Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Zhiheng Wang,Zhanqiang Huo,Wenbo Shi

DOI: https://doi.org/10.1007/s10916-014-0158-2

IF: 4.92

2014-01-01

Journal of Medical Systems

Abstract:With rapid development of computer technology and wide use of mobile devices, the telecare medicine information system has become universal in the field of medical care. To protect patients' privacy and medial data's security, many authentication schemes for the telecare medicine information system have been proposed. Due to its better performance, chaotic maps have been used in the design of authentication schemes for the telecare medicine information system. However, most of them cannot provide user's anonymity. Recently, Lin proposed a dynamic identity based authentication scheme using chaotic maps for the telecare medicine information system and claimed that their scheme was secure against existential active attacks. In this paper, we will demonstrate that their scheme cannot provide user anonymity and is vulnerable to the impersonation attack. Further, we propose an improved scheme to fix security flaws in Lin's scheme and demonstrate the proposed scheme could withstand various attacks.

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Yun Liu,Zi-Yao Cheng,Chin-Chen Chang,Zhen-Jiang Zhang

DOI: https://doi.org/10.6138/jit.2012.13.3.10

2012-01-01

Abstract:With the rapid growth of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme. Engineers have proposed many identity based authentication schemes for remote login systems in past decades. In recent years, the security mechanism for the dynamic identity of legal user appearance has become a new technology in the field of network communications. This novel technology has allowed us to conduct a more secure remote user authentication scheme using a smart card, in which the well-designed module has remedied the system drawback of a static identity based authentication scheme. However, many kinds of authentication schemes need a system of synchronized clocks to withstand replay attacks and achieve mutual authentication, and most of them cannot propose a lightweight mechanism to reduce implementation complexity and achieve computation efficiency. Therefore, we propose a new dynamic identity based authentication scheme using three-way challenge-response strategy to achieve mutual authentication without a system of synchronized clocks. It completely prevents various attacks, supports the session key agreement, and offers the functionality advantages. As a result, the proposed scheme seems to be more secure and suitable for remote communication environment with low computation consumption and better security attributes.

Shengbao Wang,Xin Zhou,Kang Wen,Bosen Weng,Peng Zeng

DOI: https://doi.org/10.1109/jiot.2022.3228921

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Very recently, Masud et al. (2022) proposed a lightweight and anonymity-preserving user authentication scheme to establish secure communication between the doctor, the gateway, and sensor nodes in IoT-based healthcare, aiming to ensure the privacy of the patients’ physiological data. In this article, however, we carefully revisit their scheme and first point out that the scheme is not practically implementable in its current form, and second we show that it is vulnerable to session key disclosure attacks, off-line password guessing attacks, and traceability attacks, under the assumption that the attacker can gain access to the sensor nodes and the doctor’s device. We also propose fixes for each of these issues or vulnerabilities.

Hsiao-Ling Wu,Chin-Chen Chang,Long-Sheng Chen

DOI: https://doi.org/10.1016/j.pmcj.2020.101177

IF: 3.848

2020-09-01

Pervasive and Mobile Computing

Abstract:<p>The Internet of Things technology allows devices automatically connect with others or a server for the purposes of exchanging data. People can conveniently integrate data from those devices for a smart home, vehicular ad-hoc network, e-Health, etc. In 2017, Wang et al. proposed a simple authentication scheme for the Internet of Things. Although they formally proved that their scheme is secure, they did not consider the privacy of devices and stolen verifier attack. In this paper, we first demonstrate the weaknesses of Wang et al.'s scheme. Accordingly, we present a higher security level authentication scheme to resist the above weaknesses.</p>

computer science, information systems,telecommunications

Yicheng Yu,Liang Hu,Jianfeng Chu

DOI: https://doi.org/10.3390/sym12010150

2020-01-01

Symmetry

Abstract:The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zaid Alaa Hussien,Hai Jin,Zaid Ameen Abduljabbar,Mohammed Abdulridha Hussain,Ali A. Yassin,Salah H. Abbdal,Mustafa A. Al Sibahee,Deqing Zou

