Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Alawi A Al-Saggaf,Tarek Sheltami,Hoda Alkhzaimi,Gamil Ahmed

DOI: https://doi.org/10.1007/s13369-022-07235-0

Abstract:The healthcare ecosystem is migrating from legacy systems to the Internet of Things (IoT), resulting in a digital environment. This transformation has increased importance on demanding both secure and usable user authentication methods. Recently, a post-quantum fuzzy commitment scheme (PQFC) has been constructed as a reliable and efficient method of biometric template protection. This paper presents a new two-factor-based user authentication protocol for the IoT-enabled healthcare ecosystem in post-quantum computing environments using the PQFC scheme. The proposed protocol is proved to be secure using random oracle model. Furthermore, the functionality and security of the proposed protocol are analyzed, showing that memoryless-effortless, user anonymity, mutual authentication, and resistance to biometric templates tampering and stolen attacks, stolen smart card attack, privileged interior attack are fulfilled. The costs of storage requirement, computation, communication and storage are estimated. The results demonstrate that the proposed protocol is more efficient than Mukherjee et al., Chaudhary et al., and Gupta et al. protocols.

Shanvendra Rai,Rituparna Paul,Subhasish Banerjee,Preetisudha Meher

DOI: https://doi.org/10.1007/s11042-024-18625-x

IF: 2.577

2024-03-27

Multimedia Tools and Applications

Abstract:The Internet of Medical Things (IoMT) provides such flexibility in our society where anyone can get medical treatment at any time, from anywhere. IoMT is a type of network where different resource-constraint physiological sensors are deployed in and/or on the human body that connects with the internet through the Gateway node, for monitoring purposes. However, due to the open nature of communication in the IoMT; the security, and privacy of patients' sensed data is very challenging, and that needs to be addressed, because any modification or alteration to it may lead to putting the life of a patient in danger. In this context, Chunka et al. proposed an authentication and key agreement (AKA) scheme for IoMT and claimed that the scheme has many security features and is easy to deploy. Unfortunately, it came to notice during this research that the scheme is vulnerable to multiple attacks, including replay, insider, smart card loss, eavesdropping, and server spoofing attacks, additionally failing to establish the session key agreement. So to overcome this issue, an efficient and improved multi-factor lightweight mutual AKA scheme is proposed through this article by incorporating a PUF-enabled sensor node and smart card for the users. To prove the superiority of the proposed schemes and to demonstrate the security features, the scheme is verified by formal security proof using the ROR model and informal proof using the AVISPA tool kit. In the end, a comprehensive analysis covering security, performance, and a comparative evaluation with existing similar approaches along with the Chunka et al. scheme demonstrates that the suggested approach not only achieves a higher level of protection against commonly recognized threats but also maintains an economically efficient mechanism concerning sensor nodes.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chun-Ta Li,Dong-Her Shih,Chun-Cheng Wang

DOI: https://doi.org/10.1016/j.cmpb.2018.02.002

Abstract:Background and objective: With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated. Methods: Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks. Results: The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS. Conclusions: We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.

Xinzhong Su,Youyun Xu

DOI: https://doi.org/10.3390/s24227119

IF: 3.9

2024-11-06

Sensors

Abstract:Authentication is considered one of the most critical technologies for the next generation of the Internet of Medical Things (IoMT) due to its ability to significantly improve the security of sensors. However, higher frequency cyber-attacks and more intrusion methods significantly increase the security risks of IoMT sensor devices, resulting in more and more patients' privacy being threatened. Different from traditional IoT devices, sensors are generally considered to be based on low-cost hardware designs with limited storage resources; thus, authentication techniques for IoMT scenarios might not be applicable anymore. In this paper, we propose an efficient three-factor cluster-based user authentication protocol (3ECAP). Specifically, we establish the security association between the user and the sensor cluster through fine-grained access control based on Merkle, which perfectly achieves the segmentation of permission. We then demonstrate that 3ECAP can address the privilege escalation attack caused by permission segmentation. Moreover, we further analyze the security performance and communication cost using formal and non-formal security analysis, Proverif, and NS3. Simulation results demonstrated the robustness of 3ECAP against various cyber-attacks and its applicability in an IoMT environment with limited storage resources.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yang Zhang,Yu Tang,Chaoyang Li,Hua Zhang,Haseeb Ahmad

