Tian-Fu Lee,Xiucai Ye,Wei-Yu Chen,Chi-Chang Chang

DOI: https://doi.org/10.3390/s22207941

IF: 3.9

2022-10-19

Sensors

Abstract:The Tactile Internet enables physical touch to be transmitted over the Internet. In the context of electronic medicine, an authenticated key agreement for the Tactile Internet allows surgeons to perform operations via robotic systems and receive tactile feedback from remote patients. The fifth generation of networks has completely changed the network space and has increased the efficiency of the Tactile Internet with its ultra-low latency, high data rates, and reliable connectivity. However, inappropriate and insecure authentication key agreements for the Tactile Internet may cause misjudgment and improper operation by medical staff, endangering the life of patients. In 2021, Kamil et al. developed a novel and lightweight authenticated key agreement scheme that is suitable for remote surgery applications in the Tactile Internet environment. However, their scheme directly encrypts communication messages with constant secret keys and directly stores secret keys in the verifier table, making the scheme vulnerable to possible attacks. Therefore, in this investigation, we discuss the limitations of the scheme proposed by Kamil scheme and present an enhanced scheme. The enhanced scheme is developed using a one-time key to protect communication messages, whereas the verifier table is protected with a secret gateway key to mitigate the mentioned limitations. The enhanced scheme is proven secure against possible attacks, providing more security functionalities than similar schemes and retaining a lightweight computational cost.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Liping Xie,Weichao Wang,Xinghua Shi,Tuanfa Qin

DOI: https://doi.org/10.1109/icc.2017.7996735

2017-01-01

Abstract:Medical sensors are usually attached to or implanted inside patient body. Since sensing results of Body Area Networks (BAN) can directly impact the control of medical equipment, the authenticity and integrity of sensing data is essential for safety of patients. Restricted by the limited resources available to BAN sensors, researchers have referred to Physical Unclonable Function of the nodes to achieve authentication. Existing approaches focus on the authentication between control unit and sensors. Mutual authentication among body sensors has not been carefully studied. In this paper, we propose to design a lightweight mutual authentication mechanism for BAN sensors with physical unclonable functions (PUF). Using control unit as a middle point, a pair of body sensors can establish shared secrets so that authenticity of exchanged data can be protected. The proposed approach does not require sensors to conduct any encryption operations, which suits the restricted resources available to BAN nodes. The analysis shows that the proposed approach has very low overhead and does not introduce new vulnerabilities into the system.

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Wenming Wang,Haiping Huang,Fu Xiao,Qi Li,Lingyan Xue,Jiansheng Jiang

DOI: https://doi.org/10.1016/j.sysarc.2021.102215

IF: 5.836

2021-09-01

Journal of Systems Architecture

Abstract:<p>Smart healthcare plays an important role in contemporary society while its security and privacy issues remain inevitable challenges. Authenticated key agreement (AKA) mechanism, as the foundation of secure communication, has been recognized as an important measure for solving this problem. Most existing AKA protocols utilize cloud-based centralized architecture, data privacy and security can be exposed easily once the centralized authority is attacked. In addition, most past solutions require the online registration center to assist mutual authentication and consume considerable amounts of resources. To address these drawbacks, a computation-transferable authenticated key agreement protocol without an online registration center for smart healthcare is designed. Specifically, the proposed protocol can realize mutual authentication and key agreement without the need for an online registration center, as well as being able to satisfy security and privacy protection requirements. By transferring partial computation tasks to the server, the proposed scheme incurs lower computation and communication overhead on the user side. Moreover, the proposed scheme adopts certificateless public key cryptography, which can solve the problems of certificate management and key escrow. Performance analysis indicates that the proposal reduces 9.9% of the computation overhead on the resource-limited terminal, which is suitable for low-power IoT applications, including smart healthcare.</p>