DOI: https://doi.org/10.1109/ICSPCC.2016.7753621

2016-01-01

Abstract:Internet of Things is a new generation of network service platform that allows everyday objects including small devices in sensor networks to be capable of connecting to the internet. Such an innovative technology can lead to positive changes in human life. An e-health service based on the Internet of Things has great potential. The popularity of intelligent mobile medical devices, wearable bio-medical sensor devices, cloud computing, and big data analysis have dramatically changed the usage pattern and business rule of e-health services based on the Internet of Things. The rapid development of e-health services based on the Internet of Things poses risks in security and privacy. In this study, we propose a new security scheme for an e-health service. This scheme allows both the local base station and hospital cloud server to authenticate each other, to secure the collection of health data. Our scheme uses the crypto hash function to check the integrity of authentication exchanges. In addition, it provides mutual authentication with anonymity and terminates with a session key agreement between each local base station and the hospital cloud server. To assess our scheme, we conduct performance and security analysis. Results show that our scheme is secure, lightweight, and resistant to different types of attacks.

Junhui Zhao,Fanwei Huang,Huanhuan Hu,Longxia Liao,Dongming Wang,Lisheng Fan

DOI: https://doi.org/10.1016/j.adhoc.2024.103427

IF: 4.816

2024-01-31

Ad Hoc Networks

Abstract:5G technology has been applied and popularized, leading to the widespread usage of the Internet of Things (IoT) in various areas such as intelligent transportation, home security, fire protection, industrial monitoring, healthcare, and data collection intelligence. Data sharing is one of the key factors for successful application in these fields. However, real-time data sharing through open channels may result in transmitted messages being illegally accessed by attackers, leading to privacy breaches. At present, most existing authentication schemes focus on single gateway authentication models. In order to overcome issues such as elevated communication overhead, reduced network performance, and inefficient cross-domain access in the single gateway model with larger network sizes, we introduce a multi-gateway lightweight authentication scheme as a solution. Firstly, our scheme is based on a three-factor authentication scheme of Chebyshev chaotic mapping, hash function, and XOR operation. This scheme achieves secure authentication between sensor nodes and users, establishes session keys, and also supports user key updates. Secondly, through security analysis, we demonstrate that the proposed scheme resists internal disguise attacks, sensor capture attacks, temporary secret leakage attacks, and achieves forward security of session keys. We additionally provide a demonstration of the semantic security of session keys by utilizing a Random Oracle Model (ROM). Finally, compared to other schemes, the results show that our proposed scheme has lower communication overhead and computational resource requirements, and is more in line with the requirements of lightweight device security authentication in the IoT.

computer science, information systems,telecommunications

Wenting Li,Haibo Cheng,Ping Wang

DOI: https://doi.org/10.1109/cybersecpods.2019.8885375

2019-01-01

Abstract:User authentication plays an important role in generic IoT networks that prevents malicious parties from gaining access to various services offered by remote servers. As user-end IoT devices are typically resource-constrained, how to design secure and efficient multi-factor authentication schemes remains hard to tackle. Very recently, instead of using traditional asymmetric encryption algorithms such as RSA, EIGamal encryption, a number of attempts have been made to employ chaotic maps as building blocks to design multi-factor authentication schemes for IoT environments. In this paper, we first revisit two foremost chaotic maps based multi-factor user authentication schemes presented by Roy et al. and Truong et al., and show that, despite being armed with a formal security proof, none of them can achieve the goal of “truly multi-factor security”. Besides, we find Roy et al.'s scheme fails to achieve the claimed feature of forward secrecy, while Truong et al.'s scheme suffers from stolen verifier attack and violation of user anonymity. Further, we indicate how to mend these weaknesses and propose an enhanced protocol with high efficiency. Security and efficiency analysis suggest that our scheme outperforms existing schemes and is practical for real applications of IoT environments.

