Securing Wireless Body Area Network with Efficient Secure Channel Free and Anonymous Certificateless Signcryption

In the last few years, the wireless body area network (WBAN) has emerged as an appealing and viable option in the e-health application domain. WBAN technology is primarily used to offer continuous screening of health data to patients, independent of their location, time, or activity. A WBAN, on the other hand, is vulnerable to different cyberattacks due to the openness of the wireless environment and the privacy of people’s physiological data. A highly efficient and secure cryptographic scheme that can fulfill the needs of resource-constrained WBAN sensors and devices is considered necessary. First, we take a look at the most up-to-date security solutions for WBANs. Then, we go through some of the underlying concerns and challenges with WBAN security. We propose a new framework called secure channel free certificateless signcryption scheme for WBANs based on a hyperelliptic curve that can meet security requirements such as confidentiality, anonymity, integrity, resistance against unauthorized users, unforgeability, public verifiability, forward secrecy, and antireplay attack, all of which can be achieved with low computation and communication costs. The computation cost of the proposed scheme is 3.36 ms, which is much better than its counterpart schemes.

Secure Channel for Sharing Datasets by using Privacy-Preserving Integration Method

In privacy-enhancing technology, it has been inevitably challenging to strike a maintain balance between privacy, efficiency and usability (utility). We propose a highly practical and efficient approach for privacy-preserving integration and sharing of datasets among a group of participants. At the heart of our solution is a new interactive protocol, Secure Channel. Through Secure Channel, each participant is able to randomize their datasets via an independent and untrusted third party, such that the resulting dataset can be merged with other randomized datasets contributed by other participants group in a privacy-preserving manner. Our process does not require any public or key sharing between participants in order to integrate different datasets. This, in turn, leads to a user can understand and use easily and scalable solution. Moreover, the accuracy of a randomized dataset which are returned by the third party can be securely verified by the other participant of group. We further demonstrate Secure Channel’s general utilities, using it to construct a structure preserving data integration protocol. This is mainly useful for, good quality integration of network traffic data.

Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) versus QUIC

Secure channel establishment protocols such as Transport Layer Security (TLS) are some of the most important cryptographic protocols, enabling the encryption of Internet traffic. Reducing latency (the number of interactions between parties before encrypted data can be transmitted) in such protocols has become an important design goal to improve user experience. The most important protocols addressing this goal are TLS 1.3, the latest TLS version standardized in 2018 to replace the widely deployed TLS 1.2, and Quick UDP Internet Connections (QUIC), a secure transport protocol from Google that is implemented in the Chrome browser. There have been a number of formal security analyses for TLS 1.3 and QUIC, but their security, when layered with their underlying transport protocols, cannot be easily compared. Our work is the first to thoroughly compare the security and availability properties of these protocols. Toward this goal, we develop novel security models that permit “layered” security analysis. In addition to the standard goals of server authentication and data confidentiality and integrity, we consider the goals of IP spoofing prevention, key exchange packet integrity, secure channel header integrity, and reset authentication, which capture a range of practical threats not usually taken into account by existing security models that focus mainly on the cryptographic cores of the protocols. Equipped with our new models we provide a detailed comparison of three low-latency layered protocols: TLS 1.3 over TCP Fast Open (TFO), QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS 1.3 key exchange) over UDP. In particular, we show that TFO’s cookie mechanism does provably achieve the security goal of IP spoofing prevention. Additionally, we find several new availability attacks that manipulate the early key exchange packets without being detected by the communicating parties. By including packet-level attacks in our analysis, our results shed light on how the reliability, flow control, and congestion control of the above layered protocols compare, in adversarial settings. We hope that our models will help protocol designers in their future protocol analyses and that our results will help practitioners better understand the advantages and limitations of secure channel establishment protocols.

A QR Code Based Group Pairing Approach for Mobile Ad Hoc Networks

Due to the rapid growth of small and smart hand-held devices, mobile ad hoc networks (MANets) are becoming very common nowadays. MANets may consist of a number of small hand-held devices having limited resources in terms of memory, battery and processing power. In order to provide services to the users, these devices are capable of communicating with each other through some radio technology, such as WiFi, Bluetooth or Infrared. Since radio channels are inherently vulnerable to various security threats, it requires that devices in MANets must establish a secure association amongst themselves before exchanging any sensitive information or data. The process of establishing a secure channel between two devices is referred to as device pairing or device association. Device pairing do not rely on traditional mechanisms for security due to the impulsive and ad hoc interactions among the devices. Due to this, researchers have proposed many schemes/protocols to deal with this issue; however, the issue of group pairing (i.e. secure association of more than two devices) is less addressed issue in the literature yet. There could be many scenarios (such as confidential office meetings, paring of group of home appliances in smart-homes, etc) of MANets, where secure group communications is desired. Consequently, this research focuses on this issue and proposes a QR (quick response) code based scheme to establish a secure channel between a numbers of devices. The proposed system is implemented and tested on modern hand-held devices and a usability study of the implemented system is also carried out.

Over the Air Smart Card Update via Secure Channel Protocol & Universal E-Card

Smart cards have been used in the industry from a very long time but the recent technological advancements are yet to reach this industry. As we know Modern technologies can easily be updated via internet and any new feature can be added on the go. For smart cards (like bank cards, sim, ID cards etc.) still the traditional approach is used of replacing an existing card and provide a new one or to provide a end of lifetime for the card for issuance of new one. This paper proposes a solution to update the cards on the go, like a software update thereby reducing the hassle for user, saving logistics cost for the issuing authority, increasing longevity of cards and reducing the overall resources used in card manufacture. The paper also discusses how the proposed solution integrates with the existing hardware and modified for any custom needs. The paper further expands the scope to a proposed universal E-Card system wherein a concept of single card for all purposes is introduced.