computer science, software engineering, hardware & architecture

Yihao Hu,Chunguang Huang,Hai Cheng

DOI: https://doi.org/10.1016/j.comcom.2024.02.020

IF: 5.047

2024-02-28

Computer Communications

Abstract:Smart healthcare overcomes the limitations of time and space, allowing users to access medical and health services anywhere and anytime, thus improving the quality and efficiency of these services. However, due to its excessive reliance on wireless public networks, smart healthcare faces challenges and issues related to communication security. As a result, authentication and key agreement are critical as the first line of defense for smart healthcare communications. Over the past few years, numerous authentication and key agreement schemes have been proposed by experts and scholars, but most of these schemes are not applicable to practical scenarios due to their lack of security and efficiency. To address these issues, we propose an elliptic curve-based certificateless conditional privacy-preserving authentication and key agreement scheme. This scheme does not require endorsement from a Certificate Authority (CA) and features lightweight and secure properties, making it suitable for resource-limited smart healthcare communication. In addition, the security of the proposed scheme is proven under the random oracle model, and its safety is supplemented using BAN logic. Finally, performance analysis reveals that the proposed scheme not only satisfies security property and can withstand general attacks but also offers certain advantages in communication efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chen Yulei,Chen Jianhua

DOI: https://doi.org/10.1007/s12083-021-01260-w

IF: 3.488

2021-01-01

Peer-to-Peer Networking and Applications

Abstract:Telecare medicine information system (TMIS) is developing rapidly and widely used with the support of computer, communication and other advanced technologies. It can ensure the health of residents, improve the shortage of medical resources, and has broad development prospects. To protect the privacy and life safety of patients, and prevent sensitive medical data from being accessed or even tampered by unauthorized parties, identity authentication protocol is widely applied in TMIS. In this paper, we propose an anonymous authentication and key agreement scheme using elliptic curve cryptography (ECC), which uses temporary identities to protect the privacy of patients. We use the well-known formal method under the random oracle (RO) model to prove the security of the scheme, and use the traditional heuristic discussion to prove that our scheme can resist all kinds of known attacks. Additionally, the results of security and performance analysis show that our scheme has less computation complexity and communication overhead, and can be well applied to the telecare medicine information system.

Dae-Hwi Lee,Im-Yeong Lee

DOI: https://doi.org/10.3390/s20185350

2020-09-18

Abstract:In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu-Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory.

Tzu-Wei Lin,Chien-Lung Hsu,Tuan-Vinh Le,Chung-Fu Lu,Bo-Yu Huang

DOI: https://doi.org/10.3390/s21082880

IF: 3.9

2021-04-20

Sensors

Abstract:Healthcare is now an important part of daily life because of rising consciousness of health management. Medical professionals can know users’ health condition if they are able to access information immediately. Telemedicine systems, which provides long distance medical communication and services, is a multi-functional remote medical service that can help patients in bed in long-distance communication environments. As telemedicine systems work in public networks, privacy preservation issue of sensitive and private transmitted information is important. One of the means of proving a user’s identity are user-controlled single sign-on (UCSSO) authentication scheme, which can establish a secure communication channel using authenticated session keys between the users and servers of telemedicine systems, without threats of eavesdropping, impersonation, etc., and allow patients access to multiple telemedicine services with a pair of identity and password. In this paper, we proposed a smartcard-based user-controlled single sign-on (SC-UCSSO) for telemedicine systems that not only remains above merits but achieves privacy preservation and enhances security and performance compared to previous schemes that were proved with BAN logic and automated validation of internet security protocols and applications (AVISPA).

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xuanang Li,Zhiming Zheng,Xiao Zhang

DOI: https://doi.org/10.1109/ngmast.2015.75

2015-01-01

Abstract:Telecare Medicine Information System enables patients to get healthcare services at home expediently and efficiently. Authentication and key agreement protocol suited for TMIS protect patient's privacy via the unsecure network. Recently, numerous protocols have been proposed intend to safeguard the communication between patients and server. However, most of them have high computation overhead and security problems. In this paper, we aim to propose a secure and effective authentication and key agreement protocol using smartcard and password for TMIS. The protocol is based on elliptic curve cryptography. Through security analysis we illustrate that our protocol is secure to resist some known attacks and provide user anonymity. Furthermore, by comparing with other related protocols we show our protocol is superior in security and performance aspects.