Hung-Ming Chen,Jung-Wen Lo,Chang-Kuo Yeh

DOI: https://doi.org/10.1007/s10916-012-9862-y

Abstract:The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

Fei Chen,Zixing Xiao,Tao Xiang,Junfeng Fan,Hong-Linh Truong

DOI: https://doi.org/10.1109/tdsc.2022.3178115

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The rapid development of IoT (Internet of Things) brings great convenience to people through the utilization of IoT applications, but also brings huge security challenges. Existing IoT security breaches show that many IoT devices have authentication flaws. Although many IoT authentication schemes were proposed, they are not fit for recent smart IoT applications covering IoT device, back-end sever, and user-end mobile applications. To build the first line of defense for smart IoT systems, this paper proposes a new authentication scheme. The proposed scheme first models the entire lifecycle of the IoT device authentication for real-world scenarios of smart IoT systems that contains factory manufacturing, daily usage, and system resetting. For each stage in the lifecycle, the proposed scheme employs efficient symmetric key mechanisms to achieve the authentication between IoT device, back-end server, and mobile application. The proposed scheme supports both server-free local area network communication and sever-involved remote public area communication. Formal security verification shows that the proposed scheme resists existing attacks. The open-source experimental evaluations also show that the proposed scheme is efficient and promising for practical usage.

Tianjie Cao,Jingxuan Zhai

DOI: https://doi.org/10.1007/s10916-012-9912-5

IF: 4.92

2013-01-01

Journal of Medical Systems

Abstract:In order to protect users’ identity privacy, Chen et al. proposed an efficient dynamic ID-based authentication scheme for telecare medical information systems. However, Chen et al.’s scheme has some weaknesses. In Chen et al.’s scheme, an attacker can track a user by a linkability attack or an off-line identity guessing attack. Chen et al.’s scheme is also vulnerable to an off-line password guessing attack and an undetectable on-line password guessing attack when user’s smart card is stolen. In server side, Chen et al.’s scheme needs large computational load to authentication a legal user or reject an illegal user. To remedy the weaknesses in Chen et al.’s scheme, we propose an improved smart card based password authentication scheme. Our analysis shows that the improved scheme can overcome the weaknesses in Chen et al.’s scheme.

Qingshui Xue,Xingzhong Ju,Haozhi Zhu,Haojin Zhu,Fengying Li,Xiangwei Zheng

DOI: https://doi.org/10.1007/978-3-030-22971-9_12

2019-01-01

Abstract:IoT is an important part of the new generation of information technologies and the next big thing in the IT industry after the computer and the internet. The IoT has great development potential and a wide range of possible applications, especially commercial applications. And information security of the IoT is the key to the long-term development of the whole industry. Currently, the two most significant factors in the development of the IoT are user identity authentication and privacy protection. This paper contains an analysis on the current picture of inter-device user identity authentication in the IoT and proposes an inter-device biometric authentication solution for the IoT that’s designed to work with larger devices, addressing the shortcomings of the traditional user identity authentication technologies including security and efficiency problems. A strategy for further solution optimization is also included. This paper elaborates on the specific process of user identity authentication carried out by users on devices and between devices making use of fingerprints. We’ll demonstrate the security of this solution against existing attack methods and in the last part, we enumerate various possible applications of this solution in smart homes.

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-016-4198-0

IF: 2.577

2016-01-01

Multimedia Tools and Applications

Abstract:With the increase of security requirements, numerous biometrics based authentication schemes that apply the smart card technology are proposed for multimedia medicine information systems in the last several years. Recently, Lu et al. presented a biometrics based authentication and key agreement scheme using extended Chebyshev chaotic maps. Unfortunately, we find that their scheme is still insecure with respect to issues such as flaws in the both login phase and password change phase. And we show that their scheme is vulnerable to the Denial-of-Service attack, user impersonation attack and server masquerade attack, which also fails to achieve the user anonymity. In order to remedy these weaknesses, we retain the useful properties of Lu et al.’s scheme to propose a robust biometrics based authentication and key agreement scheme for multimedia medicine information systems. The informal and formal security analysis of our scheme are given respectively, which demonstrate that our scheme satisfies the desirable security requirements. Furthermore, the proposed scheme provides some significant features which are not considered in most of the related schemes, such as, biometric information protection and user re-registration or revocation. Thus, our scheme resists the known attacks and is efficient for practical applications in the multimedia medicine information systems.

