Large-Scale Secure Model Learning and Inference using Synthetic Data for IoT-Based Big Data Analytics
@inproceedings{bib_Larg_2024, AUTHOR = {Prakash Tekchandani, Ashok Kumar Das, Neeraj Kumar}, TITLE = {Large-Scale Secure Model Learning and Inference using Synthetic Data for IoT-Based Big Data Analytics}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2024}}
Big data analytics in the Internet of Things (IoT) realm demands a substantial volume of data
for training models and making reliable inferences. In most cases, data availability is scarce,
and synthetic data is generated from real-world data to meet the needs. Yet, there remains
a risk of exposing private and sensitive information without proper data security measures.
In this article, we aim to develop a secure collaborative model learning methodology trained
on synthetic data, ensuring data availability, privacy and confidentiality through differential
privacy and key management. Additionally, we propose a secured inference framework where
user data, sent for inference to the deployed model is protected, preserving both the accuracy of
the predicted data and the security of the input data. Our experimental evaluation, along with
performance and security analysis, exhibits that our approach offers accuracy and scalability
while maintaining privacy and security.
Blockchain-Enabled Secure Collaborative Model
Learning Using Differential Privacy for
IoT-Based Big Data Analytics
Prakash Tekchandani,Abhishek Bisht,Ashok Kumar Das,Neeraj Kumar,Marimuthu Karuppiah,Pandi Vijayakumar,Youngho Park
@inproceedings{bib_Bloc_2024, AUTHOR = {Prakash Tekchandani, Abhishek Bisht, Ashok Kumar Das, Neeraj Kumar, Marimuthu Karuppiah, Pandi Vijayakumar, Youngho Park}, TITLE = {Blockchain-Enabled Secure Collaborative Model
Learning Using Differential Privacy for
IoT-Based Big Data Analytics}, BOOKTITLE = {IEEE Transactions on Big Data}. YEAR = {2024}}
—With the rise of Big data generated by Internet of
Things (IoT) smart devices, there is an increasing need to leverage
its potential while protecting privacy and maintaining confidentiality. Privacy and confidentiality in Big Data aims to enable data analysis and machine learning on large-scale datasets without compromising the dataset sensitive information. Usually current Big Data
analytics models either efficiently achieves privacy or confidentiality. In this article, we aim to design a novel blockchain-enabled
secured collaborative machine learning approach that provides
privacy and confidentially on large scale datasets generated by IoT
devices. Blockchain is used as secured platform to store and access
data as well as to provide immutability and traceability. We also
propose an efficient approach to obtain robust machine learning
model through use of cryptographic techniques and differential
privacy in which the data among involved parties is shared in
a secured way while maintaining privacy and confidentiality of
the data. The experimental evaluation along with security and
performance analysis show that the proposed approach provides
accuracy and scalability without compromising the privacy and
security.
TL-ABKS: Traceable and lightweight attribute-based keyword search in edge-cloud assisted IoT environment
Uma Sankararao Varri,Debjani Mallick,Ashok Kumar Das,M. Shamim Hossain,YOUNGHO PARK,Joel J.P.C. Rodrigues
@inproceedings{bib_TL-A_2024, AUTHOR = {Uma Sankararao Varri, Debjani Mallick, Ashok Kumar Das, M. Shamim Hossain, YOUNGHO PARK, Joel J.P.C. Rodrigues}, TITLE = {TL-ABKS: Traceable and lightweight attribute-based keyword search in edge-cloud assisted IoT environment}, BOOKTITLE = {Alexandria Engineering Journal}. YEAR = {2024}}
Edge–cloud coordination offers the chance to mitigate the enormous storage and processing load brought on by a massive increase in traffic at the network’s edge. Though this paradigm has benefits on a large scale, outsourcing the sensitive data from the smart devices deployed in an Internet of Things (IoT) application may lead to privacy leakage. With an attribute-based keyword search (ABKS), the search over ciphertext can be achieved; this reduces the risk of sensitive data explosion. However, ABKS has several issues, like huge computational overhead to perform multi-keyword searches and tracing malicious users. To address these issues and enhance the performance of ABKS, we propose a novel traceable and lightweight attribute-based keyword search technique in an Edge–cloud-assisted IoT, named TL-ABKS, using edge–cloud coordination. With TL-ABKS, it is possible to do effective multi-keyword searches and implement fine-grained access control. Further, TL-ABKS outsources the encryption and decryption computation to edge nodes to enable its usage to resource-limited IoT smart devices. In addition, TL-ABKS achieves tracing user identity who misuse their secret keys. TL-ABKS is secure against modified secret keys, chosen plaintext, and chosen keyword attacks. By comparing the proposed TL-ABKS with the current state-of-the-art schemes, and conducting a theoretical and experimental evaluation of its performance and credibility, TL-ABKS is efficient.
Abhishek Kumar Pandey,Ashok Kumar Das,Rajeev Kumar,Joel J. P. C. Rodrigues
@inproceedings{bib_Secu_2024, AUTHOR = {Abhishek Kumar Pandey, Ashok Kumar Das, Rajeev Kumar, Joel J. P. C. Rodrigues}, TITLE = {Secure Cyber Engineering for IoT-Enabled Smart Healthcare System}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2024}}
The implementation of Internet of Things (IoT) as Cyber-Physical Systems (CPS) is essential for the advancement of smart healthcare within a highly digital environment. However, the development of medical CPS (MCPS) poses various challenges, particularly in terms of dependability and security. The complex nature of medical IoT components encompasses both computational and physical aspects including secure reliability. To mitigate these issues, this article introduces a cyber engineering, an innovative approach, that combines principles from complex system design in order to establish a systematic framework for combining the cyber and physical layers of IoT and MCPS together. This integration aims to provide an unified system designing approach that can produce more secure and robust systems. By embracing the cyber engineering ideology, the healthcare industry can overcome reliability challenges and pave the way for the development of secure and dependable smart healthcare solutions, while ensuring security by design perspective. The approach also provides ideal future possibilities to the upcoming researchers.
Big Data-Enabled Authentication Framework for Offshore Maritime Communication Using Drones
Ashok Kumar Das,Vangala Anusha,Saurabh Agrawal ,Shantanu Pal,Neeraj Kumar,Pascal Lorenz, Youngho Park
@inproceedings{bib_Big__2024, AUTHOR = {Ashok Kumar Das, Vangala Anusha, Saurabh Agrawal , Shantanu Pal, Neeraj Kumar, Pascal Lorenz, Youngho Park}, TITLE = {Big Data-Enabled Authentication Framework for Offshore Maritime Communication Using Drones}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}
The maritime transportation industry is a prime target for cybersecurity attacks due to the inherent risks of transmitting sensitive information required for its smooth operation. The introduction of digital systems in maritime transport has made them susceptible to a range of cybersecurity threats. These attacks can lead to the unauthorized acquisition and misuse of vulnerable data, such as personal information of crew and passengers, vessel location, route, schedule, and other related information. To address this issue, a new lightweight authentication protocol has been proposed by utilizing drone technology in conjunction with the 5th generation mobile network (5G) communication. The effectiveness of the proposed protocol has been analyzed, which demonstrates its ability to withstand various security attacks while maintaining low communication and computation costs. Furthermore, it successfully meets the security and functionality requirements of anonymity and untraceability. A comprehensive simulation study and simulation using the network simulator (NS3) have been conducted to assess the impact on various network performance parameters for the proposed scheme. In addition, various experiments using machine-learning algorithms for Big data analytics show the efficiency of the proposed scheme in terms of accuracy, precision, recall and F1 score.
Private Blockchain Envisioned Access Control System for Securing Industrial IoT-Based Pervasive Edge Computing
@inproceedings{bib_Priv_2023, AUTHOR = {Sourav Saha, Basudeb Bera, Ashok Kumar Das, NEERAJ KUMAR, HAFIZUL ISLAM, YOUNGHO PARk}, TITLE = {Private Blockchain Envisioned Access Control System for Securing Industrial IoT-Based Pervasive Edge Computing}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
The Industrial Internet of Things (IIoT) is able to connect machines, analytics and people with IoT smart devices, gateway nodes and edge devices to create powerful intuitivenesses to drive smarter, faster and effective business agreements. IIoT having interconnected machines along with devices can monitor, gather, exchange, and analyze information. Since the communication among the entities in IIoT environment takes place insecurely (for instance, wireless communications and Internet), an intruder can easily tamper with the data. Moreover, physical theft of IoT smart devices provides an intruder to mount impersonation and other attacks. To handle such critical issues, in this work, we design a new private blockchain-envisioned access control scheme for Pervasive Edge Computing (PEC) in IIoT environment, called PBACS-PECIIoT. We consider the private blockchain consisting of the transactions and registration credentials of the entities related to IIoT, because the information is strictly confidential and private. The security of PBACS-PECIIoT is significantly improved due to usage of blockchain as immutability, transparency and decentralization along with protection of various potential attacks. A meticulous comparative analysis exhibits that PBACS-PECIIoT achieves greater security and more functionality features, and requires low costs for communication and computational as compared to other pertinent schemes.
Personal health record storage and sharing using searchable encryption and blockchain: A comprehensive survey
@inproceedings{bib_Pers_2023, AUTHOR = {Abhishek Bisht, Ashok Kumar Das, Debasis Giri}, TITLE = {Personal health record storage and sharing using searchable encryption and blockchain: A comprehensive survey}, BOOKTITLE = {Security and Privacy}. YEAR = {2023}}
Personal Health Records (PHRs) allow patients to have full control over their health data. However, storage and sharing of PHRs still remains a difficult but necessary task, especially when health data is one of the major targets of cyber attacks worldwide. Searchable Encryption (SE) is a feasible solution for this problem and can be augmented by Blockchain to address some of its issues, such as verifiability. Therefore, SE using blockchain is a promising technologies to tackle the challenge of PHR storage and sharing. In this survey, we have explored the research works that use SE and blockchain technology for the same. The work starts with an introduction of cloud, searchable encryption and blockchain. Subsequently, we present a literature survey of the corresponding technologies. We then describe SE in detail and how it fits with blockchain. This is followed by description of noteworthy existing solutions for secure storage and sharing of PHRs. Even though there have been a number of surveys related to SE, none of them have surveyed the use of blockchain with SE or use of SE and blockchain in PHR sharing. The work concludes with a comparative study of these existing solutions and future scope in this direction. KEYWORDS: Searchable encryption, Blockchain, Cloud computing, Personal Health Records (PHRs), Storage, Security
Efficient Personal-Health-Records Sharing in Internet of Medical Things Using Searchable Symmetric Encryption, Blockchain, and IPFS
@inproceedings{bib_Effi_2023, AUTHOR = {Abhishek Bisht, Ashok Kumar Das, DUSIT NIYATO, YoungHo Park}, TITLE = {Efficient Personal-Health-Records Sharing in Internet of Medical Things Using Searchable Symmetric Encryption, Blockchain, and IPFS}, BOOKTITLE = {IEEE Open Journal of the Communications Society}. YEAR = {2023}}
Secure storage and sharing of Personal Health Records (PHRs) in Internet of Medical Things (IoMT) is one of the significant challenges in the healthcare ecosystem. Due to the high value of personal health information, PHRs are one of the favourite targets of cyber attackers worldwide. Over the years, many solutions have been proposed; however, most solutions are inefficient for practical applications. For instance, several existing schemes rely on the bilinear pairings, which incur high computational costs. To mitigate these issues, we propose a novel PHR-sharing scheme that is dynamic, efficient, and practical. Specifically, we combine searchable symmetric encryption, blockchain technology and a decentralized storage system, known as Inter-Planetary File System (IPFS) to guarantee confidentiality of PHRs, verifiability of search results, and forward security. Moreover, we provide formal security proofs for the proposed scheme. Finally, we have conducted extensive test-bed experiments and the results demonstrate that the proposed scheme can be used in practical scenarios related to IoMT environment.
Blockchain Integration for IoT-Enabled V2X Communications: A Comprehensive Survey, Security Issues and Challenges
P. MURALIDHARA RAO,SRINIVAS JANGIRALA,SARASWATHI PEDADA,Ashok Kumar Das,YOUNGHO PARK
@inproceedings{bib_Bloc_2023, AUTHOR = {P. MURALIDHARA RAO, SRINIVAS JANGIRALA, SARASWATHI PEDADA, Ashok Kumar Das, YOUNGHO PARK}, TITLE = {Blockchain Integration for IoT-Enabled V2X Communications: A Comprehensive Survey, Security Issues and Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
In V2X (vehicle-to-everything) communication, there is a two-way communication among the vehicle(s) and other Internet of Things (IoT)-enabled smart devices around it that may change how we need to drive. Due to the advancement of Information and Communications Technology (ICT) and the rapid development of IoT in transportation, traditional applications are converted to intelligent applications. In V2X communications, the collected information from the IoT smart devices and other sources passes through low-latency, high-bandwidth, high-reliability links. With the future adoption of the 5th generation mobile network (5G) and beyond networks, V2X continues to produce a huge volume of data. However, collecting and storing data securely in blockchain-based storage are extremely needed for immutability and transparency. In this survey article, the convergence of IoT, V2X and blockchain technologies, and various security challenges and their countermeasures are discussed. Next, we discuss various V2X applications and their respective services. Moreover, IoT-V2X architecture and its enabling technologies are discussed in this article. In addition, we also provide a comprehensive analysis of various security mechanisms. Finally, we provide some important challenges and issues of Blockchain for Intelligent Transportation System (BITS)
Quantum Secure Threshold Private Set Intersection Protocol for IoT-Enabled Privacy Preserving Ride-Sharing Application
@inproceedings{bib_Quan_2023, AUTHOR = {Tapaswini Mohanty, vikas Srivastava, Sumit Kumar Debnath, Ashok Kumar Das}, TITLE = {Quantum Secure Threshold Private Set Intersection Protocol for IoT-Enabled Privacy Preserving Ride-Sharing Application}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}
The Internet of Things (IoT)-enabled ride sharing is one of the most transforming and innovative technologies in the transportation industry. It has myriads of advantages, but with increasing demands there are security concerns as well. Traditionally, cryptographic methods are used to address the security and privacy concerns in a ride sharing system. Unfortunately, due to the emergence of quantum algorithms, these cryptographic protocols may not remain secure. Hence, there is a necessity for privacy-preserving ride sharing protocols which can resist various attacks against quantum computers. In the domain of privacy preserving ride sharing, a threshold private set intersection (TPSI) can be adopted as a viable solution because it enables the users to determine the intersection of private data sets if the set intersection cardinality is greater than or equal to a threshold value. Although TPSI can help to alleviate privacy concerns, none of the existing TPSI is quantum secure. Furthermore, the existing TPSI faces the issue of long-term security. In contrast to classical and post quantum cryptography, quantum cryptography (QC) provides a more robust solution, where QC is based on the postulates of quantum physics (e.g., Heisenberg uncertainty principle, no cloning theorem, etc.) and it can handle the prevailing issues of quantum threat and long-term security. Herein, we propose the first QC based TPSI protocol which has a direct application in privacy preserving ride sharing. Due to the use of QC, our IoT-enabled ride sharing scheme remains quantum secure and achieves long-term security as well.
APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System
SAFDAR HUSSAIN JAVED,MAAZ BIN AHMAD,MUHAMMAD ASIF,WASEEM AKRAM,KHALID MAHMOOD,Ashok Kumar Das,SACHIN SHETTY
IEEE Access, ACCESS, 2023
@inproceedings{bib_APT__2023, AUTHOR = {SAFDAR HUSSAIN JAVED, MAAZ BIN AHMAD, MUHAMMAD ASIF, WASEEM AKRAM, KHALID MAHMOOD, Ashok Kumar Das, SACHIN SHETTY}, TITLE = {APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi- dimensional algorithm that captures behavioral features along with the relevant information that other methods do not deliver. This approach utilizes masked self-attentional layers to address the limitations of prior Deep Learning (DL) methods that rely on convolutions. Two datasets, the DAPT2020 malware, and Edge I-IoT datasets are used to evaluate the approach, and it attains the highest detection accuracy of 96.97% and 95.97%, with prediction time of 20.56 seconds and 21.65 seconds, respectively. The GAN approach is compared to conventional ML algorithms, and simulation results demonstrate a significant performance improvement over these algorithms in the I-IoT-enabled CPS realm.
A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection
Neeraj Saini,Vivekananda Bhat Kasaragod,Krishna Prakasha,Ashok Kumar Das
Concurrency and Computation: Practice and Experience, CCPE, 2023
Abs | | bib Tex
@inproceedings{bib_A_hy_2023, AUTHOR = {Neeraj Saini, Vivekananda Bhat Kasaragod, Krishna Prakasha, Ashok Kumar Das}, TITLE = {A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection}, BOOKTITLE = {Concurrency and Computation: Practice and Experience}. YEAR = {2023}}
A persistent, targeted cyber attack is called an advanced persistent threat (APT) attack. The attack is mainly launched to gain sensitive information, take over the system, and for financial gain, which creates nowadays more hurdles and challenges for the organization in preventing, detecting, and recovering from such attacks. Due to the nature of APT attacks, it is difficult to detect them quickly. Therefore machine learning techniques come into these research areas. This study uses deep and machine learning models such as random forest, decision tree, convolutional neural network, multilayer perceptron and so forth to categorize and effectively detect APT attacks by utilizing publicly accessible datasets. The datasets used in this study are CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15. This study proposes the hybrid ensemble machine learning model, a mixed approach of random forest and XGBoost classifiers. It has obtained the maximum prediction accuracy of 98.92%, 99.91%, 99.24%, and 97.11% for datasets CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15, with a false positive rate of 0.52%, 0.12%, 0.62%, and 5.29% respectively. These results are compared to other closely related recent studies in the literature. Our experiment's findings show that our model has performed significantly better for all datasets.
ACKS-IA: An Access Control and Key Agreement Scheme for Securing Industry 4.0 Applications
Amit kumar Mishra,Mohammad Wazid,Devesh Pratap Singh ,Ashok Kumar Das
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2023
Abs | | bib Tex
@inproceedings{bib_ACKS_2023, AUTHOR = {Amit Kumar Mishra, Mohammad Wazid, Devesh Pratap Singh , Ashok Kumar Das}, TITLE = {ACKS-IA: An Access Control and Key Agreement Scheme for Securing Industry 4.0 Applications}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2023}}
The most significant and critical infrastructures, such as the electricity utilities, clean water facilities, nuclear plants and manufacturing industries are controlled and supervised by the industrial control systems. These systems undergo through a metamorphosis as a result of the Industry 4.0 revolution, which emphasises enhanced connectivity and flexibility with the Internet of Things (IoT) and cloud computing technologies. As the data is transferred across the Internet, Industry 4.0 communication can be easily attacked by launching different potential attacks. As a consequence, we attempt to propose a novel certificate-based access control and key establishment scheme for securing Industry 4.0 communication, called ACKS-IA. It offers access control and key establishment between smart industrial devices, as well as between a smart device and its associated cloud server. A formal security analysis of ACKS-IA through the broadly-accepted Burrows–Abadi– Needham (BAN) logic is provided. It confirms that ACKS-IA is secured and provides secure mutual authentication among the communication entities. The detailed informal security analysis and comparative study with the existing related schemes reveal that the proposed ACKS-IA is secured and efficient in terms of communication cost, computation cost, and security and functionality features including anonymity and untraceability as compared to other competing schemes. Finally, a real testbed implementation of ACKS-IA is provided to measure its effect on important performance attributes.
Design of Provably Secure Authentication Protocol for Edge-Centric Maritime Transportation System
Khalid Mahmood,Salman Shamshad,Muhammad Faizan Ayub,Zahid Ghaffar,Zahid Ghaffar,Ashok Kumar Das
IEEE Transactions on Intelligent Transportation Systems, ITS, 2023
Abs | | bib Tex
@inproceedings{bib_Desi_2023, AUTHOR = {Khalid Mahmood, Salman Shamshad, Muhammad Faizan Ayub, Zahid Ghaffar, Zahid Ghaffar, Ashok Kumar Das}, TITLE = {Design of Provably Secure Authentication Protocol for Edge-Centric Maritime Transportation System}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2023}}
The epidemic growth of the Internet of Things (IoT) objects have revolutionized Maritime Transportation Systems (MTS). Though, it becomes challenging for the centralized cloud-centric framework to fulfil the application requirements such as low latency and power utilization. The introduction of the distributed edge-centric framework has recently helped the IoT-enabled MTS to meet these requirements by manipulating the tasks at the edge of the networks. Despite the fact that MTS leverages mobile subscribers by overcoming inherent cloud computing limitations, data security and user privacy requirements in establishing the MTS setup are still non-trivial challenges. In this article, we develop a key agreement solution for mobile users to realize mutual authentication in a single round. Our protocol offers user anonymity to maintain user privacy, and it can prevent physical attacks by physically unclonable functions. Initially, the security analysis is conferred to substantiate our protocol’s security persistence or strength. Later, its performance correlation is observed under the assumption of diverse metrics in a predefined empirical setup. The meticulous performance correlation endorses the precedence of our protocol over specified related protocols.
Embattle The Security of E-Health System Through A Secure Authentication and Key Agreement Protocol
Darshan Singh,Mohammad Wazid,D. P. Singh,Ashok Kumar Das,Rodrigues Joel J. P. C
International Wireless Communications and Mobile Computing Conference, IWCMC, 2023
Abs | | bib Tex
@inproceedings{bib_Emba_2023, AUTHOR = {Darshan Singh, Mohammad Wazid, D. P. Singh, Ashok Kumar Das, Rodrigues Joel J. P. C}, TITLE = {Embattle The Security of E-Health System Through A Secure Authentication and Key Agreement Protocol}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2023}}
In recent years there has been rampant growth in the field of ML, AI, Big Data, IoT, cyber security, and cloud computing. These technologies have also integrated into the field of smart healthcare. The Internet of Medical Things (IoMT)-driven e-health is one such domain, which utilizes these modern technologies to provide cost-effective and secure healthcare care services to the patients [1]. It contain sensors, devices, actuators, etc. All the raw data is collected from these devices, which is prepossessed and refined to give useful insights. The medical professional can analyze and visualize critical health parameters such as ‘‘blood pressure (BP), heart rate, temperature, etc Based on the current status of the patient, alerts can be generated to doctors or the nursing staff in case of any eventuality. The integration of IoMT with e-health can enhance live tracking, monitoring and health services of patients [2], [3]. This data is regularly shared by the integrated devices and stored over the cloud server, where the healthcare professional can get all the diagnostics of patients. With the benefits of the technology, there are some security challenges. It can be architectural design flaws, a software bug, or a hardware backdoor that can lead to the compromise of the security of the systems. The cyber threat actor can gain authorized access to the system and paralyze all the networks at once. Weak control access, authentication and authorization protocols in the network may compromise the systems to the cyber attackers [4]. Attacks such as ransomware, rootkit, malware, denial of service (DoS), etc., can cause harm to the devices and tamper the healthcare data. Attackers can remotely access the smart healthcare devices and can use them as the botnet devices. With remote access, the attackers can redirect the network somewhere else and can huge network flooding [5], [6]. There have been a lot of high-impact cyber attacks happening to the e-health infrastructure. For example, a patient with the smart pacemaker monitors heart rate, temperature, and blood flow rate that can be critical to a heart alignment patient. Imagine this device gets compromised by a threat actor, it can create panic even worse and can cause death to the patient [7]. For mitigation of the cyber-attacks on all the critical infrastructure (i.e., e-health), cyber security comes into action. With threat modeling and hunting, we can actively search for any threat in the network, its source, and the severity of the threats. Once threats are found in the network, all the mitigation techniques can be used to secure the network from any intrusion. Cyber security provides a strong mechanism (i.e., authentication and key agreement) with all the tools and techniques to safeguard the e-health system [5], [6], [8]. Therefore, proper registration, authentication, authorization and intrusion detection schemes can be used to mitigate the various cyber attacks, i.e., ‘‘replay attempts, man-in-themiddle (MiTM) attacks, replay attacks, illegal session key computation, stolen verifier, etc., [8]
Securing Fog Computing-based Industry 4.0 Communication Using Authenticated Key Agreement Scheme
Amit Kumar Mishra,Mohammad Wazid,D. P. Singh,Ashok Kumar Das,Mohsen Guizani
International Wireless Communications and Mobile Computing Conference, IWCMC, 2023
Abs | | bib Tex
@inproceedings{bib_Secu_2023, AUTHOR = {Amit Kumar Mishra, Mohammad Wazid, D. P. Singh, Ashok Kumar Das, Mohsen Guizani}, TITLE = {Securing Fog Computing-based Industry 4.0 Communication Using Authenticated Key Agreement Scheme}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2023}}
Internet of Things (IoT)-based smart factories offer the manufacturing sectors a great opportunity to embrace the fourth industrial revolution (Industry 4.0). The real-time monitoring of manufacturing operations in an Industry 4.0 needs to be ensured by the deployed technologies, like Artificial Intelligence (AI) and Big Data analytics. The overall purpose is to improve the outcomes of the production process. However, Industry 4.0 becomes vulnerable to different potential attacks as the communication takes place via public environments. In this article, an authentication and key agreement method has been suggested to secure the communication that can occur in a Fog-based Industry 4.0 environment. The security proposal provides secure mutual authentication along with key establishment between various smart industrial devices and fog servers, as well as between fog servers and cloud servers. The security analysis and comparative study reveal that the proposed method can mitigate various potential attacks, and it also offers important security and functionality attributes as compared to those for other competing schemes.
A Survey of DDoS Attacks Detection Schemes in SDN Environment
Surabhi Gusain Rawat,Mohammad S. Obaidat,Sumit Pundir,Mohammad Wazid ,Ashok Kumar Das
International Conference on Computer, Information and Telecommunication Systems, CITS, 2023
Abs | | bib Tex
@inproceedings{bib_A_Su_2023, AUTHOR = {Surabhi Gusain Rawat, Mohammad S. Obaidat, Sumit Pundir, Mohammad Wazid , Ashok Kumar Das}, TITLE = {A Survey of DDoS Attacks Detection Schemes in SDN Environment}, BOOKTITLE = {International Conference on Computer, Information and Telecommunication Systems}. YEAR = {2023}}
Denial-of-service (DoS) attacks are a major concern in the field of Internet technology, and they pose a difficult security challenge. Among the different types of DoS attacks, distributed denial-of-service (DDoS) attacks are especially concerning because they can quickly drain the resources of a target, disrupting their computational and communication capabilities without warning. In response to the severity of this problem, various defense strategies have been developed to defend against DDoS attacks. In this paper, a survey on the various DDoS attacks detection schemes is presented. An overview of the DDoS attack methodology is given. The information on different types of DDoS detection methods in SDN environment is also provided. Then a comparative study of different DDoS attack detection schemes is given, which contains the comparisons of different schemes in terms of their advantages, limitations, accuracy values, and time complexity.
