An Authentication and Secure Communication Scheme for In-Vehicle Networks Based on SOME/IP

The rapid development of intelligent networked vehicles (ICVs) has brought many positive effects. Unfortunately, connecting to the outside exposes ICVs to security threats. Using secure protocols is an important approach to protect ICVs from hacker attacks and has become a hot research area for vehicle security. However, most of the previous studies were carried out on V2X networks, while those on in-vehicle networks (IVNs) did not involve Ethernet. To this end, oriented to the new IVNs based on Ethernet, we designed an efficient secure scheme, including an authentication scheme using the Scalable Service-Oriented Middleware over IP (SOME/IP) protocol and a secure communication scheme modifying the payload field of the original SOME/IP data frame. The security analysis shows that the designed authentication scheme can provide mutual identity authentication for communicating parties and ensure the confidentiality of the issued temporary session key; the designed authentication and secure communication scheme can resist the common malicious attacks conjointly. The performance experiments based on embedded devices show that the additional overhead introduced by the secure scheme is very limited. The secure scheme proposed in this article can promote the popularization of the SOME/IP protocol in IVNs and contribute to the secure communication of IVNs.

A Rabin Cryptosystem-Based Lightweight Authentication Protocol and Session Key-Generation Scheme for IoT Deployment

Handling unpredictable attack vulnerabilities in self-proclaiming secure algorithms in WSNs is an issue. Vulnerabilities provide loop holes for adversary to barge in the privacy of the network. Attacks performed by the attacker can be active or passive. Adversary may listen to the sensitive information and exploit its confidentiality which is passive, or adversary may modify sensitive information being transferred over a WSN in case of active attacks. As Internet of things has basically three layers, middle-ware layer, Application layer, perceptron layer, most of the attacks are observed to happen at the perceptron layer in case of both wireless sensor network and RFID Tag implication Layer. Both are a major part of the perceptron layer that consist a small part of the IoT. Some of the major attack vulnerabilities are exploited by executing the attacks through certain flaws in the protocol that are difficult to identify and almost complex to identify in complicated bigger protocols. As most of the sensors are resource constrained in terms of memory, battery power, processing power, bandwidth and due to which implementation of complex cryptosystem to keep the data being transferred secure is a challenging phase. The three main objectives studied in this scenario are setting up the system, registering user and the sensors via multiple gateways. Generating a common key which can be used for a particular interaction session among user, gateway and the sensor network. In this paper, we address one or more of these objectives for some of the fundamental problems in authentication and mutual authentication phase of the WSN in IoT deployment. We prevent the leakage of sensitive information using the rabin cryptosystem to avoid attacks like Man-in-the-middle attack, sensor session key leakage, all session hi-jacking attack and sniffing attacks in which data is analyzed maliciously by the adversary. We also compare and prove the security of our protocol using proverif protocol verifier tool.

Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks

At present, the great progress made by the Internet of Things (IoT) has led to the emergence of the Internet of Drones (IoD). IoD is an extension of the IoT, which is used to control and manipulate drones entering the flight area. Now, the fifth-generation mobile communication technology (5G) has been introduced into the IoD; it can transmit ultra-high-definition data, make the drones respond to ground commands faster and provide more secure data transmission in the IoD. However, because the drones communicate on the public channel, they are vulnerable to security attacks; furthermore, drones can be easily captured by attackers. Therefore, to solve the security problem of the IoD, Hussain et al. recently proposed a three-party authentication protocol in an IoD environment. The protocol is applied to the supervision of smart cities and collects real-time data about the smart city through drones. However, we find that the protocol is vulnerable to drone capture attacks, privileged insider attacks and session key disclosure attacks. Based on the security of the above protocol, we designed an improved protocol. Through informal analysis, we proved that the protocol could resist known security attacks. In addition, we used the real-oracle random model and ProVerif tool to prove the security and effectiveness of the protocol. Finally, through comparison, we conclude that the protocol is secure compared with recent protocols.

Secure Multimodal Authentication Scheme for Wireless Sensor Networks

In the current era, it is necessary to device authorization and authentication techniques to secure resources in information technology. There are several methods to substantiate authorization and authentication. User authentication is essential for authenticating user access control in WSNs. Biometric recognition error, lack of anonymity and vulnerability to attacks, user verification problem, revocation problem and disclosure of session key by the gateway node are some of the security flaws encountered. In this study, a Multimodal Authentication Scheme for Wireless Sensor Networks (WSN-MAS) is proposed to authenticate legitimate users. The main objective is the fusion of fingerprint and iris biometric features at feature level to enable additional accuracy to verify and match user identity with stored templates. In this paper, multimodal biometric features are used for authentication to improve performance, reduce system error rates to achieve better security in WSN.