Feifei Wang,Guosheng Xu,Guoai Xu,Yuejie Wang,Junhao Peng

DOI: https://doi.org/10.1155/2020/3805058

2020-01-01

Abstract:With the development of Internet of Things (IoT) technologies, Internet-enabled devices have been widely used in our daily lives. As a new service paradigm, cloud computing aims at solving the resource-constrained problem of Internet-enabled devices. It is playing an increasingly important role in resource sharing. Due to the complexity and openness of wireless networks, the authentication protocol is crucial for secure communication and user privacy protection. In this paper, we discuss the limitations of a recently introduced IoT-based authentication scheme for cloud computing. Furthermore, we present an enhanced three-factor authentication scheme using chaotic maps. The session key is established based on Chebyshev chaotic-based Diffie-Hellman key exchange. In addition, the session key involves a long-term secret. It ensures that our scheme is secure against all the possible session key exposure attacks. Besides, our scheme can effectively update user password locally. Burrows-Abadi-Needham logic proof confirms that our scheme provides mutual authentication and session key agreement. The formal analysis under random oracle model proves the semantic security of our scheme. The informal analysis shows that our scheme is immune to diverse attacks and has desired features such as three-factor secrecy. Finally, the performance comparisons demonstrate that our scheme provides optimal security features with an acceptable computation and communication overheads.

Kefei Mao,Jie Chen,Jianwei Liu,Mengmeng Wang

DOI: https://doi.org/10.1109/iccsnt.2015.7490882

2015-01-01

Abstract:In Ubiquitous Healthcare System (U-Healthcare), authentication is an essential task for secure medical information transmissions. In a recent paper, Kim proposed a smartcardbased authentication scheme for privacy preservation in UHealthcare. This scheme can protect user context privacy and is believed to have many abilities to resist a range of attacks, even though the secret data stored on the smartcard are compromised. In this paper, we evaluate the security of Kim's proposal and illustrate that the scheme is, in fact, insecure against the stolensmartcard attack. Moreover, some steps of the scheme are unattainable, and security assumption is too strict. Then, we also investigate a novel scheme based on Kim's scheme and the quadratic residue assumption. Compared with the existing schemes, the new proposal does not require the Electric Health Record database (EHR) to share a various secure value with patients and physicians, individually. Thus, it is more practical and realistic. We show that our proposed scheme can provide stronger security than Kim's previous scheme.

Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1002/ett.4716

IF: 3.6

2023-01-04

Transactions on Emerging Telecommunications Technologies

Abstract:The proposed scheme consists of three entities, namely IoT device (IoTD), gateway, and central administrator (CA). An IoTD is a resource‐constrained device associated with a patient's body. It collects patients' real‐time healthcare data and sends them to the intended entity via a gateway device. The gateway acts as an intermediate entity between the IoTD and user. The CA is the central entity of the proposed scheme. In recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

telecommunications

Huanhuan Hu,Longxia Liao,Junhui Zhao

DOI: https://doi.org/10.3390/electronics11101652

IF: 2.9

2022-01-01

Electronics

Abstract:With the expansion of the Industrial Internet of Things (IIoT), real-time data collected by smart sensors deployed in factories are shared over open channels , which may cause unauthorized access of transmitted messages by adversaries, thus causing the problem of privacy leakage. User authentication is the first line of defense for security protection in the IIoT environment. In this paper, we propose a cloud—assisted authentication scheme based on Chebyshev polynomial encryption, in which only authorized users can access the sensing devices in the Internet of Things (IoT) to obtain real-time data. The scheme uses fuzzy extraction technology to verify biometric characteristics. There are three factors to verify the user’s login request: the smart card, password and the user’s personal biometrics. The commonly adopted formal security analysis, the ROR model, is applied to prove the semantic security of session key, and a detailed informal security analysis is performed to show that the proposed scheme can withstand multiple known attacks. Compared with other related user authentication schemes, the proposed scheme provides several extra functionality features, including offline sensor node registration, updating user passwords and biometrics, adding new sensor node deployment, user anonymity and untraceability. In addition, the cost of computation, communication and security is compared with similar schemes, and results show that our scheme has more security performance while the cost is acceptable.