Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.12720/jcm.9.2.144-156

2014-01-01

Journal of Communications

Abstract:Abstract—In this paper we propose a novel Cross-layer Localized Authentication Mechanism (CLAM) to secure mobility in Next Generation Networks. The proposed mechanism integrates Proxy MIPv6 and Session Initiation Protocol (SIP) to handle the authentication locally in real-time and non-real-time communications. The design objectives of CLAM are three fold: i) handover latency is minimized by the local management of authentication; ii) simple to implement in mobile devices because of symmetric cryptographic and one-way hash operations; iii) possesses important security properties such as resistance against various attacks, user anonymity, mutual authentication, user friendly, one-time session key agreement, backward secrecy, forward secrecy, and confidentiality. We analyze and compare the performance of CLAM with existing schemes in terms of handover latency, signaling cost, communication overhead, computational cost, and packet loss. The numerical and simulation results demonstrate that our proposed scheme outperforms the existing schemes.

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Abdul Razaque,Khalid Elleithy,Nyembo Salama

DOI: https://doi.org/10.48550/arXiv.1210.2023

2012-10-07

Computers and Society

Abstract:Latest study shows that MCL is highly focusing paradigm for research particularity in distance and online education. MCL provides some features and functionalities for all participants to obtain the knowledge. Deployment of new emerging technologies and fast growing trends toward MCL boom attract people to develop learning management system, virtual learning environment and conference system with support of MCL. All these environments lack the most promising supportive framework. In addition some of major challenges in open, large scale, dynamic and heterogeneous environments are not still handled in developing MCL for education and other organizations. These issues includes such as knowledge sharing, faster delivery of contents, request for modified contents, complete access to enterprise data warehouse, delivery of large rich multimedia contents (video-on-demand), asynchronous collaboration, synchronous collaboration, support for multi model, provision for archive updating, user friendly interface, middleware support and virtual support. To overcome these issues; the paper introduces novel framework for MCL consisting of four layers with many promising functional components, which provide access to users for obtaining required contents from enterprise data warehouse (EDW). Novel framework provides information regarding the course materials, easy access to check the grades and use of labs. The applications running on this framework give substantial feedback for collaboration such as exchange for delivery of communication contents including platform for group discussion, short message service (SMS), emails, audio, video and video-on-demand to obtain on-line information to students and other persons who will be part of collaboration.

Xiong Li,Maged Hamada Ibrahim,Saru Kumari,Rahul Kumar

DOI: https://doi.org/10.1007/s11235-017-0340-1

2017-01-01

Abstract:The mobility and openness of wireless communication technologies make Mobile Healthcare Systems (mHealth) potentially exposed to a number of potential attacks, which significantly undermines their utility and impedes their widespread deployment. Attackers and criminals, even without knowing the context of the transmitted data, with simple eavesdropping on the wireless links, may benefit a lot from linking activities to the identities of patient's sensors and medical staff members. These vulnerabilities apply to all tiers of the mHealth system. A new anonymous mutual authentication scheme for three-tier mobile healthcare systems with wearable sensors is proposed in this paper. Our scheme consists of three protocols: Protocol-1 allows the anonymous authentication nodes (mobile users and controller nodes) and the HSP medical server in the third tier, while Protocol-2 realizes the anonymous authentication between mobile users and controller nodes in the second tier, and Protocol-3 achieves the anonymous authentication between controller nodes and the wearable body sensors in the first tier. In the design of our protocols, the variation in the resource constraints of the different nodes in the mHealth system are taken into consideration so that our protocols make a better trade-off among security, efficiency and practicality. The security of our protocols are analyzed through rigorous formal proofs using BAN logic tool and informal discussions of security features, possible attacks and countermeasures. Besides, the efficiency of our protocols are concretely evaluated and compared with related schemes. The comparisons show that our scheme outperforms the previous schemes and provides more complete and integrated anonymous authentication services. Finally, the security of our protocols are evaluated by using the Automated Validation of Internet Security Protocols and Applications and the SPAN animator software. The simulation results show that our scheme is secure and satisfy all the specified privacy and authentication goals.

Chun-Ta Li,Dong-Her Shih,Chun-Cheng Wang

DOI: https://doi.org/10.1016/j.cmpb.2018.02.002

Abstract:Background and objective: With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated. Methods: Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks. Results: The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS. Conclusions: We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.