Zhishuo Zhang,Yu Sun,Wei Zhang,Yi Wu,Zhiguang Qin

DOI: https://doi.org/10.1088/1742-6596/1812/1/012038

2021-01-01

Journal of Physics Conference Series

Abstract:Abstract With the rapid advancements of semiconductor technologies and wireless communication, Internet-of-Things (IoT) based network has a wider range adoption in the smart city. The Wireless Body Area Network (WBAN) is a representative IoT based network designed to connect various wearable IoT devices, located inside or outside of a human body. The WBAN typically connects itself to the mobile network and Internet via the smartphones. But how to mutually authenticate the entities’ identities and ensure the data confidentiality and integrity during the data transmission over a channel have still been the most prominent challenge in the IoT based networks. To solve the abovementioned challenge, in this paper, we propose a strongly secure pairing-free certificateless authenticated key agreement (PF-CL-AKA) protocol with two-way identity-based authentication before extracting the secure session key for the smartphones and wearable IoT devices. Our protocol is provably secure in the Lippold model, which means our protocol is still secure as long as each party of the channel has at least one uncompromised partial private term.

Neeraj Kumar,Rifaqat Ali

DOI: https://doi.org/10.1016/j.comnet.2023.110133

IF: 5.493

2023-12-07

Computer Networks

Abstract:An intelligent robotic surgical system, utilizing the capabilities of 6G-enabled Tactile Internet (TI) and blockchain technology, holds remarkable promise for providing remote healthcare services in real-time. This system has the potential to deliver high-quality and reliable healthcare services with a focus on responsiveness. It holds considerable benefits for society, particularly in terms of achieving exceptionally accurate surgical diagnoses. Yet, contemporary robotic surgery systems face challenges such as security, privacy, reliability, latency, and the costly implications of blockchain-based storage. These issues curtail the immediate global implementation of tactile internet in surgical procedures. In order to address the previously mentioned concerns, we present a new solution referred to as "A Smart Contract-Based Robotic Surgery Authentication System for Healthcare Using 6G-Tactile Internet". It is an innovative framework for intelligent and blockchain-driven tactile internet. By incorporating a smart contract, we aim to effectively tackle the challenges associated with security, privacy, and the transparency. The introduced approach also effectively thwarts the implementation of malicious commands that might be transmitted by an unauthorized individual. The utilization of the 6G communication channel substantially reduces the latency challenges associated with exchanging surgical commands. The security of the suggested protocol is formally showcased through the utilization of the Real-Or-Random Oracle (ROR) model and Scyther simulation tool. Furthermore, an informal security analysis is conducted to validate and support the findings from the formal security analyses. We conduct simulations of the proposed protocol utilizing the Multi-precision Integer and Rational Arithmetic Cryptographic Library (MIRACL). Moreover, the performance and comparative analysis illustrate that the presented solution outperforms currently existing approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Iman Jafarian,Siavash Khorsandi

2024-06-25

Abstract:The Internet of Medical Things has revolutionized the healthcare industry, enabling the seamless integration of connected medical devices and wearable sensors to enhance patient care and optimize healthcare services. However, the rapid adoption of the Internet of Medical Things also introduces significant security challenges that must be effectively addressed to preserve patient privacy, protect sensitive medical data, and ensure the overall reliability and safety of Internet of Medical Things systems. In this context, a key agreement protocol is used to securely establish shared cryptographic keys between interconnected medical devices and the central system, ensuring confidential and authenticated communication. Recently Chen et al. proposed a lightweight authentication and key agreement protocol for the Internet of health things. In this article, we provide a descriptive analysis of their proposed scheme and prove that Chen et al.'s scheme is vulnerable to Known session-specific temporary information attacks and stolen verifier attacks.

Cryptography and Security

Hanlin Chen,Ding Ding,Lei Zhang,Cheng Zhao,Xin Jin

DOI: https://doi.org/10.1016/j.compeleceng.2021.107659

2022-03-01

Abstract:This paper designs and implements a secure and resource-efficient communication scheme for electrocardiogram (ECG) telemedicine systems. In the authentication and key agreement phase, a novel reusable Improved Juels-Sudan (IJS) fuzzy extractor with the Shared Random Bio-pool (SRB) technique is proposed to prevent the information leakage of personal biometrics. By exploiting the dynamical biometric model (DBM) for generating synthetic ECG signals, the reusable IJS fuzzy extractor could accomplish identity authentication, generation and distribution of keys, and periodic rekeying in a zero-leakage, user no-involvement and efficient way. In data encryption and transmission phase, a Task Migration Deployment Strategy (TMDS) is adopted to improve the efficiency of various resources. Experiments show that the scheme has high security, including information zero-leakage, low false acceptance rate (FAR) and false rejection rate (FRR), as well as saves various resources with a ratio of 385.8:1, which improves by at least 294.8% compared to the existing schemes.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Sungjin Yu,Youngho Park