DOI: https://doi.org/10.3390/s24134188

IF: 3.9

2024-06-28

Sensors

Abstract:The Internet of Things (IoT) plays an essential role in people's daily lives, such as healthcare, home, traffic, industry, and so on. With the increase in IoT devices, there emerge many security issues of data loss, privacy leakage, and information temper in IoT network applications. Even with the development of quantum computing, most current information systems are weak to quantum attacks with traditional cryptographic algorithms. This paper first establishes a general security model for these IoT network applications, which comprises the blockchain and a post-quantum secure identity-based signature (PQ-IDS) scheme. This model divides these IoT networks into three layers: perceptual, network, and application, which can protect data security and user privacy in the whole data-sharing process. The proposed PQ-IDS scheme is based on lattice cryptography. Bimodal Gaussian distribution and the discrete Gaussian sample algorithm are applied to construct the fundamental difficulty problem of lattice assumption. This assumption can help resist the quantum attack for information exchange among IoT devices. Meanwhile, the signature mechanism with IoT devices' identity can guarantee non-repudiation of information signatures. Then, the security proof shows that the proposed PQ-IDS can obtain the security properties of unforgeability, non-repudiation, and non-transferability. The efficiency comparisons and performance evaluations show that the proposed PQ-IDS has good efficiency and practice in IoT network applications.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Amir Masoud Aminian Modarres,Nima S. Anzabi-Nezhad,Maryam Zare

DOI: https://doi.org/10.1109/access.2024.3361921

IF: 3.9

2024-02-16

IEEE Access

Abstract:The Internet of Medical Things (IoMT) is a promising framework for expanding and improving telemedicine services. A common cloud-based IoMT architecture consists of three layers of entities, the first layer (such as smart sensors and devices), the second layer (such as gateways), and the third layer (such as cloud servers). Obviously, in these networks, the protection of sensitive information against security threats as well as authentication between the entities is a key issue. On the other hand, the devices involved in the first and second layers usually suffer from poor computational capabilities as well as a lack of physical protection, which should be considered in the design of security protocols. Recently, Alladi et al. have proposed a lightweight authentication protocol for the cloud-based IoMT that addresses these challenges, using Physically Unclonable Function (PUF). In this paper, we first provide thorough cryptanalysis of their scheme and clarify its important vulnerabilities that lead to protocol collapse. Then, we propose a new lightweight protocol based on PUF to perform strong mutual authentication and key agreement between parties in the IoMT networks. The formal (using BAN logic) and informal security analysis demonstrate that our scheme is resistant to several well-known attacks, including physical attacks. Also, our evaluation of computational cost and security features clearly shows that the proposed scheme outperforms similar schemes in security and efficiency. Another important advantage of our protocol is that it performs the mutual authentication and key agreement process separately for each pair of layers in the three-layer cloud-based IoMT architecture. This triple authentication scheme provides the necessary flexibility for use in different scenarios and working conditions. In this aspect, as far as we know, our proposed protocol is the first of its kind.

computer science, information systems,telecommunications,engineering, electrical & electronic

Omar Alruwaili,Muhammad Tanveer,Faisal Mohammed Alotaibi,Waleed Abdelfattah,Ammar Armghan,Faeiz M Alserhani