Samsul Huda,Amang Sudarsono,Tri Harsono

DOI: https://doi.org/10.24003/emitter.v4i1.116

2016-08-03

EMITTER International Journal of Engineering Technology

Abstract:MANETs are considered as suitable for commercial applications such as law enforcement, conference meeting, and sharing information in a student classroom and critical services such as military operations, disaster relief, and rescue operations. Meanwhile, in military operation especially in the battlefield in freely medium which naturally needs high mobility and flexibility. Thus, applying MANETs make these networks vulnerable to various types of attacks such aspacket eavesdropping, data disseminating, message replay, message modification, and especially privacy issue. In this paper, we propose a secure communication and information exchange in MANET with considering secure adhoc routing and secure information exchange. Regarding privacy issue or anonymity, we use a reliable asymmetric encryption which protecting user privacy by utilizing insensitive user attributes as user identity, CP-ABE (Ciphertext-Policy Attribute-Based Encryption) cryptographic scheme. We also design protocols to implement the proposed scheme for various battlefied scenarios in real evironment using embedded devices. Our experimental results showed that the additional of HMAC (Keyed-Hash Message Authentication Code) and AES (Advanced Encryption standard) schemes using processor 1.2GHz only take processing time about 4.452 ms, we can confirm that our approach by using CP-ABE with added HMAC and AES schemes make low overhead.

English Else

Muhammad Tanveer,Samia Allaoua Chelloug,Maali Alabdulhafith,Ahmed A. Abd El-Latif

DOI: https://doi.org/10.1016/j.eij.2024.100474

IF: 4.195

2024-05-16

Egyptian Informatics Journal

Abstract:With the rapid progress of communication technology, the Internet of Things (IoT) has emerged as an essential element in our daily lives. Given that the IoT encompasses diverse devices that often have limited resources in terms of communication, computation, and storage. Consequently, the National Institute of Standards and Technology (NIST) has standardized several lightweight cryptographic algorithms for encryption and decryption, specifically designed to meet the needs of resource-constrained IoT devices. These cryptographic algorithms, known as authenticated encryption with associated data (AEAD), offer more than just confidentiality—they also guarantee information integrity and authentication. Unlike conventional encryption algorithms like AES, which solely provide confidentiality, AEAD algorithms encompass additional functionality to achieve authenticity. This eliminates the need for separate algorithms like message authentication codes to ensure authenticity. Therefore, by leveraging the characteristics of an AEAD protocol, it is possible to develop a lightweight authentication framework to mitigate the security risks inherent in public communication channels. Therefore, in this work, we designed the lightweight authentication protocol for the smart healthcare system (BLAP-SHS) using an AEAD mechanism. In order to do this, a session key must first be created for encrypted communication. This is done via a method called mutual authentication, which verifies the legitimacy of both the user and the server. The random-or-real methodology ensures the security of the derived session key, and the Scyther tool is used to assess BLAP-SHS' resistance to man-in-the-middle and replay attacks. Through using the technique of informal security analysis, the resilience of BLAP-SHS against denial of service, and password-guessing threats are evaluated. By juxtaposing BLAP-SHS with other prominent authentication techniques, the usefulness of BLAP-SHS is also assessed in terms of computing and communication costs. We illustrate that the BLAP-SHS requires a reduction in computation cost ranging from [70.11% to 95.21%] and a reduction in communication resources ranging from [3.85% to 9.09%], as evidenced by our comparative study.

computer science, information systems, artificial intelligence

B. Murugeshwari,R. Amirthavalli,C. Bharathi Sri,S. Neelavathy Pari

DOI: https://doi.org/10.48550/arXiv.2304.14652

2023-04-28

Cryptography and Security

Abstract:Since communication signals are publicly exposed while they transmit across space, Ad Hoc Networks (MANETs) are where secured communication is most crucial. Unfortunately, these systems are more open to intrusions that range from passive listening to aggressive spying. A Hybrid Team centric Re-Key Control Framework (HT-RCF) suggests that this research examines private group communication in Adhoc environments. Each group selects a Group Manager to oversee the group's members choose the group manager, and the suggested HT-RCF uses the Improved Hybrid Power-Aware Decentralized (I-HPAD) mechanism. The Key Distribution Center (KDC) generates the keys and distributes them to the group managers (GMs) using the base algorithm Rivest Shamir Adleman (RSA). The key agreement technique is investigated for safe user-user communication. Threats that aim to exploit a node are recognized and stopped using regular transmissions. The rekeying procedure is started every time a node enters and exits the network. The research findings demonstrate that the suggested approach outperforms the currently used Cluster-based Group Key Management in terms of power use, privacy level, storage use, and processing time.