DOI: https://doi.org/10.1109/jiot.2022.3171791

IF: 10.6

2022-10-08

IEEE Internet of Things Journal

Abstract:Wireless medical sensor networks (WMSNs)-based medical systems are an emerging paradigm of the Internet of Medical Things (IoMT) in which the patients and doctors can access various healthcare services via wireless communication technology without visiting the hospital in person. However, an adversary attempts a variety of security attacks because the sensitive information in various fields is exchanged via an insecure channel. Thus, robust and lightweight authentication protocols are essential for providing dependable healthcare services in WMSN-based medical systems. Recently, Wang et al. (IEEE Internet of Things Journal, doi: 10.1109/JIOT.2021.3117762) proposed blockchain and physically unclonable functions (PUFs)-based lightweight authentication protocol for WMSN. They claimed that their protocol is resistant to cyber and physical security threats and also does provide necessary security requirements. However, we prove that their protocol is vulnerable to various security attacks, such as man-in-the-middle and session key disclosure attacks and also lacks mutual authentication. As a result, we propose a robust authentication protocol for WMSN using blockchain and PUF to address the security problems raised by Wang et al.'s scheme. we assess the security of the proposed scheme by using informal and formal security analyses, such as AVISPA simulation and the ROR oracle model. Furthermore, we present the testbed experiments using Raspberry PI 4 based on MIRACL Crypto SDK. Then, we show the performance of the enhanced scheme compared with related schemes based on testbed experiments. Consequently, our scheme is better suited for practical WMSN-based medical systems because it provides greater security and efficiency than competing schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sensen Li,Yicai Huang,Bin Yu

DOI: https://doi.org/10.1016/j.comnet.2024.110426

IF: 5.493

2024-05-09

Computer Networks

Abstract:With the explosive development of the Internet of Things (IoT), its security has become a critical concern. As a lightweight hardware primitive, Physical Unclonable Function (PUF) provides a promising solution for IoT security. Nevertheless, as per the knowledge of the authors, most of the existing PUF-based anonymous authentication protocols for IoT are not suitable for end-to-end IoT applications due to their flexibility or security. Specifically, there are two main issues with existing related protocols: (1) the end-to-end anonymous authentication between IoT devices requires the participation of a trusted third party, which seriously affects the flexibility of interaction; (2) most related protocols provide weak anonymity, that is, they are anonymous against only eavesdroppers. To solve these problems, a new PUF-based end-to-end anonymous authentication protocol is proposed. Without needing the real-time participation of the third party, the proposed protocol realizes end-to-end direct mutual authentication and session key agreement while maintaining strong anonymity. It also provides an online dynamic updating mechanism for security parameters. The security analysis shows that the proposed protocol has perfect forward secrecy while resisting various known attacks including physical attacks and modeling attacks. Meanwhile, it outperforms related protocols in terms of protocol rounds and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Dong Xie,Jinghua Yang,Bin Wu,Weixin Bian,Fulong Chen,Taochun Wang

DOI: https://doi.org/10.1109/tifs.2024.3362589

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:In a mobile edge computing environment, the computing tasks of resource-constrained IoT devices are often offloaded to mobile edge computing servers for processing. In order to ensure the security of the task offloading process, both parties need to perform mutual authentication and negotiate a session key first. The security defenses in the existing authentication schemes are often only aimed at external attackers, while ignoring the possible malicious behaviors of semi-trusted servers. Furthermore, they cannot effectively take into account the device-side lightweight and security, as well as the load problem of a single registry. In this paper, we propose a new anonymous authentication key agreement scheme that fully considers the resource constraints of terminal devices and the security risks of semi-trusted servers. In the scheme, we use the method of generating pairing information during registration to avoid the server-side directly contacting the user's private information, and support trusted third parties not to participate in the authentication process. In addition, by setting up authentication servers to outsource computing tasks, the device-side can avoid blindly selecting a computing server for task offloading, achieve accurate task assignment and efficient execution of authentication. We use Real-Or-Random model and BAN logic to demonstrate the security of the proposed scheme, and use the ProVerif tool to verify its authenticated reachability and confidentiality. Compared with other schemes with the same structure, this scheme is superior to similar schemes, and has higher security on the basis of ensuring the least amount of computation on the device-side.

computer science, theory & methods,engineering, electrical & electronic