DOI: https://doi.org/10.1016/j.heliyon.2024.e37577

IF: 3.776

2024-09-10

Heliyon

Abstract:As the Internet of Things (IoT) continues its rapid expansion, cloud computing has become integral to various smart healthcare applications. However, the proliferation of digital health services raises significant concerns regarding security and data privacy, making the protection of sensitive medical information paramount. To effectively tackle these challenges, it is crucial to establish resilient network infrastructure and data storage systems capable of defending against malicious entities and permitting access exclusively to authorized users. This requires the deployment of a robust authentication mechanism, wherein medical IoT devices, users (such as doctors or nurses), and servers undergo registration with a trusted authority. The process entails users retrieving data from the cloud server, while IoT devices collect patient data. Before granting access to data retrieval or storage, the cloud server verifies the authenticity of both the user and the IoT device, ensuring secure and authorized interactions within the system. With millions of interconnected smart medical IoT devices autonomously gathering and analyzing vital patient data, the importance of robust security measures becomes increasingly evident. Standard security protocols are fundamental in fortifying smart healthcare applications against potential threats. To confront these issues, this paper introduces a secure and resource-efficient cloud-enabled authentication mechanism. Through empirical analysis, it is demonstrated that our authentication mechanism effectively reduces computational and communication overheads, thereby improving overall system efficiency. Furthermore, both informal and formal analyses affirm the mechanism's resilience against potential cyberattacks, highlighting its effectiveness in safeguarding smart healthcare applications.

Fariza Sabrina,Shaleeza Sohail,Umair Ullah Tariq

DOI: https://doi.org/10.3390/electronics13152962

IF: 2.9

2024-07-27

Electronics

Abstract:The Internet of Medical Things (IoMT) has significantly enhanced the healthcare system by enabling advanced patient monitoring, data analytics, and remote interactions. Given that IoMT devices generate vast amounts of sensitive data, robust privacy mechanisms are essential. This privacy requirement is critical for IoMT as, generally, these devices are very resource-constrained with limited storage, computation, and communication capabilities. Blockchain technology, with its decentralisation, transparency, and immutability, offers a promising solution for improving IoMT data security and privacy. However, the recent emergence of quantum computing necessitates developing measures to maintain the security and integrity of these data against emerging quantum threats. This work addresses the current gap of a comprehensive review and analysis of the research efforts to secure IoMT data using blockchain in the quantum era. We discuss the importance of blockchain for IoMT privacy and analyse the impact of quantum computing on blockchain to justify the need for these works. We also provide a comprehensive review of the existing literature on quantum-resistant techniques for effective blockchain solutions in IoMT applications. From our detailed review, we present challenges and future opportunities for blockchain technology in this domain.

engineering, electrical & electronic,physics, applied,computer science, information systems

Yonghao Zhu,Dongfen Li,Yangyang Jiang,Xiaoyu Hua,You Fu,Jie Zhou,Yuqiao Tan,Xiaolong Yang

DOI: https://doi.org/10.3390/sym16121589

2024-11-29

Symmetry

Abstract:Quantum communication holds great potential for enhancing the security and efficiency of the Internet of Things (IoT). However, existing schemes often overlook device identity authentication, leaving systems vulnerable to unauthorized access, and rely on third-party controllers, which increase complexity and undermine trust. This paper proposes a novel asymmetric bidirectional quantum communication scheme tailored for IoT, integrating device identity authentication and information transmission without requiring third-party controllers. We provide a detailed description of the scheme's application scenarios in IoT, conduct a security analysis of the identity authentication module, and experimentally validate the feasibility of the information transmission module. Additionally, we analyze the impact of quantum noise on the proposed scheme and compare it with existing approaches, highlighting its advantages in terms of resource consumption and efficiency.

multidisciplinary sciences

Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1002/ett.4716

IF: 3.6

2023-01-04

Transactions on Emerging Telecommunications Technologies

Abstract:The proposed scheme consists of three entities, namely IoT device (IoTD), gateway, and central administrator (CA). An IoTD is a resource‐constrained device associated with a patient's body. It collects patients' real‐time healthcare data and sends them to the intended entity via a gateway device. The gateway acts as an intermediate entity between the IoTD and user. The CA is the central entity of the proposed scheme. In recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

telecommunications

A. S. Anakath,S. Rajakumar,S. Ambika

DOI: https://doi.org/10.1007/s10586-017-1181-0

2017-09-19

Cluster Computing

Abstract:A proper access control mechanism is the need of the hour, as the data stored in the cloud needs to be protected securely. Generally, a multifactor authentication (MFA) is preferred, one that needs the authentication of two or even more aspects based on identity, information and facts, and ownership which needs to check the value and correctness of users while logging into cloud services. Clouds such as Amazon, Google, Microsoft etc. generally have an additional attribute, one that is automatically made inactive. The MFA are intrusive and untrusted cloud servers can access user’s sensitive information. The objective of this work is to use a trust model which can identify client device. For instance, if the client device is public then a biometric authentication is provided. Based on the client device, trust is computed and the authentication process will be reduced from multifactor to single factor. Experimental results show that improved performance is attained by the proposed trust based MFA.