Ruhul Amin,SK Hafizul Islam,G. P. Biswas,Muhammad Khurram Khan,Xiong Li

DOI: https://doi.org/10.1007/s10916-015-0318-z

IF: 4.92

2015-01-01

Journal of Medical Systems

Abstract:The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.’s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.’s scheme and additionally achieves extra security requirements.

Muhammad Umar Farooq,Xingfu Wang,Moizza Sajjad,Sara Qaisar

DOI: https://doi.org/10.3837/tiis.2018.03.020

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:Mobile Ad hoc Network (MANET) is a collection of nodes or communication devices that wish to communicate without any fixed infrastructure and predetermined organization of available links. The effort has been made by proposing a scheme to overcome the critical security issue in MANET. The insufficiency of security considerations in the design of Ad hoc On-Demand Distance Vector protocol makes it vulnerable to the threats of collaborative black hole attacks, where hacker nodes attack the data packets and drop them instead of forwarding. To secure mobile ad hoc networks from collaborative black hole attacks, we implement our scheme and considered sensor's energy as a key feature with a better packet delivery ratio, less delay time and high throughput. The proposed scheme has offered an improved solution to diminish collaborative black hole attacks with high performance and benchmark results as compared to the existing schemes EDRIAODV and DRIAODV respectively. This paper has shown that throughput and packet delivery ratio increase while the end to end delay decreases as compared to existing schemes. It also reduces the overall energy consumption and network traffic by maintaining accuracy and high detection rate which is more safe and reliable for future work.

Khalid Mahmood,Muhammad Faizan Ayub,Syed Zohaib Hassan,Zahid Ghaffar,Zhihan Lv,Shehzad Ashraf Chaudhry

DOI: https://doi.org/10.1016/j.comcom.2022.01.005

IF: 5.047

2022-03-01

Computer Communications

Abstract:Mobile Edge Computing (MEC) accommodates processing and data storage and manipulation capabilities across the scope of wireless network. In MEC environment, MEC servers along with the computing and storage capabilities are distributed at the edge of the network. However, due to the broad range of wireless communication, the fulfillment of security requirements still remain a challenging task in the for MEC environment. With the expeditious traffic expansion and growing end user requirements, the classic security protocols cannot encounter the innovative requirements of lightweightness and real-time communication. To meet these requirements, we have proposed an authentication protocol for the MEC environment. Our proposed protocol stipulates secure and efficient communication for all of the intended entities. Meanwhile, during its execution user anonymity remains intact. Moreover, our protocol is proven to be secure under the assumptions of formal security model. Additionally in this article, we have described the security properties of our protocol that it offers resistance against impersonation, session key computation and forward and backward secrecy attacks. The comparative analysis of time consumption and computation overheads are presented at the end of the paper, which is an evidence that our proposed protocol outperforms prior to various existing MEC protocols.

computer science, information systems,telecommunications,engineering, electrical & electronic

B D Deebak,Fadi Al-Turjman,Anand Nayyar

DOI: https://doi.org/10.1007/s11042-020-10134-x

Abstract:The challenge of COVID-19 has become more prevalent across the world. It is highly demanding an intelligent strategy to outline the precaution measures until the clinical trials find a successful vaccine. With technological advancement, Wireless Multimedia Sensor Networks (WMSNs) has extended its significant role in the development of remote medical point-of-care (RM-PoC). WMSN is generally located on a communication device to sense the vital signaling information that may periodically be transmitted to remote intelligent pouch This modern remote system finds a suitable professional system to inspect the environment condition remotely in order to facilitate the intelligent process. In the past, the RM-PoC has gained more attention for the exploitation of real-time monitoring, treatment follow-up, and action report generation. Even though it has additional advantages in comparison with conventional systems, issues such as security and privacy are seriously considered to protect the modern system information over insecure public networks. Therefore, this study presents a novel Single User Sign-In (SUSI) Mechanism that makes certain of privacy preservation to ensure better protection of multimedia data. It can be achieved over the negotiation of a shared session-key to perform encryption or decryption of sensitive data during the authentication phase. To comply with key agreement properties such as appropriate mutual authentication and secure session key-agreement, a proposed system design is incorporated into the chaotic-map. The above assumption claims that it can not only achieve better security efficiencies but also can moderate the computation, communication, and storage cost of some intelligent systems as compared to elliptic-curve cryptography or RSA. Importantly, in order to offer untraceability and user anonymity, the RM-PoC acquires dynamic identities from proposed SUSI. Moreover, the security efficiencies of proposed SUSI are demonstrated using informal and formal analysis of the real-or-random (RoR) model. Lastly, a simulation study using NS3 is extensively conducted to analyze the communication metrics such as transmission delay, throughput rate, and packet delivery ratio that demonstrates the significance of the proposed SUSI scheme.

