Patient Data ◽

Security And Privacy ◽

Line Of Sight ◽

Prototype System ◽

Hospital Patient ◽

Rfid Security ◽

Processing Framework ◽

Require Information

The main features of RFID are the ability to identify objects without a line of sight between reader and tag, read/write capability and ability of readers to read many tags at the same time. The read/write capability allows information to be stored in the tags embedded in the objects as it travels through a system. Some applications require information to be stored in the tag and be retrieved by the readers. This paper discusses the security and privacy challenges involve in such applications and how the proposed and implemented prototype system Authentication Processing Framework (APF) would be a solution to protect hospital patient data. The deployment of the APF provides mutual authentication for both tags and readers and the mutual authentication process in the APF provides security for the information stored in the tags. A prototype solution for hospital patient data protection for information stored on RFID bracelets is offered.

Download Full-text

PAX: Using Pseudonymization and Anonymization to Protect Patients' Identities and Data in the Healthcare System

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph16091490 ◽

2019 ◽

Vol 16 (9) ◽

pp. 1490 ◽

Cited By ~ 5

Author(s):

Mishall Al-Zubaidie ◽

Zhongwei Zhang ◽

Ji Zhang

Keyword(s):

Healthcare Providers ◽

Security Analysis ◽

Health Sector ◽

Security And Privacy ◽

Modular System ◽

Electronic Systems ◽

Security Measures ◽

Security Issues ◽

Privacy Issues ◽

Emergency Doctors

Electronic health record (EHR) systems are extremely useful for managing patients' data and are widely disseminated in the health sector. The main problem with these systems is how to maintain the privacy of sensitive patient information. Due to not fully protecting the records from unauthorised users, EHR systems fail to provide privacy for protected health information. Weak security measures also allow authorised users to exceed their specific privileges to access medical records. Thus, some of the systems are not a trustworthy source and are undesirable for patients and healthcare providers. Therefore, an authorisation system that provides privacy when accessing patients' data is required to address these security issues. Specifically, security and privacy precautions should be raised for specific categories of users, doctor advisors, physician researchers, emergency doctors, and patients' relatives. Presently, these users can break into the electronic systems and even violate patients' privacy because of the privileges granted to them or the inadequate security and privacy mechanisms of these systems. To address the security and privacy problems associated with specific users, we develop the Pseudonymization and Anonymization with the XACML (PAX) modular system, which depends on client and server applications. It provides a security solution to the privacy issues and the problem of safe-access decisions for patients' data in the EHR. The~results of theoretical and experimental security analysis prove that PAX provides security features in preserving the privacy of healthcare users and is safe against known attacks.

Download Full-text

A Novel ECC-Based RFID Authentication Protocol

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.474-476.1764 ◽

2011 ◽

Vol 474-476 ◽

pp. 1764-1769

Author(s):

Ming Wei Fang ◽

Jun Jun Wu ◽

Xin Fang Zhang ◽

Hong Chen

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Automatic Identification ◽

Identification System ◽

Security Issues ◽

Rfid System ◽

Active Attack ◽

Security Communication ◽

Signal Channel

RFID technology plays an important role in our daily life nowadays. It widely used in the automatic identification system by embedding the tag into product. However, some security risks presented due to radio frequency signal channel between the tag and the reader which may lead privacy disclosure for the user. Various solutions are proposed to resole to security issues in RFID system, but there still presented some limitations. A security elliptic curve cryptography based authentication protocol is presented in this paper to preserve the privacy of the RFID system. The proposed protocol provides mutual authentication and a security communication channel between the tag and the reader. By the security analysis, our protocol can resist common passive and active attack; moreover, it also can provide forward security.

Download Full-text

Secure Message Transmission for V2V Based on Mutual Authentication for VANETs

Wireless Communications and Mobile Computing ◽

10.1155/2021/3400558 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Jabar Mahmood ◽

Zongtao Duan ◽

Heng Xue ◽

Yun Yang ◽

Michael Abebe Berwo ◽

...