TC-PSLAP: Temporal Credential-Based Provably Secure and Lightweight Authentication Protocol for IoT-Enabled Drone Environments

In smart cities, common infrastructures are merged and integrated with various components of information communication and technology (ICT) to be coordinated and controlled. Drones (unmanned aerial vehicles) are amongst those components, and when coordinated with each other and with the environment, the drones form an Internet of Drones (IoD). The IoD provides real-time data to the users in smart cities by utilizing traditional cellular networks. However, the delicate data gathered by drones are subject to many security threats and give rise to numerous privacy and security issues. A robust and secure authentication scheme is required to allow drones and users to authenticate and establish a session key. In this article, we proposed a provably secure symmetric-key and temporal credential-based lightweight authentication protocol (TC-PSLAP) to secure the drone communication. We prove that the proposed scheme is provably secure formally through the automated verification tool AVISPA and Burrows–Abadi–Needham logic (BAN logic). Informal security analysis is also performed to depict that the proposed TC-PSLAP can resist known attacks.

BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography- (ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is `1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.

HARDWARE SUPPORT PROCEDURES FOR ASYMMETRIC AUTHENTICATION OF THE INTERNET OF THINGS

Subject of research: procedures of asymmetric authentication of Internet of Things nodes to ensure the highest level of security using cryptographic chips. The aim of the article is to study the ways of potential use of cryptographic chips to ensure secure authentication of Internet of Things sites using asymmetric cryptography procedures. The article solves the following tasks: analysis of hardware support technologies for asymmetric cryptography of the Internet of Things; definition of secure procedures for asymmetric authentication of Internet of Things sites and their constituent elements: creation of certificates, verification of public and private keys. Research methods: method of structural and functional analysis and design of complex systems, methods of identification and authentication of information objects, cryptographic methods of information protection, methods of security analysis of distributed information systems. The novelty of the study is the analysis of hardware support technologies for asymmetric cryptography of Internet of Things with cryptographic chips and the definition of structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things. Distinctive features of the provided asymmetric authentication schemes and procedures are: ensuring an increased level of information security through secure storage of cryptographic keys, digital signatures, certificates, confidential data in a novelty security environment protected from external attacks and no need to store private keys on the host side. The results of the work are procedures and schemes of application of cryptomicrops of asymmetric authentication to ensure the protection of Internet of Things. Analysis of the functioning of the presented schemes allowed to draw the following conclusions. The proposed structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things using cryptographic chips give the user an easy opportunity to implement cryptography without expertise in this field. These chips use the ECDSA digital signature computing and verification hardware with elliptical curve advantages, as a proven and reliable authentication algorithm, and the ECDH symmetric encryption session key generation unit. The provided schemes and procedures support three components of information security, namely: confidentiality, integrity and authenticity of data. Examples of potential applications of the provided schemes and procedures can be implemented using any asymmetric authentication chip, but it is recommended that they be used to generate encryption session keys and where digital signatures are required to verify data and code for integrity and authenticity.

A Session Key Based Security Mechanism for Cyber Physical System

In recent years extensive research is going on for the development of applications which convert physical devices into smart devices. Industry 4.0 adopt the technologies under Cyber Physical Systems (CPS) for the development of such types of smart devices. Increase in the use of such type of smart devices without any security mechanism causes an open invitation for cyber attackers to perform cyber-attacks on such devices. Even current security algorithms are not efficiently work due to some constraints of smart devices. The goal of this research paper is to provide effective solution against different cyber-attacks on CPS applications. This paper proposed session key-based security mechanism which is used for the prevention of cyber-attacks and authentication of cyber devices.

Improved Verifier-Based Three-Party Password-Authenticated Key Exchange Protocol from Ideal Lattices

With the advent of large-scale social networks, two communication users need to generate session keys with the help of a remote server to communicate securely. In the existing three-party authenticated key exchange (3PAKE) protocols, users’ passwords need to be stored on the server; it cannot resist the server disclosure attack. To solve this security problem, we propose a more efficient 3PAKE protocol based on the verification element by adopting a public-key cryptosystem and approximate smooth projection hash (ASPH) function on an ideal lattice. Using the structure of separating authentication from the server, the user can negotiate the session key only after two rounds of communication. The analysis results show that it can improve the efficiency of computation and communication and resist the server disclosure attack, quantum algorithm attack, and replay attack; moreover, it has session key privacy to the server. This protocol can meet the performance requirement of the current communication network.