Li Fengying,Xue Qingshui,Zhang Jiping

DOI: https://doi.org/10.3969/j.issn.1009-5195.2013.03.010

2013-01-01

Abstract:With the development of wireless network technology,mobile communication technology and intelligent terminals,mobile learning is gradually becoming an indispensable way of learning.Though it brings people much convenience,the privacy and intellectual properties of both resource providers and learners are in great danger of being compromised.How to carry out authentication and to ensure the safety of all sorts of study resources and important information in the transmission is a problem mobile learning system developers must face and solve.Digital certificate is an important active defense technology which can protect data integrity and undeniability.The privacy protection model for mobile learning based on authentication combines both encrypted data storage and access control,enabling both maximum sharing of online resources and effective privacy protection for service providers and learners.Identity authentication is the foundation of any safe mobile learning system.In the long run,the password will gradually fade out of the market.Identity authentication based on biological features will help to promote the security of privacy protection for mobile learning,but the disadvantages of occupying large storage space must be got rid of.The fuzzy identification authentication technology can realize biological-feature-based identity authentication without biological feature storage.Therefore,it can be applied in remote examination,online voting in the process of mobile learning.

Waseem Iqbal,Haider Abbas,Pan Deng,Jiafu Wan,Bilal Rauf,Yawar Abbas,Imran Rashid

DOI: https://doi.org/10.1109/jiot.2020.3024058

IF: 10.6

2021-06-15

IEEE Internet of Things Journal

Abstract:The smart connected devices are the first choice of cybercriminals for spreading spy wares and different security attacks. The current security standards and protocols for Internet of Things (IoT) have failed in providing security to these devices. In addition, IoT market giants are producing nonsecure smart products in order to grab the open market. Furthermore, low resources of IoT devices, limits the traditional host-based protection solutions like anti-virus, IDS, IPS, etc. To overcome the resource constraintness and security barriers of smart devices, a network-level security architecture based on lightweight cryptographic parameters is required. Software-defined networking (SDN) is a new networking paradigm to overcome the control, management, and security issues in traditional networking. The SDN controller handles all the computation and complexities at the network level, rather than smart devices. In this research, we first present a new privacy-preserving security architecture for SDN-based smart homes. Subsequently, an anonymous lightweight authentication mechanism (ALAM) is designed based on the proposed security architecture core foundations. Furthermore, the security characteristics of the proposed protocol are formally analyzed using Burrows–Abadi–Needham (BAN) logic and ProVerif, followed by informal security analysis. Finally, performance evaluation and comparative analysis of the scheme is carried out.

computer science, information systems,telecommunications,engineering, electrical & electronic

Khaled Elleithy,Abdul Razaque

DOI: https://doi.org/10.48550/arXiv.1410.5129

2014-10-14

Computers and Society

Abstract:Emergence of latest technologies has diverted the focus of people form Computer-Supported Collaborative Learning (CSCL) to mobile supported collaborative learning. MCL is highly demanded in educational organizations to substantiate the pedagogical activities. Some of the MCL supportive architectures including applications are introduced in several fields to improve the activities of those organizations, but they need more concise paradigm to support both types of collaboration: synchronous and asynchronous. This paper introduces the new preusability testing method that provides educational support and gives complete picture for developing new pedagogical group application for MCL. The feature of application includes asynchronous and synchronous collaboration support. To validate the features of application, we conduct the post usability testing and heuristic evaluation, which helps in collecting the empirical data to prove the effectiveness and suitability of Group application. Further, application aims to improve learning impact and educate people at anytime and anywhere.

Zhangtan Li,Liang Cheng,Yang Zhang,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-030-86130-8_10

2021-01-01

Abstract:The Medical Cyber-Physical System (MCPS) holds the promise of reducing human errors and optimizing healthcare by integrating medical devices, applications and network. MCPS utilizes high-level supervisory and low-level communication middleware to enable medical devices to interoperate efficiently. Despite the benefits provided by MCPS, the integration of clinical information also brings new threats for the clinical data. In this paper, we performed a study on security and safety risks in MCPS's networks. We systematically analyzed different attack surfaces on MCPS's networks based on misuse and abuse of clinical data. We successfully performed end-to-end attacks based on OpenICE, a popular MCPS prototype, and demonstrated the clinical risks of these attacks and the design flaws in OpenICE. We further proposed a Topic-based access control model with Break-The-Glass feature to provide fine-grained access control for clinical data. We implemented the model in two MCPS prototypes, and evaluated its effectiveness and efficiency.