Design of Robust Blockchain-Envisioned Authenticated Key Management Mechanism for Smart Healthcare Applications
Siddhant Thapliyal,Mohammad Wazid,Devesh Pratap Singh,Ashok Kumar Das,Sachin Shetty
IEEE Access, ACCESS, 2023
Abs | | bib Tex
@inproceedings{bib_Desi_2023, AUTHOR = {Siddhant Thapliyal, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Sachin Shetty}, TITLE = {Design of Robust Blockchain-Envisioned Authenticated Key Management Mechanism for Smart Healthcare Applications}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
The healthcare sector is a very crucial and important sector of any society, and with the evolution of the various deployed technologies, like the Internet of Things (IoT), machine learning and blockchain it has numerous advantages. However, in this section, the data is much more vulnerable than others, because the data is strictly private and confidential, and it requires a highly secured framework for the transmission of data between entities. In this article, we aim to design a blockchain-envisioned authentication and key management mechanism for the IoMT-based smart healthcare applications (in short, we call it SBAKM-HS). We compare the various attributes of the proposed SBAKM-HS and other existing schemes to demonstrate that SBAKM-HS outperforms other existing schemes. The conducted security analysis
An Ensemble-Based IoT-Enabled Drones Detection Scheme for a Safe Community
Jaskaran Singh,Keshav Sharma,MOHAMMAD WAZID,Ashok Kumar Das,Athanasios V. Vasilakos
IEEE Open Journal of the Communications Society, OJ-COMS, 2023
@inproceedings{bib_An_E_2023, AUTHOR = {Jaskaran Singh, Keshav Sharma, MOHAMMAD WAZID, Ashok Kumar Das, Athanasios V. Vasilakos}, TITLE = {An Ensemble-Based IoT-Enabled Drones Detection Scheme for a Safe Community}, BOOKTITLE = {IEEE Open Journal of the Communications Society}. YEAR = {2023}}
With the increasing use of Internet of Things (IoT)- enabled drones for various purposes, including photography, de- livery, and surveillance, concerns related to privacy and security have arisen. Drones have the potential to capture sensitive infor- mation, invade privacy, and cause security breaches. Therefore, the need for advanced technology for the automated detection of drones has become crucial. In this paper, we propose an ensemble-based IoT-enabled drones detection scheme (in short, EDDSBS). The presented model is part of a computer vision- based module and uses transfer learning for improved perfor- mance. Transfer learning allows the reuse of pre-trained models and their knowledge in a different but related domain, enabling better performance with less training data. To evaluate the performance of the proposed EDDSBS, we test it on benchmark datasets, including the Drone–vs–Bird Dataset and the UAVDT dataset. The proposed EDDSBS outperforms the existing schemes of drone detection (i.e., in terms of accuracy). The results of the presented scheme demonstrate the potential of deep learning- based technology for automated drone detection in critical areas, such as airports, military bases, and other high-security areas. Thus the paper introduces a comprehensive process methodology for drone detection that can be applied in real-world settings for a sustainable and secure environment, which is required for a safe community
Provably secure public key encryption with keyword search for data outsourcing in cloud environments
Sudeep Ghosh,SK Hafizul Islam,Abhishek Bisht,Ashok Kumar Das
Journal of Systems Architecture, JSA, 2023
Abs | | bib Tex
@inproceedings{bib_Prov_2023, AUTHOR = {Sudeep Ghosh, SK Hafizul Islam, Abhishek Bisht, Ashok Kumar Das}, TITLE = {Provably secure public key encryption with keyword search for data outsourcing in cloud environments}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}
In recent days, the application of cloud computing has been gaining significant popularity among people. A considerable amount of data are being stored in the cloud server. However, data owners outsource their encrypted data to the cloud for various security reasons. Unfortunately, encrypted data cannot be searched, like plaintext data. So how to search encrypted data is an interesting problem in this era. Many public key encryption with keyword search (PEKS) schemes have been designed in the literature. However, most of them cannot prevent keyword-guessing attacks. In this paper, we develop a provably secure PEKS scheme in the random oracle model. This scheme may be used for secure email access from an email server containing a list of encrypted keywords. The proposed scheme can resist keyword-guessing attacks, and offer ciphertext and trapdoor indistinguishability properties. We use the data owner’s private key during encryption to prevent keyword-guessing attacks. Using the data owner’s public key in the verification phase ensures the resilience of keyword-guessing attacks. Finally, the proposed scheme has been tested on a real testbed, and the results show that it can be used in the cloud computing scenario to search for keywords on encrypted data
Provably secure signature‐based anonymous user authentication protocol in an Internet of Things‐enabled intelligent precision agricultural environment
Vangala Anusha,Ashok Kumar Das,Jong-Hyouk Lee
Concurrency and Computation: Practice and Experience, CCPE, 2023
@inproceedings{bib_Prov_2023, AUTHOR = {Vangala Anusha, Ashok Kumar Das, Jong-Hyouk Lee}, TITLE = {Provably secure signature‐based anonymous user authentication protocol in an Internet of Things‐enabled intelligent precision agricultural environment}, BOOKTITLE = {Concurrency and Computation: Practice and Experience}. YEAR = {2023}}
User authentication is a promising security solution in which an external user hav- ing his/her mobile device can securely access the real-time information directly from the deployed smart devices in an Internet of Things-enabled intelligent precision agri- cultural environment. To achieve this goal, we present a new signature-based three factor user authentication scheme. The established session key between a user and the accessed smart device is then used to make secure communication among them to fetch the real-time data of the device. A detailed security analysis including the random-oracle based formal security, formal security verification using the broadly recognized automated validation of internet security protocols and applications tool and nonmathematical informal security analysis show the robustness of the proposed scheme against a number of potential attacks. In addition, testbed experiments are performed for measuring computational time of various cryptographic primitives that are used for comparative study among the proposed scheme and other related exist- ing competing schemes. The detailed comparative analysis shows that the proposed scheme has a better trade-off among its offered security and functionality features, and communication and computational overheads as compared with those for other competing schemes.
Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications
Amit Kumar Mishra,Mohammad Wazid,Devesh Pratap Singh,Ashok Kumar Das,Jaskaran Singh,Athanasios V. Vasilakos
@inproceedings{bib_Secu_2023, AUTHOR = {Amit Kumar Mishra, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Jaskaran Singh, Athanasios V. Vasilakos}, TITLE = {Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications }, BOOKTITLE = {Drones}. YEAR = {2023}}
One of the most significant recent advances in technology is the advent of unmanned aerial vehicles (UAVs), i.e., drones. They have widened the scope of possible applications and provided a platform for a wide range of creative responses to a variety of challenges. The Internet of Drones (IoD) is a relatively new concept that has arisen as a consequence of the combination of drones and the Internet. The fifth-generation (5G) and beyond cellular networks (i.e., drones in networks beyond 5G) are promising solutions for achieving safe drone operations and applications. They may have many applications, like surveillance or urban areas, security, surveillance, retaliation, delivering items, smart farming, film production, capturing nature videos, and many more. Due to the fact that it is susceptible to a wide variety of cyber-attacks, there are certain concerns regarding the privacy and security of IoD communications. In this paper, a secure blockchain-enabled authentication key management framework with the big data analytics feature for drones in networks beyond 5G applications is proposed (in short, SBBDA-IoD). The security of SBBDA-IoD against multiple attacks is demonstrated through a detailed security analysis. The Scyther tool is used to perform a formal security verification test on the SBBDA-IoD’s security, confirming the system’s resistance to various potential attacks. A detailed comparative analysis has identified that SBBDA-IoD outperforms the other schemes by a significant margin. Finally, a real-world implementation of SBBDA-IoD is shown to evaluate its effect on several measures of performance.
Robust authenticated key agreement protocol for internet of vehicles-envisioned intelligent transportation system
Siddhant Thapliyal,Mohammad Wazid,D.P. Singh,Ashok Kumar Das,SK Hafizul Islam
Journal of Systems Architecture, JSA, 2023
Abs | | bib Tex
@inproceedings{bib_Robu_2023, AUTHOR = {Siddhant Thapliyal, Mohammad Wazid, D.P. Singh, Ashok Kumar Das, SK Hafizul Islam}, TITLE = {Robust authenticated key agreement protocol for internet of vehicles-envisioned intelligent transportation system}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}
Internet of Vehicles (IoV) is a wireless network, which employs well-established Internet protocols and networks to share information between vehicles, people, and infrastructure by utilising Vehicular Adhoc Networks (VANETs). IoV aims to increase road user safety and lower accident rates. It is one of the main components of an intelligent transportation system (ITS). ITS appears as the most crucial component since the cities in any country are evolving into digital civilisations as a result of the smart city concept, regardless of whether people are travelling within the city, to work, in school, or for other purposes. It can also be used to improve infrastructure utilisation and road safety (i.e., reduction in road accidents), in addition to enhancing traffic management and easing congestion. However, IoV-driven ITS is susceptible to several forms of attacks because of the insecure communication among the participating entities. We, therefore, propose a secure authentication protocol for IoV-driven ITS to stop these attacks from happening (in short, SAKP-ITS). Its resistance to a number of potential attacks is confirmed by the security analysis of the proposed SAKP-ITS. Additionally, SAKP-ITS is juxtaposed with other comparable competing methods put out in an IoV environment. Additionally, it has been found that SAKP-ITS outperforms competing schemes in terms of critical metrics like communication costs, computation costs, and security and functionality attributes. To test the effect of the proposed SAKP-ITS on the critical performance attributes, a practical implementation of SAKP-ITS
IIDS: Design of Intelligent Intrusion Detection System for Internet-of-Things Applications
KG Raghavendra Narayan,Srijanee Mookherji,Vanga Odelu,Rajendra Prasath,Anish Chand Turlapaty,Ashok Kumar Das
Technical Report, arXiv, 2023
@inproceedings{bib_IIDS_2023, AUTHOR = {KG Raghavendra Narayan, Srijanee Mookherji, Vanga Odelu, Rajendra Prasath, Anish Chand Turlapaty, Ashok Kumar Das}, TITLE = {IIDS: Design of Intelligent Intrusion Detection System for Internet-of-Things Applications}, BOOKTITLE = {Technical Report}. YEAR = {2023}}
With rapid technological growth, security attacks are drastically increasing. In many crucial Internet-of-Things (IoT) applications such as healthcare and defense, the early detection of security attacks plays a significant role in protecting huge resources. An intrusion detection system is used to address this problem. The signature-based approaches fail to detect zero-day attacks. So anomaly-based detection particularly AI tools, are becoming popular. In addition, the imbalanced dataset leads to biased results. In Machine Learning (ML) models, F1 score is an important metric to measure the accuracy of class-level correct predictions. The model may fail to detect the target samples if the F1 is considerably low. It will lead to unrecoverable consequences in sensitive applications such as healthcare and defense. So, any improvement in the F1 score has significant impact on the resource protection. In this paper, we present a framework for ML-based intrusion detection system for an imbalanced dataset. In this study, the most recent dataset, namely CICIoT2023 is considered. The random forest (RF) algorithm is used in the proposed framework. The proposed approach improves 3.72%, 3.75% and 4.69% in precision, recall and F1 score, respectively, with the existing method. Additionally, for unsaturated classes (i.e., classes with F1 score < 0.99), F1 score improved significantly by 7.9%. As a result, the proposed approach is more suitable for IoT security applications for efficient detection of intrusion and is useful in further studies.
Designing Attribute-Based Verifiable Data Storage and Retrieval Scheme in Cloud Computing Environment
Sourav Bera,Suryakant Prasad,Y.Sreenivasa Rao,Ashok Kumar Das,YoungHo Park
Journal of Information Security and Applications, JISA, 2023
Abs | | bib Tex
@inproceedings{bib_Desi_2023, AUTHOR = {Sourav Bera, Suryakant Prasad, Y.Sreenivasa Rao, Ashok Kumar Das, YoungHo Park}, TITLE = {Designing Attribute-Based Verifiable Data Storage and Retrieval Scheme in Cloud Computing Environment}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2023}}
The cloud computing technology is a novel storage and computing paradigm that enables individuals and organizations to store data, share data with intended group of users and retrieve data when require. It greatly improves peoples’ data storage and sharing, and data retrieval capabilities by providing flexible, less expensive and quality services. For data security and privacy concerns, secure and authenticated data storage, fine-grained access control of encrypted data, secure search for the outsourced data and search results verification are of critical importance. However, achieving the aforementioned functionalities simultaneously is quite challenging. In this paper, for the first time, we propose a secure lightweight Attribute-Based verifiable Data Storage and data Retrieval Scheme (ABDSRS) for cloud environments that attains the following features: (i) lightweight design, (ii) provably secure, (iii) fine-grained …
Secure Authentication Protocol for Home Area Network in Smart Grid-Based Smart Cities
Hafiz Muhammad Sanaullah Badar, Khalid Mahmood,Waseem Akram,Zahid Ghaffar,Muhammad Umer,Ashok Kumar Das
Computers & Electrical Engineering, CEEng, 2023
Abs | | bib Tex
@inproceedings{bib_Secu_2023, AUTHOR = {Hafiz Muhammad Sanaullah Badar, Khalid Mahmood, Waseem Akram, Zahid Ghaffar, Muhammad Umer, Ashok Kumar Das}, TITLE = {Secure Authentication Protocol for Home Area Network in Smart Grid-Based Smart Cities}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2023}}
The Internet of Things (IoT) allows better solutions for managing challenges such as reliability and power quality in a smart grid environment. It also assists in adopting smart grid measures in smart city development. A smart meter in the smart grid environment must securely access services from a service provider via public channels. An adversary can pose several security vulnerabilities as the communication occurs through a public channel. Various researchers recently conducted several research types to determine the most challenging problems with the smart grid. The security features like integrity, authentication, and confidentiality are indispensable requirements of the smart grid environment. On the other hand, different objects like smart meters in the smart grid environment are resource-constrained, posing in designing lightweight security protocols. Hence, we propose a lightweight mutual authentication
A Provably Secure and Lightweight Access Control Protocol for EI-based Vehicle to Grid Environment
Salman Shamshad,Khalid Mahmood,Usman Shamshad,Ibrar Hussain,Ashok Kumar Das
IEEE Internet of Things Journal, IOT, 2023
Abs | | bib Tex
@inproceedings{bib_A_Pr_2023, AUTHOR = {Salman Shamshad, Khalid Mahmood, Usman Shamshad, Ibrar Hussain, Ashok Kumar Das}, TITLE = {A Provably Secure and Lightweight Access Control Protocol for EI-based Vehicle to Grid Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}
The Energy Internet (EI) presents a novel paradigm for renewable energy distribution that utilizes communication and computing technologies to revolutionize the conventional Intelligent Transportation Systems (ITSs) and power grid into a structure that provides assistance to open innovation. The EI offers sustainable and bidirectional transmission for the improvement and analysis of energy convention among Electric Vehicles (EVs) and service providers. To ensure efficient, reliable, and secure operation, EI must be safe from security attacks. Therefore, efficient and secure key negotiation is a significant issue for the EI-based Vehicle-to-Grid (V2G) architecture. Thus, to ensure the system’s security, we have devised a robust scheme to facilitate a secure key agreement between the entities involved for the secure and efficient renewable energy distribution for the EI-based energy vehicles in V2G. The devised scheme’s robustness is solicited through the widely-accepted formal Random or Real (RoR) model. In addition, the informal security analysis is conducted on the devised scheme, which is evident that the designed scheme achieves all the required security features of EI-based ITS. Moreover, the performance evaluation results endorse that the designed scheme achieves the desired security and minimizes the communication, computation, and energy overhead by 29.33%, 27.94% and 28.08% in comparison to the existing competitive schemes.
Blockchain-Based Data Access Control and Key Agreement System in IoT Environment
JoonYoung Lee, MyeongHyun Kim, KiSung Park,SungKee Noh,Abhishek Bisht,Ashok Kumar Das,Youngho Park
@inproceedings{bib_Bloc_2023, AUTHOR = {JoonYoung Lee, MyeongHyun Kim, KiSung Park, SungKee Noh, Abhishek Bisht, Ashok Kumar Das, Youngho Park}, TITLE = {Blockchain-Based Data Access Control and Key Agreement System in IoT Environment}, BOOKTITLE = {Sensors}. YEAR = {2023}}
Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.
Design of Secure and Lightweight Authentication Scheme for UAV-Enabled Intelligent Transportation Systems using Blockchain and PUF
Seunghwan Son,Deokkyu Kwon,Kisung Park,Ashok Kumar Das,Youngho Park
IEEE Access, ACCESS, 2023
Abs | | bib Tex
@inproceedings{bib_Desi_2023, AUTHOR = {Seunghwan Son, Deokkyu Kwon, Kisung Park, Ashok Kumar Das, Youngho Park}, TITLE = {Design of Secure and Lightweight Authentication Scheme for UAV-Enabled Intelligent Transportation Systems using Blockchain and PUF}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
Unmanned-aerial-vehicle (UAV)-enabled intelligent transportation system (ITS) is an advanced technology that can provide various services including autonomous driving, real-time creation of high-definition maps, and car sharing. In particular, a UAV-enabled ITS can be realized through the combination of traditional vehicular ad hoc networks (VANETs) and UAVs that can act as flying roadside units (RSUs) at the outskirts and monitor road conditions from predefined locations to spot car accidents and any law violations. Notably, to realize these services, real-time communication between UAVs and RSUs must be guaranteed. However, UAVs have limited computing powers, and if extensive computation is required during communication, the provision of real-time ITS services may be hindered. Furthermore, UAVs and RSUs communicate via public channels that are prone to various attacks, such as replay
Secure access privilege delegation using attribute-based encryption
Suryakanta Panda,Samrat Mondal,Ashok Kumar Das,Willy Susilo
International Journal of Information Security, IJIS, 2023
Abs | | bib Tex
@inproceedings{bib_Secu_2023, AUTHOR = {Suryakanta Panda, Samrat Mondal, Ashok Kumar Das, Willy Susilo }, TITLE = {Secure access privilege delegation using attribute-based encryption}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2023}}
Attribute-based encryption (ABE) is widely used for a secure and efficient data sharing. The predetermined access policy of ABE shares the data with intended data users. However, ABE is not preferable in many applications that require collaboration among data users. In such applications, an authorized data user may be interested to collaborate with another data user who does not adhere to the access policy. Fixed access policy of ABE does not allow an authorized data user (who satisfies the access policy) to collaborate or share the data with any unauthorized data user (who fails to satisfy the access policy). Thus, due to the static and predefined access policy, data collaboration in ABE is significantly challenging. In this work,
Public Blockchain-Envisioned Security Scheme Using Post Quantum Lattice-Based Aggregate Signature for Internet of Drones Applications
Prithwi Bagchi,Raj Maheshwari,Basudeb Bera,Ashok Kumar Das,Youngho Park,Pascal Lor
IEEE Transactions on Vehicular Technology, TVT, 2023
@inproceedings{bib_Publ_2023, AUTHOR = {Prithwi Bagchi, Raj Maheshwari, Basudeb Bera, Ashok Kumar Das, Youngho Park, Pascal Lor}, TITLE = {Public Blockchain-Envisioned Security Scheme Using Post Quantum Lattice-Based Aggregate Signature for Internet of Drones Applications}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2023}}
Due to high effectiveness and robust security proto- cols, lattice-based cryptography becomes a very broadly appli- cable optimistic post-quantum technique that is recently used in public key cryptosystem. An aggregate signature scheme enables a party to bundle a set of signatures together into a single short cryptographic signature, which can be verified by any verifier using the public information. In this paper, we provide a lattice- based aggregate signature scheme where the security depends on the difficulty of the Ring Learning-with-Error (Ring-LWE) problem. Next, we use the basic scheme in Internet of Drones (IoD) applications using the blockchain technology for secure and transparent data storage. The detailed security analysis and comparative study show that the proposed scheme provides superior security including resistance to quantum attacks and is efficient as compared to the existing state of art approaches. The testbed experimental results and the blockchain simulation demonstrate that the proposed scheme can be applied in real-life drones applications. Index Terms—Internet of Drones (IoD), unmanned aerial vehi- cles, lattice-based cryptography, aggregate signature, blockchain, security.
Explainable Artificial Intelligence Envisioned Security Mechanism for Cyber Threat Hunting
Pankaj Kumar,Mohammad Wazid,D. P. Singh,Jaskaran Singh,Ashok Kumar Das,Youngho Park,Joel J. P. C. Rodrigue
Security and Privacy, S&P, 2023
@inproceedings{bib_Expl_2023, AUTHOR = {Pankaj Kumar, Mohammad Wazid, D. P. Singh, Jaskaran Singh, Ashok Kumar Das, Youngho Park, Joel J. P. C. Rodrigue}, TITLE = {Explainable Artificial Intelligence Envisioned Security Mechanism for Cyber Threat Hunting}, BOOKTITLE = {Security and Privacy}. YEAR = {2023}}
Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI-envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM-CTH). The network and threat models of XAISM-CTH are designed and discussed. The conducted security analysis proves the security of XAISM-CTH against various potential attacks. XAISM-CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM-CTH has been provided to observe its impact on the performance of the system. KEYWORDS cyber threat hunting, explainable artificial intelligence (XAI), intrusion detection, privacy, security
Fog-Based Single Sign-On Authentication Protocol for Electronic Healthcare Applications
Srijanee Mookherji,Vanga Odelu,Rajendra Prasath,Ashok Kumar Das,Youngho Park
IEEE Internet of Things Journal, IOT, 2023
Abs | | bib Tex
@inproceedings{bib_Fog-_2023, AUTHOR = {Srijanee Mookherji, Vanga Odelu, Rajendra Prasath, Ashok Kumar Das, Youngho Park}, TITLE = {Fog-Based Single Sign-On Authentication Protocol for Electronic Healthcare Applications}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}
Increasing use of electronic healthcare (eHealth) services demands efficient and secure solutions. Such solutions need to ensure the prevention of unauthorised access to the patient data and provide faster response. Fog computing is a viable solution to provide faster responses in eHealth systems. Key distribution and authentication play a major role in providing security to patient data. Existing centralized architectures are susceptible to single-point-of-compromise, that is, the entire system is vulnerable when the centralized authority keys are unexpectedly revealed to an adversary. In this paper, we present a fog-based semi-centralised architecture for key distribution and authentication, in which the key distribution service is delegated to individual fog-servers. Thus, the fog-servers become responsible for key distribution to the users without the involvement of the centralised authority, which forms a paradigm of multiple client-server architecture. Thus, achieving centralized trust by designing a single sign-on authentication in such environments is a challenging problem. We design a single sign-on authentication protocol for semi-centralized architectures to achieve centralized trust by ensuring that the user keys are independent of the centralized authority’s keys. A rigorous security analysis under the random oracle model is performed to prove that the proposed protocol is secure against single-point-of-compromise. We also conduct extensive experiments to show the practical perspectives of the proposed scheme. The results show that the protocol is suitable for eHealth applications, including emergency services.
LAKA-UAV: Lightweight authentication and key agreement scheme for cloud-assisted Unmanned Aerial Vehicle using blockchain in flying ad-hoc networks
Sungjin Yu,Joonyoung Lee,Anil Kumar Sutrala,Ashok Kumar Das,Youngho Park
Computer Networks, CN, 2023
Abs | | bib Tex
@inproceedings{bib_LAKA_2023, AUTHOR = {Sungjin Yu, Joonyoung Lee, Anil Kumar Sutrala, Ashok Kumar Das, Youngho Park}, TITLE = {LAKA-UAV: Lightweight authentication and key agreement scheme for cloud-assisted Unmanned Aerial Vehicle using blockchain in flying ad-hoc networks}, BOOKTITLE = {Computer Networks}. YEAR = {2023}}
Unmanned Aerial Vehicle (UAV) can be employed in various applications, including traffic control, and delivery application. However, these services are susceptible to various security attacks because sensitive data are exchanged through an open channel. Thus, a secure authentication scheme is essential for UAV. UAV has limited storage resources and computing capabilities. To overcome these problems, cloud computing is considered as a promising solution. Cloud computing provides various properties such as storage availability and scalability. Unfortunately, the cloud server’s database can be a major target for an adversary because it is a centralized system. If an adversary intrudes on the cloud server’s database, he/she may attempt to intercept or learn the stored data. To mitigate these issues, we design a secure and lightweight authentication and key agreement scheme for cloud-assisted UAV using blockchain in flying ad-hoc networks, called LAKA-UAV. LAKA-UAV utilizes blockchain technology to ensure access control and data integrity using log transactions and the cloud server securely manages collected data from UAV. We prove the security of LAKA-UAV based on informal security analysis and formal security verification implementation. Based on testbed experiments using MIRACL, LAKA-UAV provides about 2.13 times more efficient performance on average compared with related schemes in terms of computation. We present the blockchain implementation using Hyperledger Sawtooth platform
Post-Quantum Lattice-Based Secure Reconciliation Enabled Key Agreement Protocol for IoT
Dharminder Dharminder,Challa Bhageeratha Reddy,Ashok Kumar Das,Youngho Park
IEEE Internet of Things Journal, IOT, 2023
@inproceedings{bib_Post_2023, AUTHOR = {Dharminder Dharminder, Challa Bhageeratha Reddy, Ashok Kumar Das, Youngho Park}, TITLE = {Post-Quantum Lattice-Based Secure Reconciliation Enabled Key Agreement Protocol for IoT}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}
The authenticated key agreement is one of the major security services that can be used to secure an Internet of Things (IoT) environment, where the devices collect the data and the data is then aggregated at the cloud server, and then a user needs to access the data stored at the server(s) securely. For this purpose, after a mutual authentication performed between a user and the accessed server, a session key needs to be established among them for secure communication. In this article, we design an efficient lattice-based authenticated key exchange protocol using ring-based version of learning with errors assumption for the IoT-enabled smart devices. The proposed protocol is basically a key exchange that uses the reconciliation mechanism. The detailed security analysis under the standard model has been performed along with the informal security analysis to show that the proposed protocol is robust against different attacks. We then simulate the proposed protocol under the NS-3 simulator to measure the network performance parameters like network throughput and latency. A comparative analysis shows that the proposed protocol has superior security, less computational cost, and comparable communication cost when compered these parameters with the other competing schemes.
Impact on blockchain-based AI/ML-enabled big data analytics for Cognitive Internet of Things environment
Ankush Mitra,Basudeb Bera,Ashok Kumar Das,Sajjad Shaukat Jamal,Ilsun You
Computer Communications, CC, 2023
@inproceedings{bib_Impa_2023, AUTHOR = {Ankush Mitra, Basudeb Bera, Ashok Kumar Das, Sajjad Shaukat Jamal, Ilsun You}, TITLE = {Impact on blockchain-based AI/ML-enabled big data analytics for Cognitive Internet of Things environment}, BOOKTITLE = {Computer Communications}. YEAR = {2023}}
Cognitive Internet of Things (CIoT) supports the organizations to learn from the information (data) arriving from various connected devices, sensors, machines and other sources, and at the same time it inspires intelligence into different business operations, products, customer experiences, and people. Data poising attacks are very serious concerns because they may play a significant factor for businesses and organizations for both financial terms and damaging their reputations, when the Big data analytics on the analyzed data is itself corrupted. To mitigate this issue, in this paper, we suggest a blockchain-based Artificial Intelligence(AI)/Machine Learning(ML)-enabled Big data analytics mechanism for CIoT environment. The comprehensive experimental results have been provided under two circumstances: (1) performance of the ML model under data poisoning attacks and (2) performance of the ML model without data poisoning attacks. In the first case, we show how the data poison attacks can effect the ML model when the data is on some cloud storage (i.e. not in the blockchains), whereas in the second case we show the effect when the data is in the blockchains (i.e., without data poisoning attacks). The experimental results demonstrate that we have significant gains in performance in terms of accuracy, recall, precision and F1 score when there are no data poisoning attacks on the data. Moreover, a detailed blockchain simulation has carried out to demonstrate the practical aspects of the proposed security framework.