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Laleh Khajehzadeh,Hamid Barati,Ali Barati

2024-07-17

Abstract:Medical Internet of Things (IoMT) is the next frontier in the digital revolution and is utilized in healthcare. In this context, IoT enables individuals to remotely manage their essential activities with minimal interaction. However, the limitations of network resources and the challenges of establishing a secure channel, as well as sharing and collecting sensitive information through an insecure public channel, pose security challenges for the medical IoT. This paper presents a lightweight multi-factor authentication and anonymous user authentication scheme to access real-time data in a blockchain-based environment. The scheme utilizes an insecure channel called L2AI. L2AI ensures security and efficiency while enhancing user anonymity through the use of pseudo-identity and dynamic indexing. The proposed method supports highly scalable systems with an efficient user registration process, allowing authenticated users to access both existing and newly added system entities without additional processes. Although the scheme is primarily designed for large systems, such as health infrastructure, it is also suitable for resource-constrained devices. The scheme relies on one-way cryptographic hashing functions and bitwise XOR operations. Additionally, a fuzzy mining algorithm is employed on the user side to verify the user's biometric information. L2AI adopts the "Real-Or-Random (ROR)" model for security proof and employs BAN logic for proof of authenticity. Formal security verification is conducted using the "Automatic Validation of Internet Security Protocols and Programs" (Proverif) tool, complemented by informal security analysis demonstrating the proper functionality of L2AI.

Cryptography and Security

Roayat Ismail Abdelfatah

DOI: https://doi.org/10.1016/j.jksuci.2024.102062

IF: 9.006

2024-05-19

Journal of King Saud University - Computer and Information Sciences

Abstract:A significant problem facing cybersecurity is that most client/server identity authentication schemes depend on computational complexity which is recently challenged by the super exponential computational abilities of quantum computers. Quantum cryptography with its quantum mechanics principles solves this problem and provides mathematically un-hackable secure communication for the quantum computers epoch. Biometric authentication has a big challenge related to its protection as it has to be submitted and stored in encrypted form. Unfortunately, most existing biometric cryptosystems rely on classical cryptography, so they are insecure in quantum era. This problem is solved in this paper by introducing a novel three-factor biometric quantum identity authentication scheme combining something you know (password), something you produce (client's voice), and something you are (client's face image) is proposed. The scheme consists of two phases: client enrollment and client login/authentication. The methodology is to use in the enrollment phase, two layers of quantum encryption for the client's voice signal. Each layer consists of two simple quantum circuits of SWAP and C-NOT quantum gates respectively using a different pseudorandom key obtained from a cellular automata (CA) pseudorandom generator. The proposed scheme has many merits. Firstly, it introduces a new design of muti-factors quantum biometric authentication scheme as the biometric voice data is processed, transmitted, and stored at the server database in an encrypted unconditionally secure quantum form which provides parallel processing, real-time communications, inherent level of security against attacks, tamper-proof security and exponential powerful storage capability due to the quantum properties. Secondly, the proposed scheme achieves double-layers security by combing quantum voice encryption and quantum secure direct communication in one process such that the quantum channel eavesdropper cannot obtain any valuable information in case of information leakage. Thirdly , the distribution and management of encryption key problem is solved as there is no need for key exchange prior to communication. Fourthly, it achieves high communication efficiency as although it is a three-factor biometric identity authentication, only one biometric data is sent in quantum encrypted form to the server . Fifthly , the numerical simulations showed that the proposed scheme has large key space, high key sensitivity and more robust performance against different types of attacks compared to other existing classical and quantum voice encryption schemes. Finally, as an identity authentication method, the proposed scheme achieves identification accuracy of 100% with zero False Rejection Rate (FRR) and zero False acceptance rate (FAR) which is perfect.