Azeem Irshad,Muhammad Sher,Shehzad Ashraf Chaudhry,Saru Kumari,Arun Kumar Sangaiah,Xiong Li,Fan Wu

DOI: https://doi.org/10.1007/s11042-017-5078-y

IF: 2.577

2017-01-01

Multimedia Tools and Applications

Abstract:Recent technological advances in almost all critical systems’ domains have led to an explosive growth of multimedia big data. Those advances encompass the ever increasing innovative digital and remote mobile devices being operated on the users’ end. Due to the openness of critical system, the service providers in such networks are facing security challenges to authenticate those mobile devices on the field, and delivering services. In this scenario, the Multi-server authentication (MSA) framework seems to be a promising solution that enables its subscribers to avail services from different servers without getting registered to each server individually. In last few years many MSA protocols depending on RC-Offline authentication during mutual authentication, have been presented. However, to date, there is no efficient MSA scheme to our knowledge that is free of all three weaknesses, simultaneously. That is, 1) free from storage of server-based parameters (public keys or other values) in smart card by registration authority, 2) free from the assumption of publishing of server-based public keys publicly and 3) free from a single secret sharing with all servers so that it could avoid server masquerading (insider) attack. Considering these limitations, we present a multi-server authentication protocol that withstands above drawbacks using lightweight cryptographic operations. The rationale of the proposed work was to present an efficient RC-Offline MSA scheme. Our scheme is also backed by formal security analysis based on GNY logic and automated security verification using ProVerif tool.

Jimshith V. T,V. Mary Amala Bai

DOI: https://doi.org/10.1080/00051144.2024.2310458

IF: 1.79

2024-02-28

Automatika

Abstract:The widespread practice of Bring your own device (BYOD) to work significantly raises cybersecurity risks. All organization's employees and employers will greatly benefit from this trend. The growth of spyware, malware and other dubious downloads on individual devices has compelled the government to review its data security guidelines. Without user knowledge, hazardous apps are downloaded to personal devices. Both people and governments could suffer tragic consequences as a result of this. In this situation, BYODs are problematic since they can alter policies without permission and release private information. The main goal of the research was to detect fraudulent communications coming from BYOD environments. A network monitoring and managing information configuration settings of mobile devices in the network is established by providing policies and authenticating endpoint devices in the BYOD network using a mix of NAC and MDM. This framework deals with Security Manager (SaaS) as the second module is briefly described. The study's early results were positive and suggested that the framework would lessen access control-related issues.

automation & control systems,engineering, electrical & electronic

Ullah Insaf,Amin Noor Ul,Khan Muhammad Asghar,Khattak Hizbullah,Kumari Saru

DOI: https://doi.org/10.1007/s10916-020-01658-8

IF: 4.92

2020-01-01

Journal of Medical Systems

Abstract:Mobile health (M-Health) system is the remote form of Wireless Body Area Networks (WBAN), which can be used for collecting patient’s health data in real-time with mobile devices, and storing it to the network servers. The data can be accessed by doctors to monitor, diagnosed and treat patients through a variety of techniques and technologies. The main advantage of the M-Health system is the ease of time-independent communication from physically distant places that enhances the quality of healthcare services at a reduced cost. Furthermore, to provide faster access to the treatment of patients, an M-Health system can be integrated with the internet of things (IoT) to offer preventive or proactive healthcare services by connecting devices and persons. However, its equally great drawback lies in transmitting and receiving the health information wirelessly through an open wireless medium that offers different security and privacy violation threats. We aim to address such a deficiency, and thus a new scheme called an efficient and provable secure certificate-based combined signature, encryption and signcryption (CBCSES) scheme, has been proposed in this article. The scheme not only obtains encryption and signcryption but also provides encryption or signature model alone when needed. To show the effectiveness of the proposed scheme, detailed security analyses, i.e. indistinguishable under adaptive chosen-ciphertext attacks (IND-CBCSES-CCA) and unforgeable under adaptive chosen message attacks (EUF-CBCSES-CMA), and the comparisons with relevant existing schemes are carried out. The results obtained authenticate the superiority of our scheme in terms of both computation and communication costs with enhanced security.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.