An Effective Privacy-Preserving Blockchain-Assisted Security Protocol for Cloud-Based Digital Twin Environment
Garima Thakur,Pankaj Kumar,Deepika,Srinivas Jangirala,Ashok Kumar Das,YoungHo Park
IEEE Access, ACCESS, 2023
@inproceedings{bib_An_E_2023, AUTHOR = {Garima Thakur, Pankaj Kumar, Deepika, Srinivas Jangirala, Ashok Kumar Das, YoungHo Park}, TITLE = {An Effective Privacy-Preserving Blockchain-Assisted Security Protocol for Cloud-Based Digital Twin Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}
recently, the Digital Twin (DT) technology has procured a lot of attention because of its applicability in the manufacturing and space industries. The DT environment involves the formation of a clone of the tangible object to perform simulations in the virtual space. The combination of conceptual development, predictive maintenance, real-time monitoring, and simulation characteristics of DT has increased the utilization of DT in different scenarios, such as medical environments, healthcare, manufacturing industries, aerospace, etc. However, these utilizations have also brought serious security pitfalls in DT deployment. Towards this, several authentication protocols with different security and privacy features for DT environments have been proposed. In this article, we first review a recently proposed two-factor authentication protocol for DT environments that utilizes the blockchain technology. However, the analyzed scheme is unable to offer the desirable security and cannot withstand various security attacks like offline password-guessing attack, smart card stolen attack, anonymity property, and known session- specific temporary information attack. We also demonstrate that an attacker can impersonate the analyzed protocol’s legal user, owner, and cloud server. To mitigate these security loopholes, we devise an effective three-factor privacy-preserving authentication scheme for DT environments. The proposed work is demonstrated to be secure by performing the informal security analysis, the formal security analysis using the widely recognized Burrows-Abadi-Needham (BAN) logic, and the Real-or-Random (ROR) model. A detailed comparative study with the existing competing schemes including the analyzed scheme demonstrates that the devised framework furnishes better security features while also having lower computation costs and comparable communication costs than the existing schemes.
A New Scalable and Secure Access Control Scheme using Blockchain Technology for IoT
Sivaselvan N, Vivekananda Bhat K,Muttukrishnan Rajarajan,Ashok Kumar Das
IEEE Transactions on Network and Service Management, TNSM, 2023
@inproceedings{bib_A_Ne_2023, AUTHOR = {Sivaselvan N, Vivekananda Bhat K, Muttukrishnan Rajarajan, Ashok Kumar Das}, TITLE = {A New Scalable and Secure Access Control Scheme using Blockchain Technology for IoT}, BOOKTITLE = {IEEE Transactions on Network and Service Management}. YEAR = {2023}}
The growth of IoT devices is so rapid that several billions of such devices would be in use in a span of four-year period. Essential security mechanisms need to be put in place to curb several security attacks prevalent in IoT. Access control is an important security mechanism that ensures legitimate and controlled access to critical and limited resources in IoT. The current access control schemes for IoT could not handle burgeoning number of IoT devices, while meeting the necessary level of security. Consequently, in this paper, we propose a new scalable and secure access control scheme for IoT. With blockchain as the root-of-trust, the proposed scheme performs access control for the IoT devices without having the resource-constrained IoT devices to be part of the blockchain network and to possess substantial amount of blockchain data. Blockchain’s tamper-proof property makes it an ideal candidate to be chosen as the root-of-trust. The scheme is secure against various security attacks prevalent in IoT. A proof-of-concept implementation for the scheme is developed and deployed in Ethereum Mainnet. The transaction costs of the different operations in the scheme are fairly below USD 3. Furthermore, scalability of the proposed scheme in different scenarios is investigated.
An Access Control Scheme in IoT-Enabled Smart-Grid Systems Using Blockchain and PUF
Amina Zahoor,khalid mohomood,Salman Shamshad,Muhammad Asad Saleem,Muhammad Faizan Ayub,Mauro Conti,Ashok Kumar Das
Internet of Things Journal, IOT, 2023
Abs | | bib Tex
@inproceedings{bib_An_A_2023, AUTHOR = {Amina Zahoor, khalid Mohomood, Salman Shamshad, Muhammad Asad Saleem, Muhammad Faizan Ayub, Mauro Conti, Ashok Kumar Das}, TITLE = {An Access Control Scheme in IoT-Enabled Smart-Grid Systems Using Blockchain and PUF}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2023}}
IoT-enabled Smart Grid (IoT-SG) is an emerging paradigm that enables the bi-direction communication of IoT devices and hardware to efficiently collect and transmit the consumer’s information over the Internet. However, the underlying open communication network and resource-constrained capabilities of devices invite manifold challenges and threats in terms of security and privacy. To alleviate such issues, we designed a private blockchain-based access control protocol for IoT-SG using Physically Unclonable Function (PUF). Our protocol allows the Service Provider (SP) and smart meters to transfer the data in an efficient and secure manner. The participating SPs form the Peer-to-Peer (P2P) network, and each peer node is responsible for securely creating the blocks from the gathered data. Thereafter, all the peer nodes employ a voting-based consensus mechanism to verify and add the recently created block …
A Provably-Secure Authenticated Key Agreement Protocol for Remote Patient Monitoring IoMT
Chien-Ming Chen,Shuangshuang Liu,Xuanang Li,SK Hafizul Islam,Ashok Kumar Das
Journal of Systems Architecture, JSA, 2023
Abs | | bib Tex
@inproceedings{bib_A_Pr_2023, AUTHOR = {Chien-Ming Chen, Shuangshuang Liu, Xuanang Li, SK Hafizul Islam, Ashok Kumar Das}, TITLE = {A Provably-Secure Authenticated Key Agreement Protocol for Remote Patient Monitoring IoMT}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}
With the continuous improvement of the public medical system, the current medical service industry is more intelligent. Among them, the Internet of Medical Things (IoMT) plays a significant role in intelligent medicine. The emergence of remote wireless monitoring platforms in the IoMT systems has significantly reduced the risk of virus infection among medical staff. However, data is easy to be stolen by criminals in the transmission process. To mitigate these issues, we propose a three-factor enhanced protocol for monitoring patient body information. The proposed protocol can provide the confidentiality of transmitted data and the privacy of doctors and patients. The security of the protocol is demonstrated in the Random Oracle Model (ROM) for formal security. In addition, by comparing the proposed protocol with other related works, our design has efficient performance both in execution time and communication costs.
SINN-RD: Spline Interpolation-envisioned Neural Network-based Ransomware Detection Scheme
Jaskaran Singh,Keshav Sharma,Mohammad Wazid,Ashok Kumar Das
Computers and Electrical Engineering, CEE, 2023
Abs | | bib Tex
@inproceedings{bib_SINN_2023, AUTHOR = {Jaskaran Singh, Keshav Sharma, Mohammad Wazid, Ashok Kumar Das}, TITLE = {SINN-RD: Spline Interpolation-envisioned Neural Network-based Ransomware Detection Scheme}, BOOKTITLE = {Computers and Electrical Engineering}. YEAR = {2023}}
Multiple kinds of ransomware are currently posing a growing threat to the Internet users. Important user data is encrypted by the trendy ransomware, and its recovery requires payment of a ransom in terms of some amount of money. The trend of crypto-currencies may be a contributing factor to the rise of ransomware attacks. From time to time, different mechanisms for detection and mitigation of ransomware attacks have been proposed. However, the performance of the ransomware detection process can be improved through the deployment of Machine Learning/Deep Learning based mechanisms. In this article, we propose a novel Spline Interpolation envisioned Neural Network based Ransomware Detection Scheme (in short, we call it as SINN-RD). Additionally, we introduce the mechanisms for normalizing the data and generating the new features from the log files. The conducted security analysis of the
Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks
Indushree M,Manish Raj, Vipul Kumar Mishra,Shashidhara R,Ashok Kumar Das,Vivekananda Bhat K
Computer Communications, CC, 2023
Abs | | bib Tex
@inproceedings{bib_Mobi_2023, AUTHOR = {Indushree M, Manish Raj, Vipul Kumar Mishra, Shashidhara R, Ashok Kumar Das, Vivekananda Bhat K}, TITLE = {Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks}, BOOKTITLE = {Computer Communications}. YEAR = {2023}}
Designing a secure and efficient authentication protocol is crucial and challenging in the mobility network. Due to the seamless roaming of mobile users over multiple foreign agents and the broadcast nature of the communication channel, the mobile networks are often exposed to several network attacks. To achieve perfect authentication and secure communication among mobility entities like MU (Mobile User), FA (Foreign Agent) and HA (Home Agent), the researchers have proposed numerous authentication protocols in the past. However, the existing protocols for the mobility environments are insufficient to address the fundamental security concerns and an adversary can impersonate the mobile user at anytime. Thus, we propose Mobile-Chain, a secure blockchain-based authentication system for mobility environments. The proposed Mobile-Chain is designed to protect user privacy and guarantees provable
Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Networks
Vangala Anusha,Ashok Kumar Das,Ankush Mitra,Sajal K. Das,Youngho Park
IEEE Transactions on Information Forensics and Security, TIFS, 2022
Abs | | bib Tex
@inproceedings{bib_Bloc_2022, AUTHOR = {Vangala Anusha, Ashok Kumar Das, Ankush Mitra, Sajal K. Das, Youngho Park}, TITLE = {Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Networks}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}
Precision farming has a positive potential in the agricultural industry regarding water conservation, increased productivity, better development of rural areas, and increased income. Blockchain technology is a better alternative for storing and sharing farm data as it is reliable, transparent, immutable, and decentralized. Remote monitoring of an agricultural field requires security systems to ensure that any sensitive information is exchanged only among authenticated entities in the network. To this end, we design an efficient blockchain-enabled authenticated key agreement scheme for mobile vehicles-assisted precision agricultural Internet of Things (IoT) networks called AgroMobiBlock . The limited existing work on authentication in agricultural networks shows passive usage of blockchains with very high costs. AgroMobiBlock proposes a novel idea using the elliptic curve operations on an active hybrid blockchain over mobile farming vehicles with low computation and communication costs. Formal and informal security analysis along with the formal security verification using the Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool have shown the robustness of AgroMobiBlock against man-in-the-middle, impersonation, replay, physical capture, and ephemeral secret leakage attacks among other potential attacks. The blockchain-based simulation on large-scale nodes shows the computational time for an increase in the network and block sizes. Moreover, the real-time testbed experiments have been performed to show the practical usefulness of the proposed scheme.
KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System
Bimal Kumar Meher,Ruhul Amin,Ashok Kumar Das,Muhammad Khurram Khan
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2022
Abs | | bib Tex
@inproceedings{bib_KL-R_2022, AUTHOR = {Bimal Kumar Meher, Ruhul Amin, Ashok Kumar Das, Muhammad Khurram Khan}, TITLE = {KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}
Elliptic Curve Cryptography (ECC)-based authenti-cation schemes for the Radio-frequency identification (RFID) environment have emerged as a very safe, secure, and robust candidate of mutual authentication. However, the limited resource availability in a passive tag makes such schemes difficult to realize in practice. Public/private key pair generation, storage, and the computation using those keys are the major bottlenecks towards the faster and efficient design of such schemes. Therefore, we have designed our scheme without using public/private key pairs. We only utilize the Elliptic Curve Discrete Logarithm Problem (ECDLP) property for the realization of our key-less scheme on the secure elliptic curves. Our scheme is primarily aimed at efficient implementation of authentication schemes in Warehouse Management System (WMS), where the data is stored in local servers. This new idea helps to save the memory space in the tags and the server. Moreover, the computation cost also reduces to a great extent in comparison to other schemes. We have compared our scheme with several other schemes and found it efficient in terms of storage cost as well. The simulation result of our scheme with the popular aut
Blockchain-Based Fog Computing
Vangala Anusha,Ashok Kumar Das
Security Issues in Fog Computing from 5G to 6G, SIFC, 2022
Abs | | bib Tex
@inproceedings{bib_Bloc_2022, AUTHOR = {Vangala Anusha, Ashok Kumar Das}, TITLE = {Blockchain-Based Fog Computing}, BOOKTITLE = {Security Issues in Fog Computing from 5G to 6G}. YEAR = {2022}}
The distributed nature of Internet of Things (IoT) and fog computing mandates that the security provided to the resources of networking and data on these applications is based on a distributed structure. The nodes in a fog computing environment should be working with equal capacities without any necessity of trust among them, in order to allow the layers and infrastructure that constitute the stack of a fog node to be owned and managed by different entities. This idea of security necessitates the need for distributed trust in fog computing that can be realized using the concept of blockchain technology. Blockchain is a distributed and
Blockchain‐enabled secure communication mechanism for IoT‐driven personal health records
Mohammad Wazid,Ashok Kumar Das,Youngho Park
Transactions on Emerging Telecommunications Technologies, ETT, 2022
Abs | | bib Tex
@inproceedings{bib_Bloc_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Youngho Park}, TITLE = {Blockchain‐enabled secure communication mechanism for IoT‐driven personal health records}, BOOKTITLE = {Transactions on Emerging Telecommunications Technologies}. YEAR = {2022}}
The information system of healthcare operates through various frameworks, like wireless body area network, telecare medical information system, and mobile or electronic healthcare. All these systems need to maintain the personal health records (PHRs) for various users (ie, patients, doctors, and nurses). In such systems, we need to process and store the health related sensitive data (ie, PHRs). In this article, we aim to provide a robust security mechanism to secure exchange and storage of healthcare data, especially PHRs. We present a generic architecture of blockchain‐enabled secure communication mechanism for Internet of Things‐driven personal health records (BIPHRS). We then discuss various threats and security attacks of healthcare system along with different available security mechanisms. The conducted security analysis and detailed comparative study of the state of art blockchain enabled security schemes for PHR systems show that the proposed BIPHRS provides a better security and more functionality features as compared to other similar existing approaches. We propose a blockchain‐enabled secure communication framework for Internet of Things‐driven personal health records (BIPHRS). The proposed BIPHRS provides better security and more functionality features as compared to the other similar schemes. In addition, a practical
An Efficient Privacy-Preserving Authenticated Key Establishment Protocol for Health Monitoring in Industrial Cyber–Physical Systems
Salman Shamshad,Khalid Mahmood,Shafiq Hussain,Sahil Garg,Ashok Kumar Das
IEEE Internet of Things Journal, IOT, 2022
Abs | | bib Tex
@inproceedings{bib_An_E_2022, AUTHOR = {Salman Shamshad, Khalid Mahmood, Shafiq Hussain, Sahil Garg, Ashok Kumar Das}, TITLE = {An Efficient Privacy-Preserving Authenticated Key Establishment Protocol for Health Monitoring in Industrial Cyber–Physical Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
Industry 5.0 is the automation, digitization, and data communication of the industrial procedure that comprises industrial cyber–physical systems (I-CPSs), industrial Internet of Things (IIoT), and artificial intelligence (AI). In the I-CPS-enabled healthcare ecosystem, intelligent wearable devices have been extensively employed to sense body information and measure the health status of the patients. Besides other IIoT applications, the I-CPS-enabled healthcare ecosystem also bears various challenges. For instance, due to the communal communication mediums, the security of a patient’s physiological datum is becoming a significant challenge these days. In order to cope with this challenge, we presented a secure and lightweight key establishment protocol. To the best of our knowledge, this protocol is the first application of physically unclonable function (PUF) in the I-CPS-enabled healthcare. The security of the designed protocol is proved with the help of a widely recognized real-or-random (ROR) model. The practical demonstration of our protocol from the network perspective is also measured through broadly recognized NS3 simulator tool.
AI-Envisioned Blockchain-Enabled Signature-Based Key Management Scheme for Industrial Cyber-Physical Systems
Ashok Kumar Das,Basudeb Bera,Sourav Saha,Neeraj Kumar,Ilsun You,Han-Chieh Chao,Han-Chieh Chao
IEEE Internet of Things Journal, IOT, 2022
Abs | | bib Tex
@inproceedings{bib_AI-E_2022, AUTHOR = {Ashok Kumar Das, Basudeb Bera, Sourav Saha, Neeraj Kumar, Ilsun You, Han-Chieh Chao, Han-Chieh Chao}, TITLE = {AI-Envisioned Blockchain-Enabled Signature-Based Key Management Scheme for Industrial Cyber-Physical Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
This article proposes a new blockchain-envisioned key management protocol for artificial intelligence (AI)-enabled industrial cyber–physical systems (ICPSs). The designed key management protocol enables key establishment among the Internet of Things (IoT)-enabled smart devices and their respective gateway nodes. The blocks partially constructed with secure data from smart devices by fog servers are provided to cloud servers that are responsible for completing blocks, and then mining those blocks for verification and addition in the blockchain. The most important application of the private blockchain construction is to apply AI algorithms for accurate predictions in Big data analytics. A detailed security analysis along with formal security verification show that the proposed scheme resists various potential attacks in an ICPS environment. Moreover, practical testbed experiments have been conducted using the multiprecision integer and rational arithmetic cryptographic library (MIRACL). Furthermore, a detailed comparative analysis shows superiority of the proposed scheme over recent relevant schemes. In addition, the practical implementation using the blockchain for the proposed scheme demonstrates the total computational costs when the number of transactions per block and also the number of blocks mined in the blockchain are varied.
SCS-WoT: Secure Communication Scheme for Web of Things Deployment
Mohammad Wazid,Ashok Kumar Das,Kim-Kwang Raymond Choo,Youngho Park
IEEE Internet of Things Journal, IOT, 2022
Abs | | bib Tex
@inproceedings{bib_SCS-_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Kim-Kwang Raymond Choo, Youngho Park}, TITLE = {SCS-WoT: Secure Communication Scheme for Web of Things Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
Web of Things (WoT) extends the Internet of Things (IoT) paradigm to facilitate communications among smart things/devices and Web-based applications. In other words, WoT systems generally provide a Web interface for the monitoring and controlling of smart devices over the Web, for example, in applications, such as home automation, intelligent transportation system, smart healthcare, smart cities, and smart agriculture. However, this results in the generation of significant volume of data (i.e., big data) and, hence, the importance of big data analytics. There are also associated security and privacy implications. Therefore, in this article, we present a signature-based authentication and key agreement scheme for the WoT environment and prove its security. We also evaluate the performance of SCS-WoT and compare it against four other competing schemes. The findings show that SCS-WoT achieves better performance in terms of communication cost, computational cost, and security and functionality.
BAKP-IoDA: blockchain driven authentication and key agreement protocol for internet of drones based applications
Amarjit Sripesh,Mohammad Wazid,D. P. Singh,Ashok Kumar Das,Bharat Verma
Workshop On Mobile Computing And Networking, MOBICOM-W, 2022
@inproceedings{bib_BAKP_2022, AUTHOR = {Amarjit Sripesh, Mohammad Wazid, D. P. Singh, Ashok Kumar Das, Bharat Verma}, TITLE = {BAKP-IoDA: blockchain driven authentication and key agreement protocol for internet of drones based applications}, BOOKTITLE = {Workshop On Mobile Computing And Networking}. YEAR = {2022}}
Recently, Internet of Drones (IoD) has emerged as an important topic to research in academy and industry due to its generic ser- vices for various drone applications. In an IoD environment, the deployed drones and the ground station server (GSS) communicate over an open network which leads to security and privacy breaches. To mitigate these issues, a blockchain driven authentication and key establishment protocol for secure communication in IoD has been designed (in short, it is called as BAKP-IoDA). The security analysis of BAKP-IoDA shows its robustness against different at- tacks. During the performance comparison, it has been observed that BAKP-IoDA maintains superior security along with extra func- tionality features with the competing schemes. Additionally, the blockchain based practical demonstration of BAKP-IoDA shows its impact on various important network performance parameters, like computation time and transactions per second
Uniting cyber security and machine learning: Advantages, challenges and future research
Mohammad Wazid,Ashok Kumar Das,Vinay Chamola,Youngho Park
Information and Communications Technology, ICT Express, 2022
@inproceedings{bib_Unit_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Vinay Chamola, Youngho Park}, TITLE = {Uniting cyber security and machine learning: Advantages, challenges and future research}, BOOKTITLE = {Information and Communications Technology}. YEAR = {2022}}
Machine learning (ML) is a subset of Artificial Intelligence (AI), which focuses on the implementation of some systems that can learn from the historical data, identify patterns and make logical decisions with little to no human interventions. Cyber security is the practice of protecting digital systems, such as computers, servers, mobile devices, networks and associated data from malicious attacks. Uniting cyber security and ML has two major aspects, namely accounting for cyber security where the machine learning is applied, and the use of machine learning for enabling cyber security. This uniting can help us in various ways, like it provides enhanced security to the machine learning models, improves the performance of the cyber security methods, and supports effective detection of zero day attacks with less human intervention. In this survey paper, we discuss about two different concepts by uniting cyber security and ML. We also discuss the advantages, issues and challenges of uniting cyber security and ML. Furthermore, we discuss the various attacks and provide a comprehensive comparative study of various techniques in two different considered categories. Finally, we provide some future research directions. © 2022 The Author(s). Published by Elsevier B.V. on behalf of The Korean Institute of Communications and Information Sciences. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Keywords: Cyber security; Machine learning; Internet of Things (ioT); Privacy; Security; Intrusion detection
TACAS-IoT: Trust Aggregation Certificate-Based Authentication Scheme for Edge-Enabled IoT Systems
Mohammad Wazid,Ashok Kumar Das,Sachin Shetty
IEEE Internet of Things Journal, IOT, 2022
@inproceedings{bib_TACA_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Sachin Shetty}, TITLE = {TACAS-IoT: Trust Aggregation Certificate-Based Authentication Scheme for Edge-Enabled IoT Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
The Internet of Things (IoT) is a network of interconnected, Internet-connected items (i.e., smart devices) that can collect and transmit data across a wireless network with- out the need for human intervention. IoT enables the systems to have higher efficiency and dependability in their day-to-day operations due to its strong focus on machine-to-machine (M2M) connectivity, big data, and machine learning. While IoT has many advantages over traditional techniques, it also has a number of security and privacy concerns. Trust is a belief in the competence of a device (computing machine) to act dependably, securely and reliably in some specific context. In an M2M (one IoT device to other IoT device) communication, trust is accomplished by making the use of cryptographic operations (i.e., digital signa- tures and electronic certificates). Various security threats and attacks have been launched on IoT connectivity in recent years. A trust mechanism is necessary to ensure the quality of collab- orative service behaviors and to build confidence between IoT devices. As a result, how to create an effective trust computing mechanism has become an emerging topic in IoT. Therefore, we provide the design of a novel trust-aggregation-based authen- tication scheme for secure communication of edge-enabled IoT (in short, TACAS-IoT). The security analysis shows that TACAS- IoT is secured against a variety of attacks. Moreover, TACAS-IoT delivers greater security and capabilities with less communica- tion and computation overheads, according to the performance comparison. Finally, a practical implementation of TACAS-IoT is provided in order to assess its impact on the key performance parameters. Index Terms—Authentication and key management, Internet of Things (IoT), security, simulation, trust.
SLAP-IoD: Secure and Lightweight Authentication Protocol Using Physical Unclonable Functions for Internet of Drones in Smart City Environments
Sungjin Yu,Ashok Kumar Das,Youngho Park,Pascal Lorenz
IEEE Transactions on Vehicular Technology, TVT, 2022
@inproceedings{bib_SLAP_2022, AUTHOR = {Sungjin Yu, Ashok Kumar Das, Youngho Park, Pascal Lorenz}, TITLE = {SLAP-IoD: Secure and Lightweight Authentication Protocol Using Physical Unclonable Functions for Internet of Drones in Smart City Environments}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}
With the emergence of the concept of smart city and the increasing demands for a range of drones, Internet of Drones (IoD) has achieved a variety of attention by providing multiple benefits in academia and industry. IoD offers numerous services, such as traffic monitoring, environmental monitoring, and disas- ter management by combining infrastructure, Internet of Things (IoT), and Flying Ad-Hoc Networks (FANET) in smart city envi- ronments. However, communication among drones is vulnerable to potential security threats because the sensitive messages in various applications are exchanged via an insecure channel in IoD-based smart city environments. Since IoDs can be operated in unat- tended environment with minimum human interventions, smart devices (e.g., drones and sensors) deployed in IoD architectures are vulnerable to physical capture attacks. In addition, drones are resource-constrained in terms of computation and communication overheads, and it is not much viable to apply public key cryptog- raphy (PKC) that requires high computation and communication overheads. Thus, we design a secure and lightweight authentication protocol using a physical unclonable function (PUF) for IoD to guarantee reliable and useful services in smart city environments, called SLAP-IoD. We prove the security of the SLAP-IoD using informal and formal security analyses using the broadly recog- nized Real-Or-Random (ROR) random oracle model, and also through the formal security verification using the widely-accepted Automated Validation of Internet Security-sensitive Protocols and Applications (AVISPA) security verification. Furthermore, we com- pare the performance of the SLAP-IoD with related schemes. Consequently, we show that SLAP-IoD offers better security and efficiency than other related schemes and is suitable for IoD-based smart city environments
Security in IoMT-Driven Smart Healthcare: A Comprehensive Review and Open Challenges
Neha Garg, Mohammad Wazid, Jaskaran Singh,D. P. Singh,Ashok Kumar Das
Security and Privacy, S&P, 2022
Abs | | bib Tex
@inproceedings{bib_Secu_2022, AUTHOR = {Neha Garg, Mohammad Wazid, Jaskaran Singh, D. P. Singh, Ashok Kumar Das}, TITLE = {Security in IoMT-Driven Smart Healthcare: A Comprehensive Review and Open Challenges}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}
The Internet of Medical Things (IoMT) is a kind of communication environment, which deals with communication that occurs through the Internet of Things (IoT)-enabled smart medical (healthcare) devices. The potential security threats of IoMT affect the confidentiality, integrity, authenticity and availability of its data and the associated resources. In this review article, we explain various architectures of IoMT communication along with their applications. We highlight the security requirements of IoMT communication environment along with some potential security attacks and threats of IoMT. Furthermore, the network model and adversary model of IoMT communication are provided. A taxonomy of security protocols of IoMT communication environment is additionally added, which contains various security protocols, such as key management, user/device authentication, access control and intrusion detection protocols. Moreover, we provide a detailed comprehensive comparative analysis of several security protocols with respect to various parameters, like computation cost, communication cost, security features and functionality features, accuracy and F1-score. Additionally, we also provide some future research directions.
Security and Privacy Issues in 5G/6G-Assisted Software-Defined Networks
Durbadal Chattaraj,Ashok Kumar Das
Software Defined Networks: Architecture and Applications, SDNAA, 2022
Abs | | bib Tex
@inproceedings{bib_Secu_2022, AUTHOR = {Durbadal Chattaraj, Ashok Kumar Das}, TITLE = {Security and Privacy Issues in 5G/6G-Assisted Software-Defined Networks}, BOOKTITLE = {Software Defined Networks: Architecture and Applications}. YEAR = {2022}}
Emerging 5G/6G communication and next-generation Internet (NGI) technologies demand proper administration and control of an ultra large-scale dynamic network to provide high-speed ubiquitous networked-resource accessing while assisting higher channel bandwidth. The conventional static network infrastructure-based solutions provide only manual supervision and third-party provisioning of the networked assets. In addition, such settings mostly forefront to unsuitable resource usage, and sometimes lead to several security and privacy concerns. The de facto Software-Defined Networking (SDN) has come up with several new promises to solve such limitations. Since its inception, SDN decouples the traditional data layer from the control plane of a third-party network equipment, which is claimed to be ensured higher security, dynamicity, scalability, efficiency, and faster reconfiguration capability of a ultra large-scale dynamic network as compared with the conventional network. However, a thorough inspection of the literature presently shows that most of the vulnerabilities are originated from the two specific layers, namely, control and data plane of the underlying SDN framework. Also, due to the absence of proper authentication and access control mechanisms ensuring inevitable protection of the SDN controller node and the network assets is a very challenging task. Though secure socket layer (SSL) or transport layer security (TLS)-based solutions are predominantly advocated in this domain to assist security in SDN framework but such mechanisms are also vulnerable to spoofing, sniffing, eavesdropping, replay, man-in-the-middle, privileged-insider, denial-of-service, distributed-denial-of-service, impersonation attacks. Therefore, this work qualitatively countermeasures all the recently attended (or unattended) state-of-the-art security and privacy concerns related to the recently reported access control, authentication, key management, secure data aggregation, privacy-aware secure auditing, and layer-wise functional inconvenience policies with respect to each and every layers of SDN platform. This study hence will be helpful to the academicians and researchers for the future development of new policies and protocols in the SDN platform.