computer science, information systems

Anand Singh Rajawat,S. B. Goyal,Pradeep Bedi,Tony Jan,Md Whaiduzzaman,Mukesh Prasad

DOI: https://doi.org/10.3390/fi15080271

2023-08-16

Future Internet

Abstract:Internet of Medical Things (IoMT) is an ecosystem composed of connected electronic items such as small sensors/actuators and other cyber-physical devices (CPDs) in medical services. When these devices are linked together, they can support patients through medical monitoring, analysis, and reporting in more autonomous and intelligent ways. The IoMT devices; however, often do not have sufficient computing resources onboard for service and security assurance while the medical services handle large quantities of sensitive and private health-related data. This leads to several research problems on how to improve security in IoMT systems. This paper focuses on quantum machine learning to assess security vulnerabilities in IoMT systems. This paper provides a comprehensive review of both traditional and quantum machine learning techniques in IoMT vulnerability assessment. This paper also proposes an innovative fused semi-supervised learning model, which is compared to the state-of-the-art traditional and quantum machine learning in an extensive experiment. The experiment shows the competitive performance of the proposed model against the state-of-the-art models and also highlights the usefulness of quantum machine learning in IoMT security assessments and its future applications.

Chaoyang Li,Mianxiong Dong,Xiangjun Xin,Jian Li,Xiu-Bo Chen,Kaoru Ota

DOI: https://doi.org/10.1109/jiot.2023.3296595

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Internet of medical things (IoMT) aggregates a series of smart medical devices and fully uses the collected health data to improve user experience, medical resource utilization, and full life cycle protection. However, privacy leakage, data loss, and inefficient sharing problems are still serious in the data-sharing process between different smart medical devices. This paper first introduces an efficient privacy-preserving model with blockchain to construct a secure data-sharing mechanism between different device nodes. This model utilizes distributed storage form to solve the centralized management problem and provides a fundamental secret reconstruction and retrieval framework. Then, a lightweight (t,n)-threshold secret sharing (t/n-SS) scheme is designed to strengthen the medical data-sharing security and efficiency. It utilizes the interleaving encode technology to decrease the length of original message into n small shares. These small shares are also suitable for data transmission and processing with a more energy-efficient way. It can protect privacy by destroying the data’s semantic meaning. Meanwhile, it only needs less than t(t≤n) shares to recover the original secrets, making the sharing process more efficient. Moreover, the performance evaluations of transaction processing in IoMT show that the proposed model is very stable. The simulation and performance evaluation results show that this t/n-SS scheme is energy efficient, storage saving, and strong fault tolerance than similar literature.

computer science, information systems,telecommunications,engineering, electrical & electronic

Salem AlJanah,Ning Zhang,Siok Wah Tay

2023-07-07

Abstract:Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks.

Cryptography and Security

Ping Wang,Bin Li,Hongjin Shi,Yaosheng Shen,Ding Wang

DOI: https://doi.org/10.1155/2019/2516963

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Investigating the security pitfalls of cryptographic protocols is crucial to understand how to improve security. At ICCCS'17, Wu and Xu proposed an efficient smart-card-based password authentication scheme for cloud computing environments to cope with the vulnerabilities in Jiang et al.'s scheme. However, we reveal that Wu-Xu's scheme actually is subject to various security flaws, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services and further suggested a user-friendly scheme which is claimed to be suitable for multiserver architecture and robust against various attacks. In this work, we show that Roy et al.'s scheme fails to achieve truly two-factor security and shows poor scalability. At FGCS'18, Amin et al. pointed out that most of existing two-factor schemes are either insecure or inefficient for mobile devices due to the use of public-key techniques and thus suggested an improved protocol by using only light-weight symmetric key techniques. Almost at the same time, Wei et al. also observed this issue and proposed a new scheme based on symmetric key techniques with formal security proofs in the random oracle model. Nevertheless, we point out that both Amin et al.'s and Wei et al.'s schemes cannot achieve the claimed security goals (including the most crucial goal of truly two-factor security). Our results invalidate any use of the scrutinized schemes for cloud computing environments.