Keyword(s):

Privacy Preservation ◽

Vehicular Ad Hoc Networks ◽

Mutual Authentication ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Transmission Scheme ◽

Message Transmission ◽

And Performance ◽

Secure Message Transmission

The advancements in Vehicular Ad Hoc Networks (VANETs) require more intelligent security protocols that ultimately provide unbreakable security to vehicles and other components of VANETs. VANETs face various types of security pitfalls due to the openness characteristics of the VANET communication infrastructure. Researchers have recently proposed different mutual authentication schemes that address security and privacy issues in vehicle-to-vehicle (V2V) communication. However, some V2V security schemes suffer from inadequate design and are hard to implement practically. In addition, some schemes face vehicle traceability and lack anonymity. Hence, this paper’s primary goal is to enhance privacy preservation through mutual authentication and to achieve better security and performance. Therefore, this article first describes the vulnerabilities of a very recent authentication scheme presented by Vasudev et al. Our analysis proves that the design of Vasudev et al.’s scheme is incorrect, and resultantly, the scheme does not provide mutual authentication between a vehicle and vehicle server when multiple vehicles are registered with the vehicle sever. Furthermore, this paper proposes a secure message transmission scheme for V2V in VANETs. The proposed scheme fulfills the security and performance requirements of VANETs. The security analysis of the proposed scheme using formal BAN and informal discussion on security features confirm that the proposed scheme fulfills the security requirements, and the performance comparisons show that the proposed scheme copes with the lightweightness requirements of VANETs.

Download Full-text

A Certificateless Pairing-Free Authentication Scheme for Unmanned Aerial Vehicle Networks

Security and Communication Networks ◽

10.1155/2021/9463606 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Jingyi Li ◽

Yujue Wang ◽

Yong Ding ◽

Wanqing Wu ◽

Chunhai Li ◽

...

Keyword(s):

Unmanned Aerial Vehicles ◽

Unmanned Aerial Vehicle ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Security Issues ◽

Aerial Vehicles ◽

Vehicle Networks ◽

Aerial Vehicle ◽

Certificateless Signature

In unmanned aerial vehicle networks (UAVNs), unmanned aerial vehicles with restricted computing and communication capabilities can perform tasks in collaborative manner. However, communications in UAVN confront many security issues, for example, malicious entities may launch impersonate attacks. In UAVN, the command center (CMC) needs to perform mutual authentication with unmanned aerial vehicles in clusters. The aggregator (AGT) can verify the authenticity of authentication request from CMC; then, the attested authentication request is broadcasted to the reconnaissance unmanned aerial vehicle (UAV) in the same cluster. The authentication responses from UAVs can be verified and aggregated by AGT before being sent to CMC for validation. Also, existing solutions cannot resist malicious key generation center (KGC). To address these issues, this paper proposes a pairing-free authentication scheme (CLAS) for UAVNs based on the certificateless signature technology, which supports batch verification at both AGT and CMC sides so that the verification efficiency can be improved greatly. Security analysis shows that our CLAS scheme can guarantee the unforgeability for (attested) authentication request and (aggregate) responses in all phases. Performance analysis indicates that our CLAS scheme enjoys practical efficiency.

Download Full-text

MAKE-IT—A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things

Sensors ◽

10.3390/s20185166 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5166 ◽

Cited By ~ 2

Author(s):

Karanjeet Choudhary ◽

Gurjot Singh Gaba ◽

Ismail Butun ◽

Pardeep Kumar

Keyword(s):

Internet Of Things ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Efficient Computation ◽

Secret Key ◽

Industrial Internet Of Things ◽

Key Exchange Protocol ◽

Security Issues ◽

Industrial Internet

Continuous development of the Industrial Internet of Things (IIoT) has opened up enormous opportunities for the engineers to enhance the efficiency of the machines. Despite the development, many industry administrators still fear to use Internet for operating their machines due to untrusted nature of the communication channel. The utilization of internet for managing industrial operations can be widespread adopted if the authentication of the entities are performed and trust is ensured. The traditional schemes with their inherent security issues and other complexities, cannot be directly deployed to resource constrained network devices. Therefore, we have proposed a strong mutual authentication and secret key exchange protocol to address the vulnerabilities of the existing schemes. We have used various cryptography operations such as hashing, ciphering, and so forth, for providing secure mutual authentication and secret key exchange between different entities to restrict unauthorized access. Performance and security analysis clearly demonstrates that the proposed work is energy efficient (computation and communication inexpensive) and more robust against the attacks in comparison to the traditional schemes.

Download Full-text