Securing Age-of-Information (AoI)-Enabled 5G Smart Warehouse Using Access Control Scheme
Ashok Kumar Das,Sandip Roy,Eranga Bandara,Sachin Shetty
IEEE Internet of Things Journal, IOT, 2022
@inproceedings{bib_Secu_2022, AUTHOR = {Ashok Kumar Das, Sandip Roy, Eranga Bandara, Sachin Shetty}, TITLE = {Securing Age-of-Information (AoI)-Enabled 5G Smart Warehouse Using Access Control Scheme}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
Low-power wireless sensor networks (WSNs) and Internet of Things (IoT) have great impact for the real-time applications in future 5th generation (5G) mobile networks due to the wireless-powered communication technologies. The Age of Information (AoI) plays a crucial performance metric in an IoT-enabled real-time smart warehouse application, where the freshness of the aggregated data is very important. However, wireless medium communication among the beacon nodes and the user equipments (tracking nodes) gives an opportunity to an adversary not only to eavesdrop the data but also to corrupt the data by means of deleting, modifying or inserting malicious information during communication among the entities involved in the smart warehouse environment. To mitigate these issues, we design a security scheme for AoI-enabled 5G smart ware- house through an access control mechanism, where the secure communication among the beacon nodes and the tracking nodes will take place by mutual device authentication and key agree- ment process. The fresh data collected at the enterprise cloud is then used for big data analytics for better predictions and anal- ysis, such as optimal device scheduling so that the data becomes very fresh. The rigorous security analysis and comparative study show that the proposed mechanism has significantly better secu- rity and comparable communication and computational costs as compared to the relevant schemes. In addition, through the real- time testbed experiments, we show that the proposed scheme is practical in 5G smart warehouse context. Index Terms—Access control and key agreement (ACKA), Age of Information (AoI), bi
Secure cloud-based data storage scheme using postquantum integer lattices-based signcryption for IoT applications
Dharminder Dharminder, Uddeshaya Kumar,Ashok Kumar Das,Basudeb Bera,Debasis Giri,Sajjad Shaukat Jamal, Joel J. P. C. Rodrigues
Transactions on Emerging Telecommunications Technologies, ETT, 2022
Abs | | bib Tex
@inproceedings{bib_Secu_2022, AUTHOR = {Dharminder Dharminder, Uddeshaya Kumar, Ashok Kumar Das, Basudeb Bera, Debasis Giri, Sajjad Shaukat Jamal, Joel J. P. C. Rodrigues}, TITLE = {Secure cloud-based data storage scheme using postquantum integer lattices-based signcryption for IoT applications}, BOOKTITLE = {Transactions on Emerging Telecommunications Technologies}. YEAR = {2022}}
The primary objective of postquantum cryptography (also known as quantum-resistant cryptography) is to develop the cryptographic systems that need to be robust against both quantum and classical computers, and can also interoperate with the existing communications protocols and networks. In an Internet of Things (IoT) environment, the communicated messages contain sensitive information that are transmitted over an open channel, where message integrity and data privacy become challenging tasks. Although several traditional cryptographic security protocols can be applied for IoT security and data privacy, such as authentication, access control, key agreement, and digital signature, but they are not resilient against quantum attacks. To overcome these issues, in this article, we first present an advanced and efficient construction of postquantum lattice-based signcryption scheme, and then apply the constructed lattice-based signcryption in IoT applications, where data sensed by the deployed IoT smart devices is securely stored at the cloud, via the gateway nodes (aggregators). The data stored at the cloud servers cannot be even modified by them due to the involved signatures generated by the aggregators. The formal security analysis shows the robustness of our designed lattice-based signcryption scheme. Other detailed information security analysis and a performance analysis with the traditional number-theoretical based public key cryptosystems show the efficacy, and significantly better security and functionality features of the proposed scheme under the lattice-based postquantum context.
Secure biometric-based access control scheme for future IoT-enabled cloud-assisted video surveillance system
Palak Bagga,Ankush Mitra,Ashok Kumar Das,Pandi Vijayakumar,YoungHo Park,Marimuthu Karuppiah
Computer Communications, CC, 2022
Abs | | bib Tex
@inproceedings{bib_Secu_2022, AUTHOR = {Palak Bagga, Ankush Mitra, Ashok Kumar Das, Pandi Vijayakumar, YoungHo Park, Marimuthu Karuppiah}, TITLE = {Secure biometric-based access control scheme for future IoT-enabled cloud-assisted video surveillance system}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}
We propose a new access control mechanism for video surveillance system based on user’s biometrics, which allows to access real-time video surveillance data from deployed Internet of Things (IoT) smart devices. For this purpose, mutual authentication is performed between a user and accessed smart devices via the cloud server(s) and the session keys are then established to make secure communication. The proposed scheme allows accessing real time video and older videos that are in cloud servers, and also user’s credential update phase. Through the security analysis, it has been shown that the proposed scheme is robust against a variety of potential passive/active attacks. A detailed comparative study shows the efficacy of the proposed scheme as compared to other existing solutions. Finally, the real testbed experiments have been carried out for secure surveillance system using Raspberry PI devices as IoT devices, user’s devices and servers to show its practical application.
Robust Certificateless Authentication Protocol for the SAE J1939 Commercial Vehicles Bus
Basker Palaniswamy,Keyvan Ansari,Alavalapati Goutham Reddy,Ashok Kumar Das,Sachin Shetty
IEEE Transactions on Vehicular Technology, TVT, 2022
@inproceedings{bib_Robu_2022, AUTHOR = {Basker Palaniswamy, Keyvan Ansari, Alavalapati Goutham Reddy, Ashok Kumar Das, Sachin Shetty}, TITLE = {Robust Certificateless Authentication Protocol for the SAE J1939 Commercial Vehicles Bus}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}
Authentication for controller area network (CAN) buses in an intra-vehicular network involving electronic control units (ECUs) is a challenging factor. The Society of Automotive Engineers standard (SAE J1939) incorporating the ISO 11898- 1 specification for the data link and physical layers of the standard CAN and CAN-flexible data rate (CAN-FD) handles communication among ECUs. The SAE J1939 is vulnerable to attacks, namely replay, masquerading and machine-in-the-middle (MITM) attacks. To prevent such attacks, there exist protocol suites for resource-constrained and resource-unconstrained nodes proposed in the literature which are not formally analysed. We formally analyse one of the comprehensive protocol suites using the state-of-the-art Tamarin automated software validation tool. The analysis reveals that the protocols have a vulnerability that can be exploited by replay attack. The identified replay attack prevents further frame authentication. To mitigate the identified attacks, we propose two new authentication protocols. At first, we propose one pass authentication protocol for computationally re- stricted nodes. For nodes that are not restricted computationally, we present a certificateless signature-based authentication proto- col. Additionally, we present a new certificateless key insulated manageable signature (CL-KIMS) scheme for the signature-based authentication protocol. CL-KIMS ensures key insulation and random access key update properties. CL-KIMS scheme assures a novel property, known as self-healing property. The security of the proposed protocol suite and the signature scheme is formally analysed using the random oracle model (ROM). Especially, CL- KIMS scheme is shown to be provably secure in the ROM against Type-I and Type-II adversaries. We use the Tamarin tool to verify mutual authentication, session key security, known key secrecy and forward security. A detailed performance comparison shows that compared with the existing protocol suites, the proposed protocol suite has lesser communication overhead and ensures
Post-Quantum Secure Identity-Based Encryption Scheme Using Random Integer Lattices for IoT-Enabled AI Applications
Dharminder Dharminder,Ashok Kumar Das,Sourav Saha,Basudeb Bera,Athanasios V. Vasilakos
Security and Communication Networks, SCNW, 2022
@inproceedings{bib_Post_2022, AUTHOR = {Dharminder Dharminder, Ashok Kumar Das, Sourav Saha, Basudeb Bera, Athanasios V. Vasilakos}, TITLE = {Post-Quantum Secure Identity-Based Encryption Scheme Using Random Integer Lattices for IoT-Enabled AI Applications}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2022}}
Identity-based encryption is an important cryptographic system that is employed to ensure confidentiality of a message in communication. &is article presents a provably secure identity based encryption based on post quantum security assumption. &e security of the proposed encryption is based on the hard problem, namely Learning with Errors on integer lattices. &is construction is anonymous and produces pseudo random ciphers. Both public-key size and ciphertext-size have been reduced in the proposed encryption as compared to those for other relevant schemes without compromising the security. Next, we incorporate the constructed identity based encryption (IBE) for Internet of &ings (IoT) applications, where the IoT smart devices send securely the sensing data to their nearby gateway nodes(s) with the help of IBE and the gateway node(s) secure aggregate the data from the smart devices by decrypting the messages using the proposed IBE decryption. Later, the gateway nodes will securely send the aggregated data to the cloud server(s) and the Big data analytics is performed on the authenticated data using the Artificial Intelligence (AI)/Machine Learning (ML) algorithms for accurate and better predictions.
On the design of an AI-driven secure communication scheme for internet of medical things environment
Neha Garg,Rajat Petwal, Mohammad Wazid,Ashok Kumar Das,Joel J.P.C. Rodrigues
Digital Communications and Networks, DCN, 2022
@inproceedings{bib_On_t_2022, AUTHOR = {Neha Garg, Rajat Petwal, Mohammad Wazid, Ashok Kumar Das, Joel J.P.C. Rodrigues}, TITLE = {On the design of an AI-driven secure communication scheme for internet of medical things environment}, BOOKTITLE = {Digital Communications and Networks}. YEAR = {2022}}
The Internet of Medical Things (IoMT) is a collection of smart healthcare devices, hardware infrastructure, and related software applications, facilitating to connect healthcare information technology system via the Internet. It is also called IoT in healthcare, facilitating secure communication of remote healthcare devices over the Internet for quick and flexible analysis of healthcare data. In other words, IoMT is an amalgam of medical devices and applications, which improves overall healthcare outcomes. However, this system is prone to security- and privacy-related attacks on healthcare data. Therefore, providing a robust security mechanism to prevent the attacks and vulnerability of IoMT is essential. To mitigate this, we proposed a new Artificial-Intelligence envisioned secure communication scheme for IoMT. The discussed network and threat models provide details of the associated network arrangement of the IoMT devices and attacks relevant to IoMT. Furthermore, we provide the security analysis of the proposed scheme to show its security against different possible attacks. Moreover, a comparative study of the proposed scheme with other similar schemes is presented. Our results show that the proposed scheme outperforms other similar schemes in terms of communication and computation costs, and security and functionality attributes. Finally, we provide a pragmatic study of the proposed scheme to observe its impact on various network performance parameters.
Machine learning security attacks and defense approaches for emerging cyber physical applications: A comprehensive survey
Jaskaran Singh,Mohammad Wazid,Ashok Kumar Das,Vinay Chamola, Mohsen Guizani
Computer Communications, CC, 2022
Abs | | bib Tex
@inproceedings{bib_Mach_2022, AUTHOR = {Jaskaran Singh, Mohammad Wazid, Ashok Kumar Das, Vinay Chamola, Mohsen Guizani}, TITLE = {Machine learning security attacks and defense approaches for emerging cyber physical applications: A comprehensive survey}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}
The cyber physical systems integrate the sensing, computation, control and networking processes into physical objects and infrastructure, which are connected through the Internet to execute a common task. Cyber physical systems can be applied in various applications, like healthcare, transportation, industrial production, environment and sustainability, and security and surveillance. However, the tight coupling of cyber systems with physical systems introduce challenges in addressing stability, security, efficiency and reliability. The machine learning (ML) security is the inclusion of cyber security mechanism to provide protection to the machine learning models against various cyber attacks. The ML models work through the traditional training and testing approaches. However, execution of such kind of approaches may not function effectively in case if a system is connected to the Internet. As online hackers can exploit deployed security mechanisms and poison the data. This data is then taken as the input by the ML models. In this article, we provide the details of various machine learning security attacks in cyber physical systems. We then discuss some defense mechanisms to protect against these attacks. We also present a threat model of ML security mechanisms deployed in cyber systems. Furthermore, we discuss various issues and challenges of ML security mechanisms deployed in cyber systems. Finally, we provide a detailed comparative study on performance of the ML models under the influence of various ML attacks in cyber physical systems.
KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System
Bimal Kumar Meher,Ruhul Amin,Ashok Kumar Das,Muhammad Khurram Khan
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2022
@inproceedings{bib_KL-R_2022, AUTHOR = {Bimal Kumar Meher, Ruhul Amin, Ashok Kumar Das, Muhammad Khurram Khan}, TITLE = {KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}
Elliptic Curve Cryptography (ECC)-based authenti-cation schemes for the Radio-frequency identification (RFID) environment have emerged as a very safe, secure, and robust candidate of mutual authentication. However, the limited resource availability in a passive tag makes such schemes difficult to realize in practice. Public/private key pair generation, storage, and the computation using those keys are the major bottlenecks towards the faster and efficient design of such schemes. Therefore, we have designed our scheme without using public/private key pairs. We only utilize the Elliptic Curve Discrete Logarithm Problem (ECDLP) property for the realization of our key-less scheme on the secure elliptic curves. Our scheme is primarily aimed at efficient implementation of authentication schemes in Warehouse Management System (WMS), where the data is stored in local servers. This new idea helps to save the memory space in the tags and the server. Moreover, the computation cost also reduces to a great extent in comparison to other schemes. We have compared our scheme with several other schemes and found it efficient in terms of storage cost as well. The simulation result of our scheme with the popular automated software validation tool, Scyther, shows that it is safe from different possible attacks.
Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions
Mohammad Wazid,Ashok Kumar Das,Noor Mohd,Youngho Park
IEEE Access, ACCESS, 2022
@inproceedings{bib_Heal_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Noor Mohd, Youngho Park}, TITLE = {Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions}, BOOKTITLE = {IEEE Access}. YEAR = {2022}}
Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust framework in order to secure the data of healthcare 5.0, which can facilitate different security related procedures like authentication, access control, key management and intrusion detection. Therefore, in this review article, we propose the design of a secure generalized healthcare 5.0 framework. The details of various applications of healthcare 5.0 along with the security requirements and threat model of healthcare 5.0 are provided. Next, we discuss about the existing security mechanisms in healthcare 5.0 along with their performance comparison. Some future research directions are finally discussed for the researchers working in healthcare 5.0 domain.
EV-PUF: Lightweight Security Protocol for Dynamic Charging System of Electric Vehicles Using Physical Unclonable Functions
Ponnuru Raveendra Babu,Alavalapati Goutham Reddy,Basker Palaniswamy,Ashok Kumar Das
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2022
@inproceedings{bib_EV-P_2022, AUTHOR = {Ponnuru Raveendra Babu, Alavalapati Goutham Reddy, Basker Palaniswamy, Ashok Kumar Das}, TITLE = {EV-PUF: Lightweight Security Protocol for Dynamic Charging System of Electric Vehicles Using Physical Unclonable Functions}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}
Dynamic charging is a potential technology that would enable electric vehicles to be charged while they are in motion. Significant security and privacy concerns, on the other hand, arise as a result of communications between electric vehicles and a variety of dynamic charging system entities occurring over a public channel. Numerous authentication protocols have been presented recently to address security concerns associated with dynamic charging system. Nonetheless, we provide a lightweight authentication protocol suite that enables mutual authentication and session key agreement between the electric vehicle and the charging system while safeguarding against numerous attacks. The EV-PUF is based on physical unclonability, which is gaining popularity as a substitute for ultra-lightweight authentication and resistance to machine learning based attacks. Additionally, the security of the EV-PUF suite has been demonstrated using the random oracle model and state-of-the-art tool, Tamarin. According to the performance analysis, it is apparent that the EV-PUF suite improves efficiency in terms of consumption of less communication and computing overhead.
Design and Testbed Experiments of User Authentication and Key Establishment Mechanism for Smart Healthcare Cyber Physical Systems
Mohammad Wazid,Siddhant Thapliyal,Devesh Pratap Singh,Ashok Kumar Das,Sachin Shetty
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2022
@inproceedings{bib_Desi_2022, AUTHOR = {Mohammad Wazid, Siddhant Thapliyal, Devesh Pratap Singh, Ashok Kumar Das, Sachin Shetty}, TITLE = {Design and Testbed Experiments of User Authentication and Key Establishment Mechanism for Smart Healthcare Cyber Physical Systems}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}
Smart healthcare technologies transform the tradi- tional healthcare system in all possible ways. Smart healthcare has enormous number of benefits over the traditional system. However, at the same time, it also suffers from some healthcare data security and privacy related issues as the potential Internet attackers may get access to the sensitive healthcare through the deployment of various kinds of attacks. To mitigate these issues, in this paper, a new lightweight remote user authentica- tion and key establishment scheme (in short, UAKM-SH) has been proposed by making the use of lightweight cryptographic operations. The security analysis of UAKM-SH is conducted to prove its robustness against various possible attacks. A detailed comparative study among the proposed UAKM-SH and other ex- isting schemes shows that UAKM-SH performs better in terms of computation cost, communication cost, and the offerered security and functionality features. Finally, the testbed implementation of UAKM-SH is given to observe its behaviour in the real time scenario. Index Terms—Smart healthcare, authentication, key agree- ment, security, testbed implementation.
Chaotic neural networks and farfalle construction based parallel keyed secure hash function
Mohamad Mulham Belal,Tanmoy Maitra,Debasis Giri,Ashok Kumar Das
Security and Privacy, S&P, 2022
Abs | | bib Tex
@inproceedings{bib_Chao_2022, AUTHOR = {Mohamad Mulham Belal, Tanmoy Maitra, Debasis Giri, Ashok Kumar Das}, TITLE = {Chaotic neural networks and farfalle construction based parallel keyed secure hash function}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}
Parallel computing of hash functions along with the security requirements have great advantage in order to reduce the time consumption and overhead of the CPU. In this article, a keyed hash function based on farfalle construction and chaotic neural networks (CNNs) is proposed, which generates a hash value with arbitrary (defined by user) length (eg, 256 and 512 bits). The proposed hash function has parallelism merit because it is built over farfalle construction which avoids the dependency between the blocks of a given message. Moreover, the proposed hash function is chaos based (ie, it relies on chaotic maps and CNNs which have non-periodic behavior). The security analysis shows that the proposed hash function is robust and satisfies the properties of hash algorithms, such as random-like (non-periodic) behavior, ideal sensitivity to original message and secret key, one-way property and optimal diffusion effect. The speed performance of the hash function is also analyzed and compared with a hash function which was built based on sponge construction and CNN, and compared with secure hash algorithm (SHA) variants like SHA-2 and SHA-3. The results have shown that the proposed hash function has lower time complexity and higher throughput especially with large size messages. Additionally, the proposed hash function has enough resistance to multiple attacks, such as collision attack, birthday attack, exhaustive key search attack, preimage and second preimage attacks, and meet-in-the-middle attack. These advantages make it ideal to be used as a good collision-resistant hash function.
BPPS:Blockchain-Enabled Privacy-Preserving Scheme for Demand-Response Management in Smart Grid Environments
KiSung Park,JoonYoung Lee,Ashok Kumar Das,Youngho Park
IEEE Transactions on Dependable and Secure Computing, TDSC, 2022
@inproceedings{bib_BPPS_2022, AUTHOR = {KiSung Park, JoonYoung Lee, Ashok Kumar Das, Youngho Park}, TITLE = {BPPS:Blockchain-Enabled Privacy-Preserving Scheme for Demand-Response Management in Smart Grid Environments}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2022}}
With the ongoing revolutionary growth of the industrial Internet of Things and smart grid networks, smart grid (SG) communication has been acknowledged as a next-generation network for intelligent and efficient electric power transmission. In SG networks, smart meters (SMs) generally send requests for electricity demand to service providers (SPs), which deal with the requests for efficient energy distribution. However, SGs experience many security issues with the deployed SMs and untrusted wireless communication. To tackle these security issues, we propose a privacy-preserving authentication scheme for demand response management in SGs, called BPPS. It can resist various attacks and achieve secure mutual authentication with key agreement; moreover, it provides integrity of demand-response data using blockchain. Moreover, we perform the informal and formal (mathematical) security analysis to confirm that BPPS is secure against various attacks and achieves session key security, respectively. Furthermore, we conduct the performance and simulation analysis for SGs
Blockchain-Envisioned Provably Secure Multivariate Identity-Based Multi-Signature Scheme for Internet of Vehicles Environment
Vikas Srivastava,Sumit Kumar Debnath,Basudeb Bera,Ashok Kumar Das,Youngho Park
IEEE Transactions on Vehicular Technology, TVT, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Vikas Srivastava, Sumit Kumar Debnath, Basudeb Bera, Ashok Kumar Das, Youngho Park}, TITLE = {Blockchain-Envisioned Provably Secure Multivariate Identity-Based Multi-Signature Scheme for Internet of Vehicles Environment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}
The deployed vehicles in an Internet of Vehicles (IoV) can take intelligent decisions by means of exchanging the real- time traffic-related information between the vehicles and IoV in- frastructures. This further reduces the probability of the traffic jams and accidents. However, the insecure (public) communication among the various entities in IoV makes various security threats and attacks that can be launched by passive/active adversaries present in the network. In view of this context, there is a need of an efficient cryptographic primitive which can produce single compact signature. A multi-signature scheme (MSS) empowers a collection of signers to conjointly sign a given message using a single compact signature that can be verified by any verifier. Herein, we put forward a new identity-based multivariate MSS, namely MV-MSS, which is built on top of the intractability of multivariate-quadratic (MQ) problem. The fact is that multivariate public key cryptosystem provides fast, post-quantum safe and effi- cient primitives, which makes it the front runner candidate among the post-quantum cryptographic candidates. MV-MSS is proven to be secure in the existential unforgeability under chosen-message and chosen identity attack model if solving the MQ problem is NP-hard. We then incorporate the designed MV-MSS in IoV ap- plication where the leader (cluster head) selected from a group of vehicles in a dynamic cluster forms the multi-signatures on the messages securely received from its member vehicles. Later, the messages along with their multi-signatures are forwarded to the nearby road-side unit (RSU) of the cluster head, which are then for- warded to a cloud server in the blockchain center maintained by a Peer-to-Peer (P2P) cloud servers network. In this way, the messages
Blockchain-envisioned access control for internet of things applications: a comprehensive survey and future directions
Palak Bagga,Ashok Kumar Das,Vinay Chamola, Mohsen Guizani
Telecommunication Systems, TCSys, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Palak Bagga, Ashok Kumar Das, Vinay Chamola, Mohsen Guizani}, TITLE = {Blockchain-envisioned access control for internet of things applications: a comprehensive survey and future directions}, BOOKTITLE = {Telecommunication Systems}. YEAR = {2022}}
With rapid advancements in the technology, almost all the devices around are becoming smart and contribute to the Internet of Things (IoT) network. When a new IoT device is added to the network, it is important to verify the authenticity of the device before allowing it to communicate with the network. Hence, access control is a crucial security mechanism that allows only the authenticated node to become the part of the network. An access control
Blockchain-Enabled Secure Big Data Analytics for Internet of Things Smart Applications
Prakash Tekchandani,Indranil Pradhan,Ashok Kumar Das,Neeraj Kumar,Youngho Park
IEEE Internet of Things Journal, IOT, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Prakash Tekchandani, Indranil Pradhan, Ashok Kumar Das, Neeraj Kumar, Youngho Park}, TITLE = {Blockchain-Enabled Secure Big Data Analytics for Internet of Things Smart Applications}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
Smart devices in an Internet of Things (IoT) gen- erate a massive amount of big data through sensors. The data is used to build intelligent applications through machine learn- ing (ML). To build these applications, the data is collected from devices into data centers for training ML models. Usually, the training of models is performed on central server, but this approach requires the transfer of data from devices to central server. This centralized training approach is not efficient because the users are much less likely to share data to the centralized data centers due to privacy issues and bandwidth limitations. To mitigate these issues, we propose an efficient hybrid secure fed- erated learning approach with the blockchain to securely train the model locally on devices and then to store the model and its parameters into the blockchain for traceability and immutabil- ity. A detailed security and performance analysis is presented to show the efficacy of the proposed approach in terms of security, resilience against many security attacks, and cost effectiveness in computation and communication as compared to other existing competing schemes. Index Terms—Authentication, big data analytics, blockchain, Internet of Things (IoT), key agreement, security.
Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Network
Vangala Anusha,Ashok Kumar Das,Ankush Mitra,Sajal K. Das,Youngho Park
IEEE Transactions on Information Forensics and Security, TIFS, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Vangala Anusha, Ashok Kumar Das, Ankush Mitra, Sajal K. Das, Youngho Park}, TITLE = {Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Network}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}
Precision farming has a positive potential in the agricultural industry regarding water conservation, increased productivity, better development of rural areas, and increased income. Blockchain technology is a better alternative for storing and sharing farm data as it is reliable, transparent, immutable, and decentralized. Remote monitoring of an agricultural field requires security systems to ensure that any sensitive infor- mation is exchanged only among authenticated entities in the network. To this end, we design an efficient blockchain-enabled authenticated key agreement scheme for mobile vehicles-assisted precision agricultural Internet of Things (IoT) networks called Agr oM obi Bl ock. The limited existing work on authentication in agricultural networks shows passive usage of blockchains with very high costs. Agr oM obi Bl ock proposes a novel idea using the elliptic curve operations on an active hybrid blockchain over mobile farming vehicles with low computation and communica- tion costs. Formal and informal security analysis along with the formal security verification using the Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool have shown the robustness of Agr oM obi Bl ock against man-in-the-middle, impersonation, replay, physical capture, and ephemeral secret leakage attacks among other potential attacks. The blockchain-based simulation on large-scale nodes shows the computational time for an increase in the network and block size
Blockchain-based vehicular ad-hoc networks: A comprehensive survey
Sanjeev Kumar Dwivedi,Ruhul Amin,Ashok Kumar Das,Mark T. Leung,Kim-Kwang Raymond Choo,Satyanarayana Vollala
Ad Hoc Networks, Ad HoC N, 2022
Abs | | bib Tex
@inproceedings{bib_Bloc_2022, AUTHOR = {Sanjeev Kumar Dwivedi, Ruhul Amin, Ashok Kumar Das, Mark T. Leung, Kim-Kwang Raymond Choo, Satyanarayana Vollala}, TITLE = {Blockchain-based vehicular ad-hoc networks: A comprehensive survey}, BOOKTITLE = {Ad Hoc Networks}. YEAR = {2022}}
Vehicular ad-hoc networks (VANETs) are increasingly commonplace, partly due to the popularity of electric vehicles and the digitalization of cities. Data collected and shared in VANETs include traffic-related information, such as those relating to real-time traffic situations and road works. In recent times, there has been a trend of moving away from a centralized approach to a decentralized approach, for example, using Blockchain to facilitate secure data sharing and traceability of critical information. Hence, in this paper, we comprehensively survey the existing literature on blockchain-based VANET systems, focusing on the application of different blockchain technologies in different contexts, as well as the associated challenges and research opportunities.
Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home
Vangala Anusha,Ashok Kumar Das,YoungHo Park,Sajjad Shaukat Jamal
Computers, Materials & Continua, CMC, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Vangala Anusha, Ashok Kumar Das, YoungHo Park, Sajjad Shaukat Jamal}, TITLE = {Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home}, BOOKTITLE = {Computers, Materials & Continua}. YEAR = {2022}}
The recent surge in development of smart homes and smart cities can be observed in many developed countries. While the idea to control devices that are in home (embedded with the Internet of Things (IoT) smart devices) by the user who is outside the home might sound fancy, but it comes with a lot of potential threats. There can be many attackers who will be trying to take advantage of this. So, there is a need for designing a secure scheme which will be able to distinguish among genuine/authorized users of the system and attackers. And knowing about the details of when and what IoT devices are used by the user, the attacker can trace the daily activities of user and can plan an attack accordingly. Thus, the designed security scheme should guarantee confidentiality, anonymity and un-traceability. Most of the schemes proposed in the literature are either non-blockchain based which involves inherent problems of storing data in a single-server or assuming weaker attack models. In this work, we propose a novel scheme based on blockchain technology, assuming a stronger Canetti and Krawczyk (CK)-threat model. Through the formal and informal security, and comparative analysis, we show that the proposed scheme provides a superior security and more functionality features, with less communication cost and comparable computational cost as compared to other competent schemes. Moreover, the blockchain based simulation study on the proposed scheme has been conducted to show its feasibility in real-life application. Keywords: Internet of things (IoT); smart home; ubiquitous computing; blockchain; security
Blockchain-Based Lightweight Authentication Protocol for IoT-Enabled Smart Agriculture
Vangala Anusha,Sandip Roy,Ashok Kumar Das
international conerence on Cyber - Physical Social Intelligence, ICCSI, 2022
@inproceedings{bib_Bloc_2022, AUTHOR = {Vangala Anusha, Sandip Roy, Ashok Kumar Das}, TITLE = {Blockchain-Based Lightweight Authentication Protocol for IoT-Enabled Smart Agriculture}, BOOKTITLE = {international conerence on Cyber - Physical Social Intelligence}. YEAR = {2022}}
Blockchain technology has a significant application in smart farming due to its immutability, decentralization and transparency properties. Data exchanged in an Internet of Things (IoT)-based smart agriculture can be used to remotely monitor the fields and regulate the crop needs for optimal productivity. However, such data is sensitive to several attacks, such as man-in- the-middle attack, replay attack, ephemeral secret leakage attack, impersonation attack and denial of service (DoS) attack. The existing solutions to counter these attacks are either costly or lack significant security features. To mitigate these issues, we design a novel lightweight blockchain based authentication scheme based on a fully decentralized and distributed architecture. The designed scheme is subjected to a rigorous security analysis and also a formal security verification using the widely-used Auto- mated Validation of Internet Security Protocols and Applications (AVISPA) tool, and it is shown that the scheme is robust and secure against various passive and active attacks. A detailed comparative analysis shows that the proposed scheme has the low communication cost and significantly lower computation cost while satisfying all the security and functionality features as compared to those for other existing relevant schemes. Index Terms—Smart agriculture, authentication, blockchain technology, Internet of Things (IoT), security.
Blockchain for Smart Transport Applications
Palak Bagga,Ashok Kumar Das
Advances in Blockchain Technology for Cyber Physical Systems, ABTCPS, 2022
Abs | | bib Tex
@inproceedings{bib_Bloc_2022, AUTHOR = {Palak Bagga, Ashok Kumar Das}, TITLE = {Blockchain for Smart Transport Applications}, BOOKTITLE = {Advances in Blockchain Technology for Cyber Physical Systems}. YEAR = {2022}}
Smart transportation or Internet of Vehicles (IoV)-enabled transportation extends the vehicle-to-vehicle (V2V) communication network. Smart transportation is a real-time application that helps enhance driving aids with the help of vehicle’s Artificial Intelligence (AI), awareness of other vehicles, and their actions giving out the best on-road experience. Smart transportation also protects life and saves cost by avoiding life-threatening instances like collisions, accidents, and thefts on the road. Since the communication among various entities involved in the IoV environment is via an open channel (e.g., vehicles, pedestrians, fleet management systems, and roadside infrastructure), it allows a passive/active adversary to intercept, modify, delete, or even insert fake information during communication. It is then a severe concern for the vehicles
ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks
Munmun Bhattacharya,Sandip Roy,Samiran Chattopadhyay,Ashok Kumar Das,Sajjad Shauk
IEEE Systems Journal, SYSJ, 2022
@inproceedings{bib_ASPA_2022, AUTHOR = {Munmun Bhattacharya, Sandip Roy, Samiran Chattopadhyay, Ashok Kumar Das, Sajjad Shauk}, TITLE = {ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks}, BOOKTITLE = {IEEE Systems Journal}. YEAR = {2022}}
Over the last few years, with the massive growth of smartphone technology and mobile Internet, the use of vari- ous online social networks (OSNs) have increased rapidly. This ever-growing use of social networks leverages cyber-attackers to exploit various phishing schemes, spoofed accounts, and other threats to steal users’ credentials. Phishing is an online crime that employs both technical subterfuge and social engineering to steal consumers’ personal identity, financial account credentials, and other sensitive information. In general, a phishing attack is carried out by the exercise of sending fraudulent communications (like a fake email with harmful uniform resource locators), that pretends to come from a reputable source. The problem of designing user authentication protocol for mitigating phishing attacks in OSNs is a challenging research problem. In this article, we propose a secure and lightweight cryptography-based authentication scheme, called authentication scheme for phishing attack (ASPA)-mobile online social network (mOSN), that provides resistance to phishing and other related attacks in OSNs. The security of the proposed scheme is explained using both informal security analysis and formal security analysis through the widely recognized real-or- random model and ProVerif simulation tool. Finally, we compare the security, functionality, computation, and communication costs of the proposed ASPA-mOSN with related schemes. The compar- ison results show that ASPA-mOSN outperforms other existing competing schemes. Index Terms—Authentication, mobile online social networks (mOSN), phishing attacks, random oracle, security
ASCP-IoMT: AI-Enabled Lightweight Secure Communication Protocol for Internet of Medical Things
MOHAMMAD WAZID,ASKARAN SINGH,Ashok Kumar Das,SACHIN SHETTY,MUHAMMAD KHURRAM KHAN, JOEL J. P. C. RODRIGUES
IEEE Access, ACCESS, 2022
@inproceedings{bib_ASCP_2022, AUTHOR = {MOHAMMAD WAZID, ASKARAN SINGH, Ashok Kumar Das, SACHIN SHETTY, MUHAMMAD KHURRAM KHAN, JOEL J. P. C. RODRIGUES}, TITLE = {ASCP-IoMT: AI-Enabled Lightweight Secure Communication Protocol for Internet of Medical Things}, BOOKTITLE = {IEEE Access}. YEAR = {2022}}
The Internet of Medical Things (IoMT) is a unification of smart healthcare devices, tools, and software, which connect various patients and other users to the healthcare information system through the networking technology. It further reduces unnecessary hospital visits and the burden on healthcare systems by connecting the patients to their healthcare experts (i.e., doctors) and allows secure transmission of healthcare data over an insecure channel (e.g., the Internet). Since Artificial Intelligence (AI) has a great impact on the performance and usability of an information system, it is important to include its modules in a healthcare information system, which will be very helpful for the prediction of some phenomena, such as chances of getting a heart attack and possibility of a tumor, from the collected and analysed healthcare data. To mitigate these issues, in this paper, a new AI-enabled lightweight, secure communication scheme for an IoMT environment has been designed and named as ASCP-IoMT, in short. The security analysis of ASCP-IoMT is performed in different ways, such as an informal way and a formal way (through the random oracle model). ASCP-IoMT performs better than other similar schemes and provides superior security with extra functionality features as compared those for the existing state of art solutions. A practical implementation of ASCP-IoMT is also performed in order to measure its impact on various network performance parameters. The end to end delay values of ASCP-IoMT are 0.01587, 0.07440 and 0.17097 seconds and the throughput values of ASCP-IoMT are 5.05, 10.88 and 16.41 bits per second (bps) under the different considered cases, respectively. For AI-based Big data analytics phase, the values of computation time (seconds) for decision tree, support vector machine (SVM), and logistic regression are measured as 0.19, 0.23, and 0.27, respectively. Moreover, the different values of accuracy for decision tree, SVM and logistic regression are 84.24%, 87.57%, and 85.20%, respectively. From these values, it is clear that decision tree method requires less time than the other considered techniques, whereas accuracy is high in case of SVM.
AISCM-FH: AI-Enabled Secure Communication Mechanism in Fog Computing-Based Healthcare
Mohammad Wazid,Ashok Kumar Das,Sachin Shetty,Joel J. P. C. Rodrigues,Mohsen Guizani
IEEE Transactions on Information Forensics and Security, TIFS, 2022
@inproceedings{bib_AISC_2022, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Mohsen Guizani}, TITLE = {AISCM-FH: AI-Enabled Secure Communication Mechanism in Fog Computing-Based Healthcare}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}
Fog computing-based Internet of Things (IoT) architecture is useful for various types of delay efficient net- work communications and services, like digital healthcare. However, there are privacy and security issues with the fog computing-based healthcare systems, which can further increase the risk of leakage of sensitive healthcare data. Therefore, a secu- rity mechanism, such as access control for fog computing-based healthcare systems, is needed to protect its data against various potential attacks. Moreover, the blockchain technology can be used to solve the digital healthcare’s data integrity related problems. The use of Artificial Intelligence (AI) further makes the system more effective in case of prediction of health related diseases. In this paper, an AI-enabled secure communication mechanism in fog computing-based healthcare system (in short, AISCM-FH) has been proposed. The security analysis of the proposed AISCM-FH is provided using the standard random oracle model and also with the heuristic (non-mathematical) security analysis. A pragmatic study determines the impact of the proposed AISCM-FH on key performance indicators. Moreover, we include a detailed performance comparison of AISCM-FH with other relevant existing schemes to show that it has low communication and computation costs, and provides superior security and extra functionality attributes as compared to those for other competing existing approaches.
ACM-SH: An Efficient Access Control and Key Establishment Mechanism for Sustainable Smart Healthcare
Siddhant Thapliyal,Mohammad Wazid,Devesh Pratap Singh,Ashok Kumar Das,Ahmed Alhomoud,Adel R. Alharbi,Harish Kumar
Sustainability, Sus, 2022
@inproceedings{bib_ACM-_2022, AUTHOR = {Siddhant Thapliyal, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Ahmed Alhomoud, Adel R. Alharbi, Harish Kumar}, TITLE = {ACM-SH: An Efficient Access Control and Key Establishment Mechanism for Sustainable Smart Healthcare}, BOOKTITLE = {Sustainability}. YEAR = {2022}}
Sustainable smart healthcare applications are those in which health services can be provided to remotely located patients through the Internet without placing extra burden on environmental resources. They should be operated with minimum power consumption using biodegradable, recyclable, and environmentally friendly healthcare equipment and products. In an Internet of Medical Things (IoMT)-enabled sustainable smart healthcare environment, all the health services are capable of producing informative data whenever some raw information is provided as the input or are capable of performing work on their own with less intervention from humans. As a result, they provide great advantages over the traditional healthcare system. As sustainable smart healthcare devices are operated through the Internet, it is possible that they could be attacked by various hackers. To mitigate these issues, in this paper, we propose a new access control along with a key-establishment mechanism for a sustainable smart healthcare system. The results of the security analysis showed that the proposed scheme was highly robust against a variety of passive and active attacks. In comparison to existing competing schemes, the proposed scheme is lightweight, as well as delivers high security and additional functionality. Finally, a practical demonstration of the proposed scheme is provided to show its impact on the key network performance parameters. Keywords: sustainability; smart healthcare; Internet of Medical Things (IoMT); authentication; security
A Provably Secure Mobile User Authentication Scheme for Big Data Collection in IoT-Enabled Maritime Intelligent Transportation System
Khalid Mahmood,Javed Ferzund,Muhammad Asad Saleem,Salman Shamshad,Ashok Kumar Das
IEEE Transactions on Intelligent Transportation Systems, ITS, 2022
Abs | | bib Tex
@inproceedings{bib_A_Pr_2022, AUTHOR = {Khalid Mahmood, Javed Ferzund, Muhammad Asad Saleem, Salman Shamshad, Ashok Kumar Das}, TITLE = {A Provably Secure Mobile User Authentication Scheme for Big Data Collection in IoT-Enabled Maritime Intelligent Transportation System}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2022}}
The emergence of contemporary technologies like cloud computing and the Internet of Things (IoT) has revolutionized the trends in the cyber world to serve humanity. There are plenty of applications in which they are being used, especially in smart cities and their constituents, Maritime Transportation System (MTS) is one of them. The IoT-enabled MTS has the potential to entertain the growing challenges of modern-day ship transportation. Secure real-time data access from numerous smart IoT devices is the most critical and crucial exercise for Big Data acquisition in IoT-enabled MTS. Therefore, we have developed a Physically Unclonable Function (PUF) based authenticated key agreement solution to deal with this challenge. This solution enables the mobile user and IoT node to mutually authenticate each other via Cloud-Gateway before real-time data exchange and transmission in IoT-enabled MTS. The use of PUF in our solution brings invincibility against physical security threats. An inclusive security analysis under the assumption of the specified threat model is carried out to substantiate the security resilience of our solution. The conduct of our solution is realized through security features, communication, and computation cost and It has been observed that our solution achieves efficiency of 37.3% and 9.7% in communication and computation overhead, respectively. Moreover, the network performance effectiveness of our solution is demonstrated
A new robust and fragile scheme based on chaotic maps and dwt for medical image security
Supriyo De,Jaydeb Bhaumik,Debasis Giri,Ashok Kumar Das
Multimedia Tools and Applications, MT&A, 2022
Abs | | bib Tex
@inproceedings{bib_A_ne_2022, AUTHOR = {Supriyo De, Jaydeb Bhaumik, Debasis Giri, Ashok Kumar Das}, TITLE = {A new robust and fragile scheme based on chaotic maps and dwt for medical image security}, BOOKTITLE = {Multimedia Tools and Applications}. YEAR = {2022}}
Medical image security includes copyright protection, authentication, data integrity and confidentiality simultaneously. In this article, a new robust and fragile medical image security scheme has been introduced. The Beddington, Free and Lawton (BFL) map and the Hénon map based image encryption scheme is brought out for confidentiality. Further, a Discrete Wavelet Transform (DWT)-based image watermarking scheme is developed for copyright protection, authentication and data integrity. The proposed scheme is essentially robust and retrievable in terms of the watermark; however, it is highly sensitive and irretrievable with reference to the host image. The scheme separates the host image in Region of Interest (ROI) and Region of Non-Interest (RONI) parts, and it embeds the encoded message inside the RONI part. In addituon, the proposed scheme does not need any side information for message
A comprehensive survey on online social networks security and privacy issues: Threats, machine learning-based solutions, and open challenges
Munmun Bhattacharya, Sandip Roy,Samiran Chattopadhyay,Ashok Kumar Das,Sachin Shetty
Security and Privacy, S&P, 2022
Abs | | bib Tex
@inproceedings{bib_A_co_2022, AUTHOR = {Munmun Bhattacharya, Sandip Roy, Samiran Chattopadhyay, Ashok Kumar Das, Sachin Shetty}, TITLE = {A comprehensive survey on online social networks security and privacy issues: Threats, machine learning-based solutions, and open challenges}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}
Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)-based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML-based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road-map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.
BDESF-ITS: Blockchain-Based Secure Data Exchange and Storage Framework for Intelligent Transportation System
Naivedya Lath,Kaustubh Thapliyal,Kartik Kandpal,Mohammad Wazid,Ashok Kumar Das,DP SINGH
IEEE Conference on Computer Communications Workshops, INFOCOM-W, 2022
@inproceedings{bib_BDES_2022, AUTHOR = {Naivedya Lath, Kaustubh Thapliyal, Kartik Kandpal, Mohammad Wazid, Ashok Kumar Das, DP SINGH}, TITLE = {BDESF-ITS: Blockchain-Based Secure Data Exchange and Storage Framework for Intelligent Transportation System}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2022}}
The communication in Intelligent Transportation Systems (ITS) suffers from various security and privacy related issues as several attacks, like replay, man-in-the-middle (MiTM), impersonation, data leakage and unauthorised data update attacks can be mounted by an adversary. Therefore, we need a robust security mechanism to sort out such issues, which can be further enhanced through the use of mechanism of blockchain technology. In this paper, we propose a blockchain-based secure data exchange and storage framework for the ITS (in short, we call it as BDESF-ITS). We conduct the security analysis of the BDESF-ITS to prove its robustness against various possible attacks. The practical implementation of the BDESF-ITS is also carried out to observe its behaviour with the real world settings.
SUACC-IoT: secure unified authentication and access control system based on capability for IoT
N Sivaselvan,K Vivekananda Bhat,Muttukrishnan Rajarajan,Ashok Kumar Das,Joel JPC Rodrigues
Cluster Computing, CCO, 2022
Abs | | bib Tex
@inproceedings{bib_SUAC_2022, AUTHOR = {N Sivaselvan, K Vivekananda Bhat, Muttukrishnan Rajarajan, Ashok Kumar Das, Joel JPC Rodrigues}, TITLE = {SUACC-IoT: secure unified authentication and access control system based on capability for IoT}, BOOKTITLE = {Cluster Computing}. YEAR = {2022}}
With the widespread use of Internet of Things (IoT) in various applications and several security vulnerabilities reported in them, the security requirements have become an integral part of an IoT system. Authentication and access control are the two principal security requirements for ensuring authorized and restricted accesses to limited and essential resources in IoT. The built-in authentication mechanism in IoT devices is not reliable, because several security vulnerabilities are revealed in the firmware implementation of authentication protocols in IoT. On the other hand, the current authentication approaches for IoT that are not firmware are vulnerable to some security attacks prevalent in IoT. Moreover, the recent access control approaches for IoT have limitations in context-awareness, scalability, interoperability, and security. To mitigate these limitations, there is a need for a robust authentication and access control …
BSFR-SH: Blockchain-Enabled Security Framework Against Ransomware Attacks for Smart Healthcare
MOHAMMAD WAZID,Ashok Kumar Das,Sachin Shetty
IEEE Transactions Consumer Electronics, TCE, 2022
@inproceedings{bib_BSFR_2022, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Sachin Shetty}, TITLE = {BSFR-SH: Blockchain-Enabled Security Framework Against Ransomware Attacks for Smart Healthcare}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2022}}
Ransomware is a type of malicious program or soft- ware that encrypts the contents on a hard disc and prevents the users from accessing them unless they pay an amount (called a ransom). Most of the organizations, such as financial institutes and healthcare sectors (i.e., smart healthcare) are targeted by ransomware attacks. Ransomware assaults are among the most frightening types of cyber-attacks, and they are not confined to a specific sector or the countries. Blockchain is a tamper-proof tech- nology, which is more secure, robust and decentralized in nature. Features of blockchain can add more security for detection and mitigation of ransomware more effectively. In this paper, we pro- pose a new blockchain-enabled security framework to detect and defend the ransomware attacks for smart healthcare (in short, BSFR-SH). The conducted security analysis proves the security of the proposed BSFR-SH against the ransomware attacks. The performance of BSFR-SH is significantly better than the other similar existing mechanisms as it achieves better accuracy and F1-score than other compared mechanisms. Furthermore, the practical demonstration of BSFR-SH is provided to estimate the impact on important performance parameters. Index Terms—Ransomware, smart healthcare, intrusion detec- tion, machine learning, blockchain
Privacy-Preserving Blockchain-Based Authentication in Smart Energy Systems
Vangala Anusha,Ashok Kumar Das
ACM Conference on Embedded Networked Sensor Systems, SENSYS, 2022
@inproceedings{bib_Priv_2022, AUTHOR = {Vangala Anusha, Ashok Kumar Das}, TITLE = {Privacy-Preserving Blockchain-Based Authentication in Smart Energy Systems}, BOOKTITLE = {ACM Conference on Embedded Networked Sensor Systems}. YEAR = {2022}}
Smart Energy Systems (SES) are the need of the hour, given the looming dangers of power crises amid changing climatic conditions. However, sensitive data play a critical role in such systems deserving high privacy and security protection. This paper proposes a novel blockchain-based authentication scheme that preserves privacy using the zero-knowledge protocol. During informal analysis, the proposed scheme shows resistance to various attacks such as man-in-the-middle attacks, replay attacks, impersonation attacks, privileged insider attacks, and ephemeral secret leakage attacks. The formal security verification using AVISPA regards the scheme as safe. In addition, the scheme supports critical features such as anonymity and untraceability within limited computational and communicational costs. A simulation of blockchain using Node.js shows only a linear increase in computation time with an increase in the number of blocks, and transactions, and an exponential increase with the number of nodes.
Security in IoT-enabled smart agriculture: architecture, security solutions and challenges
Anusha Vangala,Ashok Kumar Das,Vinay Chamola,Valery Korotaev
International Conference on Cluster Computing (CLUSTER), ICCC, 2022
@inproceedings{bib_Secu_2022, AUTHOR = {Anusha Vangala, Ashok Kumar Das, Vinay Chamola, Valery Korotaev}, TITLE = {Security in IoT-enabled smart agriculture: architecture, security solutions and challenges}, BOOKTITLE = {International Conference on Cluster Computing (CLUSTER)}. YEAR = {2022}}
Agricultural industry is one of the most vital industries that has a major contribution to the economy due to its share in the Gross Domestic Product (GDP) and as a source of employment. The past few decades have seen immense change in the operation of agricultural sector with the introduction of precision farming in conjunction with Internet of Things (IoT). The application of such advancements is highly based on exchange of messages between various devices in the farming. This paper aims to study the security scenarios applicable in husbandry through the analysis of possible attacks and threats. The testbeds available for agriculture based on IoT have been studied. An architecture for smart farming is proposed which is independent of the underlying technologies that may be used and the requirements of security have been laid out based on the proposed architecture. A literature survey of security protocols …
Private blockchain-envisioned drones-assisted authentication scheme in IoT-enabled agricultural environment
Basudeb Bera,Anusha Vangala,Ashok Kumar Das,Pascal Lorenz,Muhammad Khurram Khan
Computer Standards & Interfaces, CSI, 2022
@inproceedings{bib_Priv_2022, AUTHOR = {Basudeb Bera, Anusha Vangala, Ashok Kumar Das, Pascal Lorenz, Muhammad Khurram Khan}, TITLE = {Private blockchain-envisioned drones-assisted authentication scheme in IoT-enabled agricultural environment}, BOOKTITLE = {Computer Standards & Interfaces}. YEAR = {2022}}
In an Intelligent Precision Agriculture (IPA), several Internet of Things (IoT) smart devices and drones can be deployed to monitor an agricultural environment. The drones can be further utilized to collect the data from smart devices and send to the Ground Station Server (GSS). However, insecure communication among the smart devices, drones and the GSS make the IoT agriculture environment vulnerable to various potential attacks. For this goal, a new authentication and key management scheme for IoT-enabled IPA, called AKMS-AgriIoT, has been put forward with the private blockchain-based solution. The blocks formed with the encrypted transactions and their respective signatures by the GSS are mined by the cloud servers to verify and add the blocks in the private blockchain center. A detailed security analysis and comparative study reveal that the proposed AKMS-AgriIoT supports better security, and provides more functionality features, less communication costs and comparable computation costs as compared to other relevant schemes. In addition, the blockchain-based implementation on the proposed AKMS-AgriIoT has been also carried out.
PUF-based Authentication and Key Agreement Protocols for IoT, WSNs and Smart Grids: A Comprehensive Survey
Priyanka Mall,Ruhul Amin,Ashok Kumar Das,Mark T. Leung,Kim-Kwang Raymond Choo
IEEE Internet of Things Journal, IOT, 2022
@inproceedings{bib_PUF-_2022, AUTHOR = {Priyanka Mall, Ruhul Amin, Ashok Kumar Das, Mark T. Leung, Kim-Kwang Raymond Choo}, TITLE = {PUF-based Authentication and Key Agreement Protocols for IoT, WSNs and Smart Grids: A Comprehensive Survey}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
—Effective design of autopilots for fixed-wing unmanned aerial vehicles (UAVs) is still a great challenge, due to unmodeled effects and uncertainties that these vehicles exhibit during flight. Unmodeled effects and uncertainties comprise longitudinal/lateral cross-couplings, as well as poor knowledge of equilibrium points (trimming points) of the UAV dynamics. The main contribution of this article is a new adaptive autopilot design, based on uncertain Euler–Lagrange dynamics of the UAV and where the control can explicitly take into account under-actuation in the dynamics, reduced structural knowledge of cross-couplings and trimming points. This system uncertainty is handled via appropriately designed adaptive laws: stability of the controlled UAV is analyzed. Hardware-in-the-loop tests, comparisons with an Ardupilot autopilot and with a robustified autopilot validate the effectiveness of the control design, even in the presence of strong saturation of the UAV actuators.
Design of Blockchain-Based Lightweight V2I Handover Authentication Protocol for VANET
JoonYoung Lee,SeungHwan Son,YoHan Park,YoungHo Park,Ashok Kumar Das
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2022
@inproceedings{bib_Desi_2022, AUTHOR = {JoonYoung Lee, SeungHwan Son, YoHan Park, YoungHo Park, Ashok Kumar Das}, TITLE = {Design of Blockchain-Based Lightweight V2I Handover Authentication Protocol for VANET}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}
—Connected vehicle means providing different services, such as advanced driver-assistance systems (ADAS) from vehicles connected to the network. Vehicular ad-hoc networks (VANETs) can support vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications to realize connected vehicle. In VANETs, secure communication must be ensured, as otherwise it can lead to traffic accidents and human injuries. Recently, many studies on V2I authentication have been conducted to guarantee the security of V2I communications. However, recent V2I authentication protocols do not consider the handover situation, and it causes unnecessary computations. As vehicles have limited computing resources, unnecessary computation can lead to overload to the vehicles. In recent years, blockchain-based VANET is an active field of research because it can provide decentralization, data integrity and transparency. Using the strength of the blockchain technology, we design a blockchain-based handover authentication protocol for VANETs. In the proposed protocol, vehicles only perform lightweight computations in handover situations for efficiency of the network. We also conduct the formal analysis such as Burrows–Abadi–Needham (BAN) logic, Real-Or-Random (ROR) oracle model, and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation to the proposed protocol. We simulate the proposed protocol using network simulator 3 (NS-3) to verify that the proposed protocol is practical. Finally, we compare the computational cost and security features of the proposed protocol with existing protocols to show that the proposed protocol is more secure and efficient.
Fortifying Smart Transportation Security through Public Blockchain
Mohammad Wazid,Basudeb Bera,Ashok Kumar Das,Saraju P,Mohanty, Minho Jo
IEEE Internet of Things Journal, IOT, 2022
@inproceedings{bib_Fort_2022, AUTHOR = {Mohammad Wazid, Basudeb Bera, Ashok Kumar Das, Saraju P, Mohanty, Minho Jo}, TITLE = {Fortifying Smart Transportation Security through Public Blockchain}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}
—Smart vehicles-enabled intelligent transportation system (ITS) supports a wide range of applications, such as, but not limited to, traffic planning and management, collision avoidance alert system, automated road speed enforcement, electronic toll collection, and real-time parking management, to name a few. However, it suffers from various types of security and privacy issues due to insecure communication among the entities over public channels. Therefore, an efficient and lightweight security mechanism is essential to protect the data that is both at rest as well as in transit. To this direction, we propose a public blockchain-envisioned secure communication framework for ITS (in short, called PBSCF-ITS). The proposed PBSCFITS guarantees access control and key management among the vehicle to vehicle, vehicle to road side unit, and road side unit to cloud server. We analyze the security of PBSCF-ITS to prove its resilience against various types of possible attacks. Furthermore, the performance of PBSCF-ITS with other related competing schemes has been compared. The obtained results illustrate that PBSCF-ITS outperforms the existing ones. Additionally, the pragmatic study of PBSCF-ITS is conducted to check its influence on various network related performance parameters, like number of mined blocks and transactions per block.
Towards achieving efficient access control of medical data with both forward and backward secrecy
Suryakanta Panda,Samrat Mondal,Rinku D,Ashok Kumar Das
Computer Communications, CC, 2022
@inproceedings{bib_Towa_2022, AUTHOR = {Suryakanta Panda, Samrat Mondal, Rinku D, Ashok Kumar Das}, TITLE = {Towards achieving efficient access control of medical data with both forward and backward secrecy}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}
Healthcare service providers store the patients’ electronic medical records in the cloud in order to provide high quality healthcare services. Patients’ sensitive data is typically encrypted before storing in the cloud. However, it gives rise to a new challenge, namely access control over encrypted data. Attribute-Based Encryption (ABE) is a promising cryptographic technique to achieve the fine grained access control on outsourced encrypted data. Traditional ABE schemes assume a fixed access policy that is not suitable for the present dynamic environment. Although some ABE schemes with a dynamic access control policy have been proposed in the literature, these schemes have not addressed forward security, backward security, and user revocation after a policy update. In this paper, we propose an ABE scheme that supports access policy updates, and also provides forward security, backward security and user revocation at the same time. We have formally shown that the proposed scheme is Chosen Plaintext Attack (CPA)-secure under the Decisional Bilinear Diffie–Hellman (DBDH) assumption. Finally, the performance analysis exhibits that the proposed scheme is efficient in communication and computation, and is also suitable for resource constrained devices.
DDoS attack resisting authentication protocol for mobile based online social network applications
Munmun Bhattacharya,Sandip Roy,Ashok Kumar Das,Samiran Chattopadhyay,Soumya Banerjee,Ankush Mitra
Journal of Information Security and Applications, JISA, 2022
@inproceedings{bib_DDoS_2022, AUTHOR = {Munmun Bhattacharya, Sandip Roy, Ashok Kumar Das, Samiran Chattopadhyay, Soumya Banerjee, Ankush Mitra}, TITLE = {DDoS attack resisting authentication protocol for mobile based online social network applications}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2022}}
The rapid development of smartphone technology and the Internet services in mobile devices facilitates easy access to online social networking (OSN) sites anytime, anywhere. At the same time, this allures the adversaries to exploit the OSNs as a soft target for easy execution of various attacks that can quickly spread to a large number of users. In distributed denial-of-service (DDoS) attacks, an adversary aims to overwhelm the normal traffic of a targeted server with a flood of fake login messages so that the associated Internet service or website turns inoperable. In this paper, we propose a secure and lightweight authentication scheme (𝑃 𝑅𝐷𝑜𝑆) that resists DDoS and other security attacks in mobile OSN environments. We provide a multi-faceted solution towards the remedy of DDoS attacks in the OSN environment. After a certain threshold, the scheme discards further user login attempts and blocks an adversary who intends to overload the network server. We use the pre-loaded shadow identity and emergency key pairs, and a key-refilling strategy that rebuilds the essential synchronization between a blocked naive user and the OSN server. This technique restores the intended unlinkability property of the protocol. Using NS3 simulation, we study the impact of DDoS attackers on network throughput and network delay. Moreover, we validate and compare the proposed scheme against state-ofthe-art solutions using the real attacks and benign datasets. We use the Canadian Institute for Cybersecurity (CIC) DoS dataset 2017, which is generated by capturing the normal and DoS attack packets separately with subsequent pre-processed for testing. We also use the machine learning (ML) algorithms, such as K-Nearest Neighbor (KNN), Gaussian Naive Bayes, and Multilayer Perceptron (MLP) to demonstrate the performance of the proposed solution in a practical attack detection scenario. We observe that these algorithms provide 97.05%, 95.48%, and 96.6% DDoS attack detection accuracy, respectively.
Secure user authentication mechanism for IoT-enabled Wireless Sensor Networks based on multiple Bloom filters
Anup Kumar Maurya,Ashok Kumar Das,Sajjad Shaukat Jamal,Debasis Giri
Journal of Systems Architecture, JSA, 2021
Abs | | bib Tex
@inproceedings{bib_Secu_2021, AUTHOR = {Anup Kumar Maurya, Ashok Kumar Das, Sajjad Shaukat Jamal, Debasis Giri}, TITLE = {Secure user authentication mechanism for IoT-enabled Wireless Sensor Networks based on multiple Bloom filters}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2021}}
In this article, we propose an efficient Bloom filter and fuzzy extractor based user authentication technique, which is significant for an Internet of Things (IoT)-enabled multi-hop Wireless Sensor Networks (IoT-WSNs). The novelty of the proposed authentication technique is that it prevents fraudulent querying data delivery at the starting phase (i.e., at the querying sensor node itself) to stop false or counterfeit data flooding (which can exhaust the resources of IoT-WSNs) from the resource-constrained IoT-enabled sensor nodes to the nearby gateway node. The proposed authentication technique has the ability to significantly reduce the Bloom filter based false positive for user authentication in IoT-WSNs, while also preserving the constraint resources of WSNs. To estimate the security robustness of the proposed protocol based on the security goals of IoT-WSNs, we perform the formal security analysis using the random oracle and Real-Or-Random (ROR) models, informal security analysis and also the formal security verification using a widely-recognized automated software validation tool, known as Automated Validation of Internet Security Protocols and Applications (AVISPA). Next, communication and computational overheads analysis reveal that the proposed protocol is appropriate for resource-constrained sensor nodes. Furthermore, a correlative security feature and complexity analysis outcomes validate that the proposed protocol is reliable, secure, and efficient in comparison with other existing state of art related user authentication protocols.
Robust Authentication Protocol for Dynamic Charging System of Electric Vehicles
Ponnuru Raveendra Babu,Ruhul Amin,Alavalapati Goutham Reddy,Ashok Kumar Das
IEEE Transactions on Vehicular Technology, TVT, 2021
Abs | | bib Tex
@inproceedings{bib_Robu_2021, AUTHOR = {Ponnuru Raveendra Babu, Ruhul Amin, Alavalapati Goutham Reddy, Ashok Kumar Das}, TITLE = {Robust Authentication Protocol for Dynamic Charging System of Electric Vehicles}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}
Electric vehicles have emerged as the future of transport worldwide with the rising need for greener and energy-efficient transportation solutions. This remarkable shift delegated a wide variety of protocols for reliable, scalable and secure communications in the electric vehicle transportation system. With this vision in mind, security researchers have proposed diverse authentication protocols vital for the electric vehicle charging system to protect the information exchanged between the various principals involved. Several existing authentication techniques, on the other hand, are either vulnerable to significant security threats or are limited to static charging. This article proposes a robust authentication mechanism for charging electric vehicles while driving, a scenario that is rapidly approaching in the future. The proposed protocol makes use of secure and lightweight primitives such as elliptic curves and hash functions. The proposed protocol's security is being analyzed to demonstrate that it is capable of withstanding relevant attacks. Additionally, the protocol achieves its objectives at a cost that is practically conceivable in terms of transmission and computing.
IoT & Blockchain Technology-Based Healthcare Monitoring
Mohammad Wazid,Basudeb Bera,Ashok Kumar Das,Devesh Pratap Singh
Blockchain in Digital Healthcare, BCDH, 2021
@inproceedings{bib_IoT__2021, AUTHOR = {Mohammad Wazid, Basudeb Bera, Ashok Kumar Das, Devesh Pratap Singh}, TITLE = {IoT & Blockchain Technology-Based Healthcare Monitoring}, BOOKTITLE = {Blockchain in Digital Healthcare}. YEAR = {2021}}
An Internet of Things (IoT)-based healthcare monitoring system is an amalgamation of smart healthcare devices and applications which connect to the healthcare information system through the internet. It has opened up a world of possibilities in the medical field. Connected smart healthcare devices can collect important healthcare data and provide extra details about the symptoms. That further enables remote care as the patient can consult the appropriate healthcare expert. It generally provides patients more control over their lives and treatment. Moreover, a blockchain-enabled IoT-based healthcare monitoring system (BIoT-HMS) is one step ahead as it can reduce unnecessary hospital visits and the burden on healthcare systems by connecting patients to their healthcare experts and allowing the secure transfer and storage of healthcare data by making use of the blockchain mechanism. Some of the possible applications of BIoT-HMS are “remote health monitoring,” “management of healthcare operations,” “detection and prevention of diseases” and many more. However, IoT-based healthcare monitoring systems have issues related to security breaches and privacy of healthcare data. Therefore, it is essential to design some security protocols for IoT-based healthcare monitoring systems. From time to time researchers propose different protocols to secure the data of IoT-based healthcare monitoring systems. However, most of them are vulnerable to various types of attack like, replay, MiTM, impersonation, secret credentials leakage, unauthorized data update, etc., Therefore, researchers came up with the idea of inclusion of blockchain-enabled security in the IoT-based healthcare monitoring system, which further can be considered as a blockchain-enabled IoT-based healthcare monitoring system (BIoT-HMS). In this chapter, we provide the details of various possible architectures of BIoT-HMS. We also provide the details of various threats and attacks along with the threat model in BIoT-HMS. The security requirements and applications of BIoT-HMS are also discussed. We then provide the summary of various existing security protocols related to BIoT-HMS. The comparison of “security and functionality features” of security protocols related to BIoT-HMS is also provided.
Blockchain-Envisioned Secure Authentication Approach in AIoT: Applications, Challenges, and Future Research
Mohammad Wazid,Ashok Kumar Das,Youngho Park
Wireless Communications and Mobile Computing, WCMC, 2021
@inproceedings{bib_Bloc_2021, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Youngho Park}, TITLE = {Blockchain-Envisioned Secure Authentication Approach in AIoT: Applications, Challenges, and Future Research}, BOOKTITLE = {Wireless Communications and Mobile Computing}. YEAR = {2021}}
The Artificial Intelligence of Things (AIoT) is the amalgamation of Artificial Intelligence (AI) methods and the Internet of Things (IoT) infrastructure, which are deployed there to improve the overall performance of the system. AIoT can be deployed to achieve more efficient IoT operations; thereby can improve human-machine interactions and provide better data analysis. AI methods can be used to transform IoT data into useful information for the better decision-making processes, and it further increases the overall usability of the system. AIoT frameworks are very useful and applicable in a variety of applications, like security and surveillance system, smart home, intelligent transportation system, smart farming, secure and safe healthcare monitoring, industrial automation and control, eCommerce, logistics operations and control, and many more. However, AIoT frameworks may have issues related to data security and privacy as they are vulnerable to various types of information security-related attacks. These issues further cause the serious consequences, like the unauthorized data leakage and data update. Blockchain is a specific type of database. It is a digital ledger of transactions, which is duplicated and distributed across the entire network of computer systems. It stores data in the form of some blocks, which are then chained together. Blockchain is tamper proof and provides more security as compared to the traditional security mechanisms. Hence, blockchain can be integrated in various AIoT applications to provide more security. A generalized blockchain-envisioned secure authentication framework for AIoT has been proposed. The adversary model of blockchain-envisioned secure authentication framework for AIoT is also highlighted that covers most of the potential threats of a kind of communication environment. Various applications of the proposed framework are also discussed. Furthermore, different issues and challenges of the proposed framework are highlighted. In the end, we also provide some future research directions relevant to the proposed framework.
BUAKA-CS: Blockchain-enabled user authentication and key agreement scheme for crowdsourcing system
Mohammad Wazid,Ashok Kumar Das,Rasheed Hussain,Neeraj Kumar d,Sandip Roy
Journal of Systems Architecture, JSA, 2021
@inproceedings{bib_BUAK_2021, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Rasheed Hussain, Neeraj Kumar D, Sandip Roy}, TITLE = {BUAKA-CS: Blockchain-enabled user authentication and key agreement scheme for crowdsourcing system}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2021}}
Crowdsourcing is a practice of using collective intelligence of a group in order to achieve a common goal to solve complex problems in an innovative way. It involves obtaining information and opinions from a group of participants who submit their data (i.e., solutions) via the Internet using some applications. The application domains, where crowdsourcing can be used, include, but not limited to, healthcare, environment, public safety, disaster management, and transportation. Despite the unprecedented advantages of crowdsourcing, security and privacy are rising concerns that need to be addressed. Therefore, it is crucially important to provide effective solutions that address the security and privacy issues in crowdsourcing systems. To this end, the salient features of blockchain technology such as immutability, decentralization, transparency and resiliency can play a pivotal role to address the afore-mentioned security challenges. To fill these gaps, in this paper, we propose a new blockchain-based user authentication and key agreement scheme for crowdsourcing (BUAKA-CS) through lightweight cryptographic techniques. The security of the BUAKA-CS is proved through the formal method and also through other mathematical methods that depict the resilience of BUAKA-CS against various types of possible attacks. Moreover, the robustness of BUAKA-CS against possible attacks is proved through widelyrecognized automated software validation tools. We also compare BUAKA-CS with other existing schemes and prove its out performance in terms of security, functionality, computation and communication costs. Finally, we conduct the extensive blockchain-based simulations to measure the impact of BUAKA-CS on the performance of the system.
AI and Blockchain-Based Cloud-Assisted Secure Vaccine Distribution and Tracking in IoMT-Enabled COVID-19 Environment
Ashok Kumar Das,Basudeb Bera,Debasis Giri
IEEE Internet of Things Magazine, ITM, 2021
@inproceedings{bib_AI_a_2021, AUTHOR = {Ashok Kumar Das, Basudeb Bera, Debasis Giri}, TITLE = {AI and Blockchain-Based Cloud-Assisted Secure Vaccine Distribution and Tracking in IoMT-Enabled COVID-19 Environment}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2021}}
Coronavirus 2019, called COVID-19, is a transmissible disease caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). It earlier impacted the citizens of China alone. However, it has rapidly spread all over the world. The COVID-19 supply chain system aims to facilitate access to several critical items, such as personal protective equipment (PPE), biomedical equipment, diagnostics supplies, and vaccines. In this article, we discuss a robust security framework for vaccine distribution and tracking in an Internet of Medical Things (IoMT)-based cloud-assisted COVID-19 environment by considering both intra-country and inter-country scenarios. Various transactions related to vaccine requests, orders, distribution, and tracking are put into the blockchain in the form of blocks. Since blockchain technology offers immutability, transparency, and decentralization, the security of the proposed framework has been improved significantly. The proposed framework also supports artificial intelligence(AI)-based big data analytics on the information stored into the blocks in the blockchain. Furthermore, a practical demonstration of the proposed framework has been done through a blockchain simulation study.
SPCS-IoTEH: Secure Privacy-Preserving Communication Scheme for IoT-Enabled e-Health Applications
Neha Garg,Mohammad S. Obaidat,MOHAMMAD WAZID,Ashok Kumar Das,Devesh Pratap Singh
International Conference on Communications, ICC, 2021
@inproceedings{bib_SPCS_2021, AUTHOR = {Neha Garg, Mohammad S. Obaidat, MOHAMMAD WAZID, Ashok Kumar Das, Devesh Pratap Singh}, TITLE = {SPCS-IoTEH: Secure Privacy-Preserving Communication Scheme for IoT-Enabled e-Health Applications}, BOOKTITLE = {International Conference on Communications}. YEAR = {2021}}
—In an Internet of Things (IoT) enabled e-health system, smart health devices sense the health data continuously and share the collected data with the neighboring controller device (i.e., personal server) via some wireless communication mechanism (i.e., bluetooth and zigbee), and finally the data is stored on some health server (i.e., a server over the cloud). The health data is then accessible to healthcare service providers (for example, doctors, nursing staff, relatives of patient) for tracking and monitoring of health conditions of the patients for their better treatment at the earliest. In an IoT enabled health system, the smart healthcare devices communicate over public channel, which causes various types of threats and attacks on the ongoing communication. Therefore, we need a powerful privacypreserving security mechanism to secure the communication happens in an IoT enabled e-health system as the health data is strictly private and confidential. In this paper, we propose a new privacy-preserving access control and key management scheme for the secure communication of IoT enabled e-health system (SPCS-IoTEH). We also conduct informal security analysis of the proposed SPCS-IoTEH to show its robustness against various types of active and passive attacks. The performance of SPCSIoTEH is also shown to be better than other existing competing schemes.
Design and Testbed Experiments of Public Blockchain-Based Security Framework for IoT-Enabled Drone-Assisted Wildlife Monitoring
Ankush Mitra,Basudeb Bera,Ashok Kumar Das
IEEE Conference on Computer Communications Workshops, INFOCOM-W, 2021
@inproceedings{bib_Desi_2021, AUTHOR = {Ankush Mitra, Basudeb Bera, Ashok Kumar Das}, TITLE = {Design and Testbed Experiments of Public Blockchain-Based Security Framework for IoT-Enabled Drone-Assisted Wildlife Monitoring}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2021}}
In recent years, the Internet of Things (IoT) enabled drones, also called as unmanned aerial vehicles (UAVs), are widely used in many applications ranging from military to civilian applications, such as wildlife monitoring. Since the drones provide a risk-free as well as low-cost facility in order to quickly and persistently monitor natural circumstances at high spacial temporal resolution, they help in wildlife monitoring research. Due to wireless communication nature, the communication among the deployed drones in their respective flying zones and the IoT smart devices installed in animal bodies, and also among the drones and their respective ground station server (GSS), is susceptible to various passive and active attacks. To mitigate these issues, we propose a public blockchain based access control implementation for wild-life monitoring purpose. The application of both access control and blockchain at the same time not only protects various attacks, but also maintains immutability, transparency as well as decentralization properties. Next, we simulate the proposed security framework for the blockchain part to measure the total computational time needed to add a varied number of blocks in a blockchain and also a varied number of transactions per block. Finally, a practical testbed experiment has been implemented to show the feasibility of the proposed framework. Index Terms—Wildlife monitoring, blockchain, consensus, access control, security, testbed experiments.
SDN-Chain: Privacy-preserving protocol for Software Defined Networks using Blockchain
R Shashidhara,Nisha Ahuja,M Lajuvanthi,Ashok Kumar Das,Joel J. P. C. Rodrigues
Security and Privacy, S&P, 2021
@inproceedings{bib_SDN-_2021, AUTHOR = {R Shashidhara, Nisha Ahuja, M Lajuvanthi, Ashok Kumar Das, Joel J. P. C. Rodrigues}, TITLE = {SDN-Chain: Privacy-preserving protocol for Software Defined Networks using Blockchain }, BOOKTITLE = {Security and Privacy}. YEAR = {2021}}
Software-defined networking (SDN) is a programmable architecture for networking domain in which the security is provided by devising the network policies with the help of the network administrator. This is very cumbersome for the administrator to handle different attacks at various planes in SDN architecture. Blockchain can be used to prevent various attacks in SDN by providing a decentralization authentication environment. In this article, a secure Blockchain-based privacy-preserving protocol is proposed to thwart various security vulnerabilities in the SDN architecture. The proposed approach uses Modified-Delegated Proof of Stake as the consensus protocol to ensure safety and reliability in the network. Besides, a security protocol is designed using cryptographic primitives and analyzed using a detailed security analysis. Initially, the consensus protocols are implemented using solidity smart contracts and deployed to the public Blockchain using Ethereum. Consequently, the proposed approach is simulated on OMNet++ using INET framework. The experimental results show that the proposed SDN-Chain is secure, efficient, less incentive to centralize, and practically implementable in resource-limited wireless and mobile environments.
Designing Fine-grained Access Control for Software Defined Networks using Private Blockchain
Durbadal Chattaraj,Basudeb Bera,Ashok Kumar Das,Joel J. P. C. Rodrigues,YoungHo Park
IEEE Internet of Things Journal, IOT, 2021
@inproceedings{bib_Desi_2021, AUTHOR = {Durbadal Chattaraj, Basudeb Bera, Ashok Kumar Das, Joel J. P. C. Rodrigues, YoungHo Park}, TITLE = {Designing Fine-grained Access Control for Software Defined Networks using Private Blockchain}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}
Emerging next-generation Internet yields proper administration of a wide-ranging dynamic network to assist rapid ubiquitous resource accessibility, whilst providing higher channel bandwidth. Since its inception, the traditional static network infrastructure-based solutions involve manual configuration and proprietary controls of networked devices. It then leads to improper utilization of the overall resources, and hence experiences various security threats. Although transport layer security (TLS)-based solution is presently advocated in the said framework, it is vulnerable to many security threats like man-in-the-middle, replay, spoofing, privileged-insider, impersonation, and denial-of-service attacks. Moreover, the current settings of the said tool do not facilitate any secure and reliable mechanisms for data forwarding, application flow routing, new configuration deployment, and network event management. Also, it suffers from the single point of controller failure issue. In this paper, we propose a new private blockchain-enabled fine-grained access control mechanism for the SDN environment. In this regard, attribute-based encryption (ABE) and certificate-based access control protocol are incorporated. This proposed solution can resist several well-known security threats, and alleviate different system-level inconveniences. The formal and informal security inspections and performance-wise comparative study of the proposed scheme endorse better qualifying scores as compared to the other existing competing state-of-art schemes. Besides, the experimental testbed implementation and blockchain simulation show the implementation feasibility of the proposed mechanism.
Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment
Soumya Banerjee,Ashok Kumar Das,Samiran Chattopadhyay ,Sajjad Shaukat Jamal,Joel J. P. C. Rodrigues,Youngho Park
Electronics, Electronics, 2021
@inproceedings{bib_Ligh_2021, AUTHOR = {Soumya Banerjee, Ashok Kumar Das, Samiran Chattopadhyay , Sajjad Shaukat Jamal, Joel J. P. C. Rodrigues, Youngho Park}, TITLE = {Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment }, BOOKTITLE = {Electronics}. YEAR = {2021}}
Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.
iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment
Ashok Kumar Das,Basudeb Bera,MOHAMMAD WAZID,SAJJAD SHAUKAT JAMAL,YOUNGHO PARK
IEEE Access, ACCESS, 2021
@inproceedings{bib_iGCA_2021, AUTHOR = {Ashok Kumar Das, Basudeb Bera, MOHAMMAD WAZID, SAJJAD SHAUKAT JAMAL, YOUNGHO PARK}, TITLE = {iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}
Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key rCR of the trusted control room (CR), which is extremely unfortunate careless design flaw and it leads to compromise the entire network. Using the disclosed private key rCR , we further show that GCACS-IoD is completely insecure against other serious attacks, such as malicious drones deployment attack, drone/GSS impersonation attacks and Ephemeral Secret Leakage (ESL) attack, which lead to compromise the session key between any two drones communicating in a particular flying zone. We thus feel that there is a strong need to remedy such serious weaknesses found in Chaudhry et al. ’s GCACS-IoD. An improved certificate-enabled generic access control scheme for IoD deployment, called as i GCACS-IoD, has been suggested, which overcomes the weaknesses found in the previous GCACS-IoD. The practical demonstration of i GCACS-IoD has been done through formal security verification and also through NS2 simulation study.
An Enhanced Lightweight and Secured Authentication Protocol for Vehicular Ad-hoc Network
TarakNandy,Mohd Yamani IdnaIdris,Rafidah MdNoor,Ashok Kumar Das,Xiang Li,Norjihan Abdul Ghania,Sananda Bhattacharyyae
Computer Communications, CC, 2021
@inproceedings{bib_An_E_2021, AUTHOR = {TarakNandy, Mohd Yamani IdnaIdris, Rafidah MdNoor, Ashok Kumar Das, Xiang Li, Norjihan Abdul Ghania, Sananda Bhattacharyyae}, TITLE = {An Enhanced Lightweight and Secured Authentication Protocol for Vehicular Ad-hoc Network}, BOOKTITLE = {Computer Communications}. YEAR = {2021}}
A substantial number of authentication protocols are designed to safeguard vehicular ad-hoc network (VANET) communication from potential attacks; however, they experienced an inability to provide a balance between lightweight and security. Existing security and privacy-preserving based authentication protocols in vehicular networks mostly rely on the trusted authority and signatures to validate the communication on road. Accomplishing the quick validation and correspondence is difficult in such methodologies and further, they endure execution obliges from coming about overhead. To overcome these issues, we have developed an enhanced lightweight and secure authentication protocol (ELSAP) for V2V Communication in VANETs. Moreover, the scheme withheld with self-authentication prior to communication that enhances the network feasibilities, which in return needs less message transfer during authentication as well as communication, indicates lightweight features. Furthermore, two or more vehicles can securely perform mutual authentication, proven by Burrow–Abadi–Needham (BAN) logic. Additionally, the competency of the proposed protocol against the current updated threats is shown via security analysis and comparisons tools such as Automated Validation of Internet Security Protocols and Applications (AVISPA). The result of the performance analysis shows that the communication cost and computational cost outperformed the earlier authentication schemes alongside the security features of the proposed protocol.
Block-CLAP: Blockchain-assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation
Durbadal Chattaraj,Basudeb Bera,Ashok Kumar Das,Sourav Saha,Pascal Lorenz,YoungHo Park
IEEE Transactions on Vehicular Technology, TVT, 2021
@inproceedings{bib_Bloc_2021, AUTHOR = {Durbadal Chattaraj, Basudeb Bera, Ashok Kumar Das, Sourav Saha, Pascal Lorenz, YoungHo Park}, TITLE = {Block-CLAP: Blockchain-assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}
In the Internet of Vehicles (IoV), numerous potential applications have come up with the use of the Internet of Things (IoT)-empowered smart devices. In IoV, vehicles, roads, street signs and traffic lights can accordingly adjust to changing conditions in order to assist drivers, and also to improve safety, ease congestion and pollution reduction. Since various entities in an IoV environment make communications over public channels, there are potential security threats. To deal with such serious threats, we design a new blockchain-assisted certificateless key agreement protocol for IoV in smart transportation context, called Block-CLAP. To manage the dynamic vehicles efficiently, the vehicles are grouped into the dynamic clusters, and each cluster will have a cluster head (CH) with its members as other neighbor vehicles and an road-side unit (RSU). In Block-CLAP, through authentication key management, data reach to the CH and then to its nearby RSU securely using the established secret keys. The cloud server then securely collects the information from its attached RSUs and create the transactions. Later, the transactions are formed into blocks by the cloud server (CS) in a Peer-to-Peer (P2P) cloud servers network, and the blocks are verified and added through voting-based consensus algorithm in the blockchain. The detailed security analysis through formal, informal and formal security verification, and comparative study show that Block-CLAP provides superior security and has low communication and computational overheads as compared with other existing competing authentication schemes in the IoV environment. Finally, the blockchain-based implementation of Block-CLAP has been performed to measure computational time needed for a varied number of transactions per block and also for a varied number of blocks mined in the blockchain.
Access Control Protocol for Battlefield Surveillance in Drone-Assisted IoT Environment
Basudeb Bera,Ashok Kumar Das,Sahil Garg,Md. Jalil Piran,M. Shamim Hossain
IEEE Internet of Things Journal, IOT, 2021
@inproceedings{bib_Acce_2021, AUTHOR = {Basudeb Bera, Ashok Kumar Das, Sahil Garg, Md. Jalil Piran, M. Shamim Hossain}, TITLE = {Access Control Protocol for Battlefield Surveillance in Drone-Assisted IoT Environment }, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}
Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.
Smart Contract-Based Blockchain-Envisioned Authentication Scheme for Smart Farming
Vangala Anusha,Anil Kumar Sutrala ,Ashok Kumar Das,Minho Jo
IEEE Internet of Things Journal, IOT, 2021
@inproceedings{bib_Smar_2021, AUTHOR = {Vangala Anusha, Anil Kumar Sutrala , Ashok Kumar Das, Minho Jo}, TITLE = {Smart Contract-Based Blockchain-Envisioned Authentication Scheme for Smart Farming}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}
A blockchain-based smart farming technology provides the agricultural data to the farmers and other users associated with smart farming on a single integrated platform. Moreover, persistence and auditability of stored data in blocks into the blockchain provide the confidence of using the correct data when needed later and adds transparency, anonymity, and traceability at the same time. To fulfill such a goal, in this article, we design a new smart contract-based blockchainenvisioned authenticated key agreement mechanism in a smart farming environment. The device-to-device (D2D) authentication phase and device-to-gateway (D2G) authentication phase support mutual authentication and key agreement between two Internetof-Things (IoT)-enabled devices and between an IoT device and the gateway node (GWN) in the network, respectively. The blocks are created by the edge servers on the authenticated data of IoT devices received from the GWNs and then sent to the cloud server (CS). The smart contract-based consensus mechanism allows verification and addition of the formed blocks by a peer-to-peer (P2P) CSs network. The security of the proposed scheme is done through formal and informal security analysis, and also using the formal security verification tool. A detailed comparative study reveals that the proposed scheme offers superior security and more functionality features as compared to existing competing authentication protocols. Finally, the blockchain-based simulation has been conducted to measure computational time for a varied number of mined blocks and also a varied number of transactions per block.
On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System
Palak Bagga,Ashok Kumar Das,Mohammad Wazid,Joel J. P. C. Rodrigues,Kim-Kwang Raymond Choo,YoungHo Park
IEEE Transactions on Vehicular Technology, TVT, 2021
@inproceedings{bib_On_t_2021, AUTHOR = {Palak Bagga, Ashok Kumar Das, Mohammad Wazid, Joel J. P. C. Rodrigues, Kim-Kwang Raymond Choo, YoungHo Park }, TITLE = {On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}
Internet of Vehicles (IoV), a distributed network involving connected vehicles and Vehicular Ad Hoc Networks (VANETs), allows connected vehicles to communicate with other Internet-connected entities in real time. The communications among these entities (e.g. vehicles, pedestrians, fleet management systems, and road-side infrastructure) generally take place via an open channel. In other words, such an open communication can be targeted by the adversary to eavesdrop, modify, insert fabricated (or malicious) messages, or delete any data-in-transit; thus, resulting in replay, impersonation, man-in-the-middle, privileged-insider, and other related attacks. In addition to security, anonymity and untraceability are two other important features that should be achieved in an authentication protocol. In this paper, we propose a new mutual authentication and key agreement protocol in an IoV-enabled Intelligent Transportation System (ITS). Using both formal and informal security analysis, as well as formal security verification using an automated verification tool, we show that the proposed scheme is secure against several known attacks in an IoV-enabled ITS environment. Furthermore, a detailed comparative analysis shows that the proposed scheme has low communication and computational overheads, and offers better security and functionality attributes in comparison to seven other competing schemes. We also evaluate the performance of the proposed scheme using NS2.
LAPTAS: lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT
Hossein Abdi Nasib Far,Majid Bayat,Ashok Kumar Das,Mahdi Fotouhi,Morteza Pournaghi,M. A. Doostar
Wireless Networks, WNS, 2021
@inproceedings{bib_LAPT_2021, AUTHOR = {Hossein Abdi Nasib Far, Majid Bayat, Ashok Kumar Das, Mahdi Fotouhi, Morteza Pournaghi, M. A. Doostar}, TITLE = {LAPTAS: lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT}, BOOKTITLE = {Wireless Networks}. YEAR = {2021}}
Nowadays, wireless sensor networks (WSNs) are essential for monitoring and data collection in many industrial environments. Industrial environments are usually huge. The distances between the devices located in them can be vast; in this case, the Industrial Internet of Things (IIoT) leads to greater productivity and efficiency of industries. Furthermore, the sensor devices in IIoT have limited memory and constrained processing power, and using gateway nodes is inevitable to cover these vast areas and manage communications between industrial sensors. Security threats such as compromised devices, denial of service, and leakage of confidential information can incur hefty expenses and irreparable damage to industrial systems. Hence, in the IIoT hierarchical architecture, anonymous and mutual authentication between users, gateway nodes, and sensor nodes is essential to protect users and the system’s security and privacy. In this article, we propose a lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-Based IIoT (LAPTAS). In LAPTAS, registered users can use their security smartcard to communicate with sensors and access their data. Moreover, the proposed scheme supports sensor node dynamic registration, password and biometric change, and revocation phase. Additionally, we evaluate and verify our scheme’s security formally using the Real-or-Random model and informally with the automatic cryptographic Protocol Verifier tool(ProVerif). Finally, our scheme is simulated by the OPNET network simulator and compared with other similar schemes to ensure that the LAPTAS meets all security and performance requirements.
Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems
Anil Kumar Sutrala,Mohammad S. Obaidat,Sourav Saha,Ashok Kumar Das,Mamoun Alazab,Youngho Park
IEEE Transactions on Intelligent Transportation Systems, ITS, 2021
@inproceedings{bib_Auth_2021, AUTHOR = {Anil Kumar Sutrala, Mohammad S. Obaidat, Sourav Saha, Ashok Kumar Das, Mamoun Alazab, Youngho Park}, TITLE = {Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems }, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2021}}
With the tremendous growth of Information and Communications Technology (ICT), Cyber Physical Systems (CPS) have opened the door for many potential applications ranging from smart grids and smart cities to transportation, retail, public safety and networking, healthcare and industrial manufacturing. However, due to communication via public channel occurring among various entities in an industrial CPS (ICPS) with the help of the 5G technology and Software-Defined Networking (SDN), it poses several potential security threats and attacks. To mitigate these issues, we propose a new three-factor user authentication and key agreement scheme (UAKA-5GSICPS) for 5G-enabled SDN based ICPS environment. UAKA-5GSICPS allows an authorized user to access the real-time data directly from some designated Internet of Things (IoT)-based smart devices provided that a successful mutual authentication among them is executed via their controller node in the SDN network. It is shown to be robust against various potential attacks through detailed security analysis including the simulation-based formal security verification. A detailed comparative study with the help of experimental results shows that UAKA-5GSICPS achieves better trade-off among security and functionality features, communication and computation overheads as compared to other existing competing schemes.
Private blockchain-envisioned multi-authority CP-ABE-based user access control scheme in IIoT
SoumyaBanerjee,Basudeb Bera,Ashok Kumar Das,Samiran Chattopadhyaya,Muhammad KhurramKhan,Joel J.P.C.Rodriguesde
Computer Communications, CC, 2021
@inproceedings{bib_Priv_2021, AUTHOR = {SoumyaBanerjee, Basudeb Bera, Ashok Kumar Das, Samiran Chattopadhyaya, Muhammad KhurramKhan, Joel J.P.C.Rodriguesde}, TITLE = {Private blockchain-envisioned multi-authority CP-ABE-based user access control scheme in IIoT}, BOOKTITLE = {Computer Communications}. YEAR = {2021}}
Recent advances in Low Power Wide Area Network (LPWAN) are expected to augment the already prodigious proliferation of Industrial Internet of Things (IIoT). However, this unrepresented growth is tinged by the uncertainty of possible challenges in security and privacy. In this work, we propose a novel blockchain-envisioned fine grained user access control scheme for data security and scalability in IIoT environment. The proposed scheme supports multiple attribute authorities and also a constant size key and ciphertext. The data gathered by the IoT smart devices are encrypted using the cipher-policy attribute based encryption (CP-ABE) and sent to their nearby gateway nodes. Later, the gateway nodes form the transactions from the encrypted data from the smart devices which are used to form partial blocks. The partial blocks are then forwarded to the cloud server(s) in the peer-to-peer (P2P) network to convert them into full blocks, which are verified, mined and added into the blockchain using the voting-based practical Byzantine fault tolerance (PBFT) consensus algorithm. The proposed scheme also allows a user to access the secure data stored in the blocks into the blockchain using the CP-ABE mechanism. The security analysis demonstrates the robustness of the proposed scheme against various attacks, and the comparative study with related relevant schemes also highlights the advantage of the proposed scheme over existing approaches. Finally, a blockchain implementation of the presented scheme summarizes the computational costs for a varied number of transactions per block, and also for a varied number of blocks mined in the blockchain.
Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”
SUNGJIN YU,Ashok Kumar Das, Youngho Park
IEEE Access, ACCESS, 2021
@inproceedings{bib_Comm_2021, AUTHOR = {SUNGJIN YU, Ashok Kumar Das, Youngho Park}, TITLE = {Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}
Smart home is intended to be able to enhance home automation systems and achieves goals such as reducing operational costs and increasing comfort while providing security to mobile users. However, an attacker may attempt security attacks in smart home environments because he/she can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2020, Iqbal et al. presented an anonymous lightweight authentication protocol for software-defined networking (SDN) enabled smart home, called ALAM. They claimed that ALAM protocol could resist security threats, and also provide secure mutual authentication and user anonymity. This comment demonstrates that ALAM protocol is fragile to various attacks, including session key disclosure, impersonation, and man-in-the-middle attacks, and also their scheme cannot provide user anonymity and mutual authentication. We propose the essential security guidelines to overcome the security flaws of ALAM protocol.
Provably Secure Authentication Protocol for Mobile Clients in IoT Environment using Puncturable Pseudorandom Function
Muhammad Asad Saleem,Zahid Ghaffar,Khalid Mahmood,Ashok Kumar Das,Joel J. P. C Rodrigues,Muhammad Khurram Khan
IEEE Internet of Things Journal, IOT, 2021
@inproceedings{bib_Prov_2021, AUTHOR = {Muhammad Asad Saleem, Zahid Ghaffar, Khalid Mahmood, Ashok Kumar Das, Joel J. P. C Rodrigues, Muhammad Khurram Khan}, TITLE = {Provably Secure Authentication Protocol for Mobile Clients in IoT Environment using Puncturable Pseudorandom Function}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}
The Internet of things (IoT) is a framework of various services and smart technologies that mutually communicate information between mobile devices and users or just between devices with the help of Internet connectivity. The dramatic progression of IoT helps numerous network applications and communication technologies to introduce state-of-the-art communication models for enabling interaction among mobile server, clients and various other smart entities. Now-a-days, online mobile services have gained huge attention by providing ample convenience to the distant users. However, it is necessary to secure the information, being exchanged among mobile clients and server. Therefore, a large number of authentication protocols have been presented but majority of them are unsuitable to fulfill novel security requirements and standards. Moreover, they are incompatible for IoT Environment due to higher computation and communication complexity. Consequently, there is a dire need of developing an adequate, reliable and cost-effective authentication protocol. In this article, we introduce a novel identity-based key agreement protocol using the puncturable pseudorandom functions for mobile clients in IoT environment. The proposed PSK-MC protocol enable two mobile clients to accomplish mutual authentication via server. The proposed protocol is evaluated formally and informally to determine its security strength. The formal security analysis is presented using the widely used random oracle model. Moreover, all the cryptographic operations used at mobile client side are executed on a mobile device, while the operations used at server side are implemented on a desktop machine to get the experimental results to determine computation cost. The performance analysis reveals the fact that our protocol is comparatively better than related protocols by exhibiting least communication and computation overhead.
On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure
Ashok Kumar Das,Basudeb Bera,MOHAMMAD WAZID, Sajjad Shaukat Jamal,Youngho Park
IEEE Access, ACCESS, 2021
@inproceedings{bib_On_t_2021, AUTHOR = {Ashok Kumar Das, Basudeb Bera, MOHAMMAD WAZID, Sajjad Shaukat Jamal, Youngho Park}, TITLE = {On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}
In recent years, the Internet of things (IoT) has become an encouraging communication paradigm that has numerous applications including smart city, smart home and intelligent transportation system. The information sensed by several IoT smart devices can be security stored at the (cloud) servers. An external user, being a client, can access the services from a server for the sensing information, provided that a mutual authentication happens among them. Using the established session key among the user and the server, encrypted information with the help of session key can be delivered to the user by the server securely. Recently, Rana et al. proposed a smart-card based remote user authentication scheme using user password. In this comment paper, we carefully analyzed the scheme of Rana et al. and tracked down that their scheme is insecure against serious attacks, including stolen smart card attack, privileged-insider attack, user impersonation attack, password change attack and Ephemeral Secret Leakage (ESL) attack. Furthermore, their scheme does not preserve untraceability feature. To remedy these security pitfalls, we also provide some remedies that can help in building more secure and effective user authentication scheme to apply in securing next generation IoT infrastructure.
Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks
Joonyoung Lee ,Geonhwan Kim,Ashok Kumar Das,Youngho Park
IEEE Transactions on Network Science and Engineering ( Early Access ), TNSE, 2021
@inproceedings{bib_Secu_2021, AUTHOR = {Joonyoung Lee , Geonhwan Kim, Ashok Kumar Das, Youngho Park}, TITLE = {Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks }, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2021}}
Vehicular Ad Hoc Network (VANET) and Internet of Vehicle (IoV) technologies are particularly attracting attention from industry communities because of the intelligent transportation systems of smart city technologies. This study proposes an authentication and key agreement protocol for vehicle-to-vehicle(V2V) communication of IoV. Through V2V communication, traffic system management and road safety can be guaranteed. However, V2V communication cannot manage many vehicles as a whole, so it needs to be segmented and communicated by region. Therefore, considering locality, key agreement is made for V2V communication of the same or different regions, and a lightweight protocol is proposed for dynamic properties of vehicles to achieve such a goal. In addition, since the vehicle information is transmitted through a public channel, the security against various attacks is guaranteed by using mutual authentication and honey_list technology. It provides verification of safety through a detailed security analysis using the formal analysis using the widely-accepted Real-Or-Random(ROR) model, formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) software validation tool and non-mathematical(informal) security analysis. In addition, a detailed comparative study that the proposed scheme can be applied in the communication environment between actual vehicles as compared to other existing competing schemes.
MADP-IIME: Malware Attack Detection Protocol in IoT-Enabled Industrial Multimedia Environment using Machine Learning Approach
Sumit Pundir,Mohammad S. Obaidat,Mohammad Wazid,Ashok Kumar Das,Devesh Pratap Singh,Joel J. P. C. Rodrigues
Multimedia Systems, MS, 2021
@inproceedings{bib_MADP_2021, AUTHOR = {Sumit Pundir, Mohammad S. Obaidat, Mohammad Wazid, Ashok Kumar Das, Devesh Pratap Singh, Joel J. P. C. Rodrigues}, TITLE = {MADP-IIME: Malware Attack Detection Protocol in IoT-Enabled Industrial Multimedia Environment using Machine Learning Approach}, BOOKTITLE = {Multimedia Systems}. YEAR = {2021}}
Internet of Things (IoT) is one of the fastest-growing technologies. With the deployment of massive and faster mobile networks, almost every daily-use item is connected to the Internet. IoT-enabled industrial multimedia environment is used for the collection and analysis of different types of multimedia data (i.e., images, videos, audios, etc.). This multimedia data is generated by various types of smart devices like drones, robots, smart controller, smart surveillance system which are deployed for the industrial monitoring and control. The multimedia data is generated in the enormous amount which can be considered as the big data. This data is further utilized in various types of business needs for example, chances of fire accidents in the industrial plant, overall machine health, etc., which can be predicted through the application of big data analytics. Therefore, IoT-enabled industrial multimedia environment is very helpful to the concerned authorities as they come to know the important information in advance. However, all the smart devices are connected and controlled through the Internet. It further causes severe threats to the communication happens in an IoT-enabled industrial multimedia environment. It is vulnerable to various types of attacks such as replay, man-in-the-middle, impersonation, secret information leakage, sensitive information modification, and malware injection (i.e., mirai). Therefore, it is important to prevent the communication of such an environment against the different types of possible attacks. These days, the attacks performed by botnets (i.e., malware attacks such as mirai and reaper) have drawn attention to the researchers. Under the influence of such attacks, the communication of IoT-enabled industrial multimedia environment is disrupted. Moreover, the attackers may also control the smart devices remotely and can change their functionalities. Hence, we need some robust mechanism to detect the presence of the malware attacks in such an environment. In this paper, we propose a malware detection mechanism in IoT-enabled industrial multimedia environment with the help of machine-learning approach, which is named as MADP-IIME. MADP-IIME uses four different types of machine learning methods (i.e., naive bayes, logistic regression, artificial neural networks (ANN) and random forest) to detect the presence of malware attacks successfully. Furthermore, MADP-IIME performs better than other related existing schemes and achieves 99.5% detection and 0.5% false positive rate. In addition, the conducted security analysis proves the resilience of the proposed MADP-IIME against different types of malware attacks.
On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-limited Mobility Networks
R. SHASHIDHARA, SANJEET KUMAR NAYAK,Ashok Kumar Das,YOUNGHO PARK
IEEE Access, ACCESS, 2021
@inproceedings{bib_On_t_2021, AUTHOR = {R. SHASHIDHARA, SANJEET KUMAR NAYAK, Ashok Kumar Das, YOUNGHO PARK}, TITLE = {On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-limited Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}
A secure authentication protocol plays a crucial role in securing communications over wireless and mobile networks. Due to resource-limitations and the nature of the wireless channel, the global mobile networks are highly susceptible to various attacks. Recently, an efficient authentication system for global roaming has been proposed in the literature. In this article, we first show that the analyzed authentication system is vulnerable man-in-the-middle attack, replay attack and Denial-of-Service (DoS) attack, and it does not ensure untraceability and local password-verification process to identify wrong passwords. To fix these security flaws, we propose a more efficient and robust authentication system for roaming in mobility networks. We use the formal verification tools like ProVerif, Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) logic to check the regularity of the authentication protocol. Moreover, we prove the secrecy of a session key through the formal security using the random oracle model, known as Real-Or-Random (ROR) model. Finally, a detailed performance evaluation proves that the security protocol not only provides a security strength, but also preserves the low computational overhead. Thus, the proposed authentication protocol is secure and computationally efficient as compared to other relevant schemes.
A new IoT-based smart energy meter for smart grids
Danielly B. Avancini, Joel J. P. C. Rodrigues,Ricardo A. L. Rabêlo,Ashok Kumar Das, Sergey Kozlov,Petar Solic
International journal of Energy Research, IJER, 2020
Abs | | bib Tex
@inproceedings{bib_A_ne_2020, AUTHOR = {Danielly B. Avancini, Joel J. P. C. Rodrigues, Ricardo A. L. Rabêlo, Ashok Kumar Das, Sergey Kozlov, Petar Solic}, TITLE = {A new IoT-based smart energy meter for smart grids}, BOOKTITLE = {International journal of Energy Research}. YEAR = {2020}}
resent Address Federal University of Piauí (UFPI)Campus Petrônio Portela - Bloco 8 Centro de Tecnologia, Ininga 64049-550 Teresina - PI, Brazil. Funding information: Companhia Energética de Minas Gerais, Grant/Award Number: Project No D0640; Conselho Nacional de Desenvolvimento Científico e Tecnológico, Grant/Award Numbers: Grant N. 309335/2017-5, Grant No. 431726/2018-3; FCT/MCTES, Grant/Award Number: Project UIDB/EEA/50008/2020; Brazilian National Council for Scientific and Technological Development, Grant/Award Numbers: 309335/2017-5, 431726/2018-3; FAPEMIG/CEMIG, Grant/Award Number: D0640; TSDA Comunicações Company
On the Design of a Secure Anonymous User Authentication Scheme for Multiple Base Stations Based Wireless Sensor Networks
Soumya Banerjee,Vanga Odelu,Ashok Kumar Das,Samiran Chattopadhyay,Debasis Giri
International Conference on Mathematics and Computing, ICMC, 2020
Abs | | bib Tex
@inproceedings{bib_On_t_2020, AUTHOR = {Soumya Banerjee, Vanga Odelu, Ashok Kumar Das, Samiran Chattopadhyay, Debasis Giri}, TITLE = {On the Design of a Secure Anonymous User Authentication Scheme for Multiple Base Stations Based Wireless Sensor Networks}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2020}}
In recent years, security and data privacy in Wireless Sensor Networks (WSNs) have gained great thrust. Several anonymity-preserving user authentication and key establishment mechanisms for WSNs with single base station have been suggested in the literature. However, sometimes a single base station may be insufficient to maintain the proper quality of services or it may be a single point of failure in WSNs. Very recently Amin et al. suggested a multiple base stations based anonymous user authentication and key establishment approach for WSNs to address the aforementioned problem. In this paper, we first demonstrate that Amin et al.’s scheme has several security pitfalls. To address the security issues in Amin et al.’s scheme, we design a more secure and anonymous user authentication and key establishment mechanism for WSNs that is also based on multiple base stations concept. An exhaustive comparative study demonstrates that the proposed mechanism gives significantly better security and more functionality attributes with comparable commutation as well as computation overheads while those are compared with Amin et al’s. approach.
Anonymous Fine-Grained User Access Control Scheme for Internet of Things Architecture
Soumya Banerjee,Vanga Odelu,Ashok Kumar Das,Samiran Chattopadhyay,Debasis Giri
International Conference on Mathematics and Computing, ICMC, 2020
Abs | | bib Tex
@inproceedings{bib_Anon_2020, AUTHOR = {Soumya Banerjee, Vanga Odelu, Ashok Kumar Das, Samiran Chattopadhyay, Debasis Giri}, TITLE = {Anonymous Fine-Grained User Access Control Scheme for Internet of Things Architecture}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2020}}
With the rapid growth of wireless technology, Internet of Things (IoT) became very popular in both industrial as well as consumer product domains. While there is a lot of available platforms and technologies for IoT, the access control issue is often overlooked in the IoT security research. An effective access control depends on the proper user authentication mechanism. Thus, access control in this scenario is an emerging and challenging problem in the IoT environment. In this paper, we design an anonymous fine-grained user access control mechanism for IoT architecture. In the proposed scheme, the user authentication is performed by the smart device node based on the user attributes, which enables fine-grained access control over the authorized data. We utilize the widely accepted formal verification tool, called the Automated Validation of Internet Security Protocols and Applications (AVISPA), to formally prove the security of the proposed scheme. Additionally, we also provide a detailed informal security analysis of the scheme. Finally, we perform a simulation study using the broadly used NS3 network simulator to show the practical impact on the proposed scheme on various network parameters.
Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions
Abdallah Mustafa Abdelrahman, Joel J. P. C. Rodrigues,Mukhtar M. E. Mahmoud, Kashif Saleem,Ashok Kumar Das,Valery Korotaev, Sergei A. Kozlov
International Journal of Communication Systems, IJCS, 2020
Abs | | bib Tex
@inproceedings{bib_Soft_2020, AUTHOR = {Abdallah Mustafa Abdelrahman, Joel J. P. C. Rodrigues, Mukhtar M. E. Mahmoud, Kashif Saleem, Ashok Kumar Das, Valery Korotaev, Sergei A. Kozlov}, TITLE = {Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2020}}
Software-defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data-forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built-in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state-of-the-art SDN controllers and the available countermeasures. Furthermore, an in-depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.
Consortium blockchain-enabled access control mechanism in edge computing based generic Internet of Things environment
Sourav Saha,Durbadal Chattaraj,Basudeb Bera,Ashok Kumar Das
Emerging Telecommunications Technologies, ETeT, 2020
Abs | | bib Tex
@inproceedings{bib_Cons_2020, AUTHOR = {Sourav Saha, Durbadal Chattaraj, Basudeb Bera, Ashok Kumar Das}, TITLE = {Consortium blockchain-enabled access control mechanism in edge computing based generic Internet of Things environment}, BOOKTITLE = {Emerging Telecommunications Technologies}. YEAR = {2020}}
This article introduces a new consortium blockchain-enabled access control scheme in edge computing based generic Internet of Things environment (called CBACS-EIoT), where the mutual authentication among the IoT smart devices and the gateway node(s), and also among the gateway node(s) and respective edge server(s) occur. In addition, key management phase is executed among the edge server(s) and associated cloud server(s). Using the established secret keys, the entities in the network communicate securely. The data gathered securely by the gateway nodes are then used to form various types of blocks (private, public, or consortium) at the edge server(s) based on application types in the generic IoT environment. The created blocks are mined by the edge servers in order to add them in the blockchain center. A detailed security analysis including the formal security has revealed that the proposed CBACS-EIoT is robust against various potential attacks needed in the IoT environment. To further strengthen the security, the simulation-based formal security verification on CBACS-EIoT has been carried out to exhibit that CBACS-EIoT is secure against passive and active attacks. Finally, a meticulous comparative performance analysis shows that CBACS-EIoT offers superior security and supports more functionality features, and also provides less communication and computational overheads compared with existing relevant schemes.
On the Design of Blockchain-Based Access Control Scheme for Software Defined Networks
Durbadal Chattaraj,Sourav Saha,Basudeb Bera,Ashok Kumar Das
IEEE Conference on Computer Communications Workshops, INFOCOM-W, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {Durbadal Chattaraj, Sourav Saha, Basudeb Bera, Ashok Kumar Das}, TITLE = {On the Design of Blockchain-Based Access Control Scheme for Software Defined Networks}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2020}}
Software Defined Networking (SDN) becomes a de facto standard for the future Internet. SDN decouples the control plane from the data plane of a proprietary network asset to ensure better programmability and security for designing more innovative future network applications. Presently, the SDN framework does not have proper access control mechanism among different entities, namely SDN applications, SDN controllers and switches. To achieve this goal, this paper proposes a blockchain-based access control scheme for the SDN framework. The proposed scheme has the capability to resist various wellknown attacks and alleviate the existing single point of controller failure issue in SDN. Index Terms—software-defined networking, blockchain, consensus, security, access control.
On the Design of Secure Communication Framework for Blockchain-Based Internet of Intelligent Battlefield Things Environment
Mohammad Wazid,Ashok Kumar Das,Sachin Shetty,Joel J. P. C. Rodrigues
IEEE Conference on Computer Communications Workshops, INFOCOM-W, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues}, TITLE = {On the Design of Secure Communication Framework for Blockchain-Based Internet of Intelligent Battlefield Things Environment}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2020}}
On the basis of the Internet of Things (IoT) applications, several variants such as Internet of Energy (IoE), Internet of Vehicles (IoV), Internet of Drones (IoD), Internet of Medical Things (Internet of Health, IoMT) and Internet of Intelligent Battlefield Things (IoIBT) are developed. The smart devices involved in IoT can also utilize artificial intelligence algorithm (i.e., machine learning) to make the communication environment more effective and efficient. Intelligent Battlefield Things (IBT) communication environment is an example of that kind. It consists of smart and intelligent devices (i.e., drones), which monitor the activities of the enemies and retaliate accordingly. Hence, we need very less or negligible human involvement. IBT communication environment is very suitable for the purpose of battlefield communication (i.e., war zone, target tracking and hitting, border area surveillance and retaliation). However, IBT has certain drawbacks, because it may be vulnerable to different types of attacks, such as replay, man-in-the-middle, impersonation, data modification, data leakage attacks, etc. Therefore, it becomes essential to provide a security mechanism to secure the communication that happens in IBT environment. To achieve this purpose, we propose a secure communication framework for the blockchain of IBT environment. In addition, the benefits of applications of blockchain of IBT are discussed. The issues and challenges of blockchain of IBT environment are also highlighted. Finally, a security analysis of the proposed framework is conducted to depict its resilience against possible attacks.
Private blockchain-envisioned security framework for AI-enabled IoT-based drone-aided healthcare services
Mohammad Wazid,Basudeb Bera,Ankush Mitra,Ashok Kumar Das,Rashid Ali
International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob, 2020
@inproceedings{bib_Priv_2020, AUTHOR = {Mohammad Wazid, Basudeb Bera, Ankush Mitra, Ashok Kumar Das, Rashid Ali}, TITLE = {Private blockchain-envisioned security framework for AI-enabled IoT-based drone-aided healthcare services}, BOOKTITLE = {International Conference on Wireless and Mobile Computing, Networking and Communications}. YEAR = {2020}}
Internet of Drones (IoD) architecture is designed to support a co-ordinated access for the airspace using the unmanned aerial vehicles (UAVs) known as drones. Recently, IoD communication environment is extremely useful for various applications in our daily activities. Artificial intelligence (AI)-enabled Internet of Things (IoT)-based drone-aided healthcare service is a specialized environment which can be used for different types of tasks, for instance, blood and urine samples collections, medicine delivery and for the delivery of other medical needs including the current pandemic of COVID-19. Due to wireless nature of communication among the deployed drones and their ground station server, several attacks (for example, replay, man-in-the-middle, impersonation and privileged-insider attacks) can be easily mounted by malicious attackers. To protect such attacks, the deployment of effective authentication, access control and key management schemes are extremely important in the IoD environment. Furthermore, combining the blockchain mechanism with deployed authentication make it more robust against various types of attacks. To mitigate such issues, we propose a private-blockchain based framework for secure communication in an IoT-enabled drone-aided healthcare environment. The blockchain-based simulation of the proposed framework has been carried out to measure its impact on various performance parameters.
SAC-FIIoT: Secure Access Control Scheme for Fog-Based Industrial Internet of Things
Mohammad Wazid,Mohammad S. Obaidat,Ashok Kumar Das,Pandi Vijayakumar
IEEE Global Communications Conference, GLOBECOM, 2020
@inproceedings{bib_SAC-_2020, AUTHOR = {Mohammad Wazid, Mohammad S. Obaidat, Ashok Kumar Das, Pandi Vijayakumar}, TITLE = {SAC-FIIoT: Secure Access Control Scheme for Fog-Based Industrial Internet of Things}, BOOKTITLE = {IEEE Global Communications Conference}. YEAR = {2020}}
Industrial Internet of Things (IIoT) is a communication environment that consists of various interconnected sensing devices, instruments, and other devices connected together with industrial software tools and applications. The important applications of IIoT include industrial automation, predictive maintenance, smart logistics management, power management, smart package management and smart robotics. However, IIoT may be vulnerable to different types of attacks as the IoT smart devices communicate among each other via insecure communication means. Thus, there is an essential requirement of deployment of secure access control scheme in IIoT environment, which is one of the important security services for securing IIoT. In this paper, we propose a novel access control scheme for fog based IIoT communication, called SAC-FIIoT. We provide the details of network model as well as threat model, which are required to design SAC-FIIoT. The security analysis of SAC-FIIoT shows its resilience against various types of possible attacks. SAC-FIIoT is also compared with other related competing existing schemes and it was found that its performance is better than these competing schemes. Therefore, SAC-FIIoT is suitable for access control in a fog-based IIoT environment.
On the design of biometric-based user authentication protocol in smart city environment
Basudeb Bera,Ashok Kumar Das,WalterBalzano,Carlo Maria Medaglia
Pattern Recognition Letters, PRLJ, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {Basudeb Bera, Ashok Kumar Das, WalterBalzano, Carlo Maria Medaglia}, TITLE = {On the design of biometric-based user authentication protocol in smart city environment}, BOOKTITLE = {Pattern Recognition Letters}. YEAR = {2020}}
Among the security services, like authentication, access control, key management and intrusion detection, user authentication is very much needed for a smart city environment because an external authorized user may require the real time data to be accessed directly from the deployed Internet of Things (IoT) enabled smart devices. Using the established session key between the user and an access smart device though mutual authentication and key agreement process, the real time data can be securely accessed. To deal with this issue, we propose a new user authentication scheme in smart city environment using three factors of a legal registered user (mobile device, password and biometrics). The proposed scheme is shown to be robust against a number of potential attacks needed in an IoT-based smart city deployment. The simulation study for formal security verification using the widely-accepted “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool demonstrates that the proposed scheme is also secure. Furthermore, experiments on various cryptographic primitives have been carried out using “MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library” under both server and Raspberry PI 3 settings. Finally, a comprehensive comparative analysis shows the effectiveness and better security of the proposed scheme as compared with other state of art user authentication schemes.
Blockchain-based batch authentication protocol for Internet of Vehicles
Palak Bagga,Anil Kumar Sutrala,Ashok Kumar Das,Pandi Vijayakumar
Journal of Systems Architecture, JSA, 2020
@inproceedings{bib_Bloc_2020, AUTHOR = {Palak Bagga, Anil Kumar Sutrala, Ashok Kumar Das, Pandi Vijayakumar}, TITLE = {Blockchain-based batch authentication protocol for Internet of Vehicles}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2020}}
The vehicles in Internet of Vehicles (IoV) can be used to opportunistically gather and distribute the data in a smart city environment. However, at the same time, various security threats arise due to insecure communication happening among various entities in an IoV-based smart city deployment. To address this issue, we aim to design a novel blockchain-enabled batch authentication scheme in Artificial Intelligence (AI)-envisioned IoV-based smart city deployment. The latest trends and revolutions in technologies incorporate AI/Machine Learning (ML) in blockchaining to produce a secure, efficient and intelligent blockchain based system. The data stored in the blocks in the blockchain are authentic and genuine, which makes the AI/ML algorithms to work at their exceptions in order produce correct predictions on the blockchain data. Through the signing phase of the proposed scheme, each vehicle in a dynamically formed cluster broadcasts a message to its own member and respective road-side unit (RSU). In the proposed scheme, two types of authentication take place: vehicle to vehicle (V2V) authentication allows a vehicle to authenticate its neighbor vehicles in its cluster, while batch authentication permits a group of cluster vehicles to be authenticated by their . At the end, a group key is established among the vehicles and in their cluster. then gathers securely data from its vehicles and form several transactions including the information of vehicles and its own given information to the cluster member vehicles. The transactions are formed later by the nearby fog server associated with and then by the cloud server to form a complete block. The created blocks are mined by the cloud servers in a Peer-to-Peer (P2P) cloud server network through the voting-based Practical Byzantine Fault Tolerance (PBFT) consensus algorithm. The authentic and genuine data of the blockchain are utilized for Big data analytics through AI/ML algorithms. It is shown that the proposed scheme is highly robust against various attacks through formal and informal security analysis, and also through formal security verification tool. A detailed comparative analysis reveals that the proposed scheme achieves superior security and functionality features, and offers comparable storage, communication and computational costs as compared to other existing competing schemes. Finally, the blockchain implementation has been carried out on the proposed scheme to show its effectiveness.
Designing Blockchain-Based Access Control Protocol in IoT-Enabled Smart-Grid System
Basudeb Bera,Sourav Saha,Ashok Kumar Das,Athanasios V. Vasilakos
IEEE Internet of Things Journal, IOT, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Basudeb Bera, Sourav Saha, Ashok Kumar Das, Athanasios V. Vasilakos}, TITLE = {Designing Blockchain-Based Access Control Protocol in IoT-Enabled Smart-Grid System}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}
We design a new blockchain-based access control protocol in IoT-enabled smart-grid system, called DBACP-IoTSG. Through the proposed DBACP-IoTSG, the data is securely brought to the service providers from their respectively smart meters. The Peer-to-Peer (P2P) network is formed by the participating services providers, where the peer nodes are responsible for creating the blocks from the gathered data securely from their corresponding smart meters and adding them into the blockchain after validation of the blocks using the voting-based consensus algorithm. In our work, the blockchain is considered as private because the data collected from the consumers of the smart meters are private and confidential. By the formal security analysis under the random oracle model, non-mathematical security analysis and software-based formal security verification, DBACP-IoTSG is shown to be resistant against various attacks. We carry out the experimental results of various cryptographic primitives that are needed for comparative analysis using the widely-used Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL). A detailed comparative study reveals that DBACP-IoTSG supports more functionality features and provides better security apart from its low communication and computation costs as compared to recently proposed relevant schemes. In addition, the blockchain implementation of DBACPIoTSG has been performed to measure computational time needed for the varied number of blocks addition and also the varied number of transactions per block in the blockchain.
Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain
SEUNGHWAN SON,JOONYOUNG LEE,MYEONGHYUN KIM, SUNGJIN YU,Ashok Kumar Das,YOUNGHO PARK
IEEE Access, ACCESS, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {SEUNGHWAN SON, JOONYOUNG LEE, MYEONGHYUN KIM, SUNGJIN YU, Ashok Kumar Das, YOUNGHO PARK}, TITLE = {Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
Telecare medical information system (TMIS) implemented in wireless body area network (WBAN) is convenient and time-saving for patients and doctors. TMIS is realized using wearable devices worn by a patient, and wearable devices generate patient health data and transmit them to a server through a public channel. Unfortunately, a malicious attacker can attempt performing various attacks through such a channel. Therefore, establishing a secure authentication process between a patient and a server is essential. Moreover, wearable devices have limited storage power. Cloud computing can be considered to resolve this problem by providing a storage service in the TMIS environment. In this environment, access control of the patient health data is essential for the quality of healthcare. Furthermore, the database of the cloud server is a major target for an attacker. The attacker can try to modify, forge, or delete the stored data. To resolve these problems, we propose a secure authentication protocol for a cloud-assisted TMIS with access control using blockchain. We employ ciphertext-policy attribute-based encryption (CP-ABE) to establish access control for health data stored in the cloud server, and apply blockchain to guarantee data integrity. To prove robustness of the proposed protocol, we conduct informal analysis and Burrows-Adabi-Needham (BAN) logic analysis, and we formally validate the proposed protocol using automated validation of internet security protocols and applications (AVISPA). Consequently, we show that the proposed protocol provides more security and has better efficiency compared to related protocols. Therefore, the proposed protocol is proper for a practical TMIS environment.
AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE
Basudeb Bera,Ashok Kumar Das,Mohammad S. Obaidat,Pandi Vijayakumar,Kuei-Fang Hsiao,YoungHo Park
IEEE Consumer Electronics Magazine, CEM, 2020
@inproceedings{bib_AI-E_2020, AUTHOR = {Basudeb Bera, Ashok Kumar Das, Mohammad S. Obaidat, Pandi Vijayakumar, Kuei-Fang Hsiao, YoungHo Park}, TITLE = {AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE}, BOOKTITLE = {IEEE Consumer Electronics Magazine}. YEAR = {2020}}
In Internet of Everything (IoE), malicious attacks detection and mitigation are important issues. These issues can be resolved through an access control framework where two entities first authenticate each other prior to establish any secret key for their secure communication. The sensing data of various smart devices in an IoE environment are processed securely at the nearby fog servers and at the same time legitimate users can also access the real-time data directly from designated smart devices through access control mechanism. We first discuss various attack trends in IoE environment. After that we discuss evolution of the blockchain technology in the IoE. An Artificial Intelligence (AI)-based blockchain-envisioned access control framework for malicious attacks detection and mitigation has been suggested to secure the IoE environment. Finally, a blockchain based implementation has been conducted on the proposed blockchain-envisioned access control framework for measuring the computational time needed for varying number of blocks mined in the blockchain and also for varying number of transactions per block.
Software Defined Networking Security for Private Data Center Networks and Clouds: Vulnerabilities, Attacks, Countermeasures, and Solutions
Abdallah Mustafa Abdelrahman,Joel J. P. C. Rodrigues,Mukhtar M. E. Mahmoud,Kashif Saleem,Ashok Kumar Das,Valery Korotaev,Sergei A. Kozlov
International Journal of Communication Systems, IJCS, 2020
@inproceedings{bib_Soft_2020, AUTHOR = {Abdallah Mustafa Abdelrahman, Joel J. P. C. Rodrigues, Mukhtar M. E. Mahmoud, Kashif Saleem, Ashok Kumar Das, Valery Korotaev, Sergei A. Kozlov}, TITLE = {Software Defined Networking Security for Private Data Center Networks and Clouds: Vulnerabilities, Attacks, Countermeasures, and Solutions}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2020}}
Software‐defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data‐forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built‐in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state‐of‐the‐art SDN controllers and the available countermeasures. Furthermore, an in‐depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.
Designing Secure User Authentication Protocol for Big Data Collection in IoT-Based Intelligent Transportation System
Srinivas Jangirala,Ashok Kumar Das,Mohammad Wazid,Athanasios V. Vasilakos
IEEE Internet of Things Journal, IOT, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Srinivas Jangirala, Ashok Kumar Das, Mohammad Wazid, Athanasios V. Vasilakos}, TITLE = {Designing Secure User Authentication Protocol for Big Data Collection in IoT-Based Intelligent Transportation System}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}
Secure access of the real-time data from the IoT smart devices (e.g., vehicles) by a legitimate external party (user) is an important security service for Big Data collection in Internet of Things (IoT)-based Intelligent Transportation System (ITS). To deal with this important issue, we design a new three-factor user authentication scheme, called UAP-BCIoT, which relies on Elliptic Curve Cryptography (ECC). The mutual authentication between the user and an IoT device happens via the semi-trusted Cloud-Gateway (CG) node in UAP-BCIoT. UAP-BCIoT supports several functionality features needed for IoT-based ITS environment including IoT smart device credential validation and Big Data analytics. A detailed security analysis is conducted based on the defined threat model to show that UAP-BCIoT is resilient against many known attacks. A thorough comparative study reveals that UAP-BCIoT supports better security, offers various functionality attributes, and also provides similar costs in communication as well computation as compared to other relevant schemes Finally, the practical demonstration of the proposed UAP-BCIoT is also provided to measure its impact on the network performance parameters.
Private blockchain-based access control mechanism for unauthorized UAV detection and mitigation in Internet of Drones environment
Basudeb Bera,Ashok Kumar Das,Anil Kumar Sutrala
Computer Communications, CC, 2020
@inproceedings{bib_Priv_2020, AUTHOR = {Basudeb Bera, Ashok Kumar Das, Anil Kumar Sutrala}, TITLE = {Private blockchain-based access control mechanism for unauthorized UAV detection and mitigation in Internet of Drones environment}, BOOKTITLE = {Computer Communications}. YEAR = {2020}}
Drones, which are also known as Unmanned Aerial Vehicles (UAVs), are very useful in delivering the packages, and real-time object detection and tracking with minimal human interference. However, there may be several security threats in such an environment, for instance, a malicious user can spy unauthorized drones, transfer malicious packages, or even damage the network reliability that can have direct impact on drones control. This may lead to a potential threat for people, governments, and business sectors. To deal with these issues, in this paper, we propose a novel access control scheme for unauthorized UAV detection and mitigation in an Internet of Drones (IoD) environment, called ACSUD-IoD. With the help of the blockchain-based solution incorporated in ACSUD-IoD, the transactional data having both the normal secure data from a drone (UAV) to the Ground Station Server and the abnormal (suspected) data for detection of unauthorized UAVs by the are stored in private blockchain, that are authentic and genuine. As a result, the Big data analytics can be performed on the authenticated transactional data stored in the blockchain. Through the detailed security analysis including formal security under the broadly-accepted Real-Or-Random (ROR) model, formal security verification using the widely-applied Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and non-mathematical security analysis show the robustness of the proposed scheme against a number of potential attacks needed in an IoD environment. The testbed experiments for various cryptographic primitives using the broadly-accepted Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) have been performed under both server and Raspberry PI 3 configurations. Furthermore, a detailed comparative analysis among the proposed scheme and other existing competing schemes shows the efficacy and more robustness as compared to the existing schemes. Finally, the blockchain-based practical demonstration shows the effectiveness of the proposed scheme.
Security in 5G-Enabled Internet of Things Communication: Issues, Challenges and Future Research Roadmap
MOHAMMAD WAZID,Ashok Kumar Das,SACHIN SHETTY,PROSANTA GOPE,JOEL J. P. C. RODRIGUES
IEEE Access, ACCESS, 2020
@inproceedings{bib_Secu_2020, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, SACHIN SHETTY, PROSANTA GOPE, JOEL J. P. C. RODRIGUES}, TITLE = {Security in 5G-Enabled Internet of Things Communication: Issues, Challenges and Future Research Roadmap}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
5G mobile communication systems promote the mobile network to not only interconnect people, but also interconnect and control the machine and other devices. 5G-enabled Internet of Things (IoT) communication environment supports a wide-variety of applications, such as remote surgery, self-driving car, virtual reality, flying IoT drones, security and surveillance and many more. These applications help and assist the routine works of the community. In such communication environment, all the devices and users communicate through the Internet. Therefore, this communication agonizes from different types of security and privacy issues. It is also vulnerable to different types of possible attacks (for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, man-in-the-middle, malicious routing, and so on). It is then very crucial to protect the infrastructure of 5G-enabled IoT communication environment against these attacks. This necessitates the researchers working in this domain to propose various types of security protocols under different types of categories, like key management, user authentication/device authentication, access control/user access control and intrusion detection. In this survey paper, the details of various system models (i.e., network model and threat model) required for 5G-enabled IoT communication environment are provided. The details of security requirements and attacks possible in this communication environment are further added. The different types of security protocols are also provided. The analysis and comparison of the existing security protocols in 5G-enabled IoT communication environment are conducted. Some of the future research challenges and directions in the security of 5G-enabled IoT environment are displayed. The motivation of this work is to bring the details of different types of security protocols in 5G-enabled IoT under one roof so that the future researchers will be benefited with the conducted work.
On the Design of Blockchain-Based Access Control Protocol for IoT-Enabled Healthcare Applications
Sourav Saha,Anil Kumar Sutrala,Ashok Kumar Das,Neeraj Kumar, Joel J. P. C. Rodrigues
International Conference on Communications, ICC, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {Sourav Saha, Anil Kumar Sutrala, Ashok Kumar Das, Neeraj Kumar, Joel J. P. C. Rodrigues}, TITLE = {On the Design of Blockchain-Based Access Control Protocol for IoT-Enabled Healthcare Applications}, BOOKTITLE = {International Conference on Communications}. YEAR = {2020}}
Access control is one of the important security services that is essential for an Internet of Things (IoT)-enabled authorized user using his/her smart mobile device to authenticate with the trusted Hospital Authority (HA) in a hospital. After mutual authentication, a secret key is established among the user and HA for secure data transmission. The secure data (transactions) gathered by the HA from the users in the hospital is encrypted using a shared key among various trusted hospital authorities involved in the private blockchain network of hospitals. The HA of each hospital is responsible for constructing the blocks in the blockchain using the encrypted transactions because the data in healthcare application is treated as confidential and private. To deal with this important problem, we design a novel access control scheme using private blockchain technology. The proposed scheme is shown to be secure against various well-known attacks. Moreover, the proposed scheme provides better security and functionality features, and also requires low communication and computational costs as compared to relevant approaches.
Designing Authenticated Key Management Scheme in 6G-enabled Network in a Box Deployed for Industrial Applications
Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Mamoun Alazab
IEEE Transactions on Industrial Informatics, TII, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Neeraj Kumar, Mamoun Alazab}, TITLE = {Designing Authenticated Key Management Scheme in 6G-enabled Network in a Box Deployed for Industrial Applications}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2020}}
6G-enabled network in a box (NIB) is a multi- generational, rapidly deployable hardware and software technology for the communication. 6G-enabled NIB provides high level of flexibility which makes it capable to provide connectivity services for different types of applications as it is effective for the communications of after disaster scenario battlefields scenario and industrial scenario. In 6G-enabled NIB deployed industrial applications, various passive and active attacks are possible because the involved entities communicate over insecure channel. In this paper, a new remote user authentication and key management scheme is proposed for securing 6G-enabled NIB deployed for industrial applications, which we call in short as UAKMS-NIB. The security analysis shows the resilience of the UAKMS-NIB against various types of possible attacks. The practical demonstration of UAKMS-NIB is also provided to measure its impact on the network performance parameters.
IoV-SMAP: Secure and efficient message authentication protocol for IoV in smart city environment
SUNGJIN YU,JOONYOUNG LEE,KISUNG PARK,Ashok Kumar Das,YOUNGHO PARK
IEEE Access, ACCESS, 2020
@inproceedings{bib_IoV-_2020, AUTHOR = {SUNGJIN YU, JOONYOUNG LEE, KISUNG PARK, Ashok Kumar Das, YOUNGHO PARK}, TITLE = {IoV-SMAP: Secure and efficient message authentication protocol for IoV in smart city environment}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.
Blockchain-Enabled Certificate-Based Authentication for Vehicle Accident Detection and Notification in Intelligent Transportation Systems
Vangala Anusha,Basudeb Bera,Sourav Saha,Ashok Kumar Das,Neeraj Kumar,YoungHo Park
Sensors Journal, SJ, 2020
@inproceedings{bib_Bloc_2020, AUTHOR = {Vangala Anusha, Basudeb Bera, Sourav Saha, Ashok Kumar Das, Neeraj Kumar, YoungHo Park}, TITLE = {Blockchain-Enabled Certificate-Based Authentication for Vehicle Accident Detection and Notification in Intelligent Transportation Systems}, BOOKTITLE = {Sensors Journal}. YEAR = {2020}}
As the communications among the vehicles, theRoad-Side Units(RSU)and the Edge Servers(ES)take placevia wireless communication and the Internet, an adversary maytake the opportunity to tamper with the data communicatedamong various entities in an Internet of Vehicles (IoV) envi-ronment. Therefore, it demands secure communication amongthe involved entities in an IoV-based Intelligent TransportationSystem (ITS) deployment. In this work, we design a newblockchain-enabled certificate-based authentication scheme forvehicle accident detection and notification in ITS, called BCAS-VADN. In BCAS-VADN, through the authentication process, eachvehicle can securely notify accident related transactions to itsnearby Cluster Head(CH), if an accident is detected on roadseither by its own or neighbor vehicle(s). TheCHthen securelysends the transactions received from the vehicles to itsRSUand subsequently, these transactions are also received secretlyby theESs. TheESis responsible for preparing partial blockcontaining transactions and Merkle tree root, and a digital signa-ture on those information, and then forwarding to its associatedCloud Server(CS)in the Blockchain Center(BC)for completeblock creation, verification and addition of the block using thedesigned consensus process. Due to blockchain technology usage,it is shown that BCAS-VADN is not only secure against variouspotential attacks, but also maintains transparency, immutabilityand decentralization of the information. Furthermore, a compre-hensive comparative analysis reveals that BCAS-VADN achievesbetter security and more functionality attributes, and has lowcommunication and computational overheads as compared toother competitive authentication schemes in IoV. In addition,the practical demonstration using the blockchain technology hasbeen also provided.
Smart Secure Sensing for IoT-Based Agriculture: Blockchain Perspective
Vangala Anusha,Ashok Kumar Das,Neeraj Kumar,Mamoun Alazab
Sensors Journal, SJ, 2020
@inproceedings{bib_Smar_2020, AUTHOR = {Vangala Anusha, Ashok Kumar Das, Neeraj Kumar, Mamoun Alazab}, TITLE = {Smart Secure Sensing for IoT-Based Agriculture: Blockchain Perspective}, BOOKTITLE = {Sensors Journal}. YEAR = {2020}}
Agriculture is a vital area for the sustenance ofmankind engulfing manufacturing, security, traceability, andsustainable resource management. With the resources recedingexpeditiously, it is of utmost significance to innovate techniquesthat help in the subsistence of agriculture. The growth of Internetof Things (IoT) and Blockchain technology as two rapidlyemerging fields can ameliorate the state of food chain today. Thispaper provides a rigorous literature review to inspect the state-of-the-art development of the schemes that provide informationsecurity using blockchain technology. After identifying the corerequirements in smart agriculture, a generalized blockchain-based security architecture has been proposed. A detailed costanalysis has been conducted on the studied schemes. A meticu-lous comparative analysis uncovered the drawbacks in existingresearch. Furthermore, detailed analysis of the literature has alsorevealed the security goals towards which the research has beendirected and helped to identify new avenues for future researchusing artificial intelligence.
Designing Anonymous Signature-Based Authenticated Key Exchange Scheme forIoT-Enabled Smart Grid Systems
Jangirala Srinivas,Ashok Kumar Das,Xiong Li,Muhammad Khurram Khan, Minho Jo
IEEE Transactions on Industrial Informatics, TII, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Jangirala Srinivas, Ashok Kumar Das, Xiong Li, Muhammad Khurram Khan, Minho Jo}, TITLE = {Designing Anonymous Signature-Based Authenticated Key Exchange Scheme forIoT-Enabled Smart Grid Systems}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2020}}
Recent technological evolution in the Internet ofThings (IoT) age supports better solutions to magnify themanagement of the power quality and reliability concerns, andimposes the measures of a smart grid. In smart grid environment,a smart meter needs to securely access the services from a serviceprovider via insecure channel. However, since the communicationis via public channel, it imposes various security threats byan adversary. To deal to this, in this article we design a newanonymous signature-based authenticated key exchange schemefor IoT-enabled smart grid environment, called AAS-IoTSG.The dynamic smart meter addition phase is also permissiblein AAS-IoTSG after initial deployment. The security of AAS-IoTSG has been tested rigorously using formal security analysisunder the Real-Or-Random (ROR) model which is one of thebroadly-accepted standard random oracle models, formal secu-rity verification under the broadly-used Automated Validationof Internet Security Protocols and Applications (AVISPA) tooland also using informal security analysis. Finally, an exhaustivecomparative study unveils that AAS-IoTSG supports bettersecurity & functionality features and requires less communication& computation overheads as compared to the existing state-of-artauthentication mechanisms in smart grid systems
Cache Poisoning Prevention Scheme in 5G-enabled Vehicular Networks: A Tangle-based TheoreticalPerspective
Santosh Kumar Desai,Amit Dua,Neeraj Kumar,Ashok Kumar Das,Joel J. P. C. Rodrigues
Consumer Communications & Networking Conference, CCNC, 2020
@inproceedings{bib_Cach_2020, AUTHOR = {Santosh Kumar Desai, Amit Dua, Neeraj Kumar, Ashok Kumar Das, Joel J. P. C. Rodrigues}, TITLE = {Cache Poisoning Prevention Scheme in 5G-enabled Vehicular Networks: A Tangle-based TheoreticalPerspective}, BOOKTITLE = {Consumer Communications & Networking Conference}. YEAR = {2020}}
The modern day traffic continues to evolve in termsof scale, autonomy and access to information. Every vehiclegathers information and contributes its decisions to the globalvehicular network every second. With the advent of 5G equippeddigital communication and sophisticated algorithms are in placefor the vehicles to communicate with each other in a closelymonitored, yet decentralized network, there is a need to ensurethat no form of incorrect data be propagated without priorvalidation. There is also a requirement of maintaining cache sincethere is no centralized network where all vehicles report theiractivities and gather information from, at a required speed. Thedistribution of cache is a major hurdle both in terms of validationand propagation. Cache poisoning can occur if a malicious vehicleor a compromised vehicle intentionally or unintentionally putsincorrect data and other vehicles use that data to skew their ownfuture decisions. In this paper, we explore different methodologiesto address and combat the cache poisoning scenarios and suggestan efficient and secure scheme for validation and distribution ofcache using the Directed Acyclic Graph (DAG) based ledger,which is based on Tangle™.
Certificateless Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment
Shobhan Mandal,Basudeb Bera,Ashok Kumar Das,Kim-Kwang Raymond Choo,Youngho Park
IEEE Internet of Things Journal, IOT, 2020
@inproceedings{bib_Cert_2020, AUTHOR = {Shobhan Mandal, Basudeb Bera, Ashok Kumar Das, Kim-Kwang Raymond Choo, Youngho Park}, TITLE = {Certificateless Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}
User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless-signcryption-based user access control for the IoT environment (CSUAC-IoT). Specifically, in our scheme, a user U's password, personal biometrics, and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user (U) and a designated smart device (Si) can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells, and each cell will contain a certain number of IoT devices along with a GN. With the established session key between U and Si, both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the real-or-random (ROR) model, and demonstrate that it can resist several common attacks found in a typical IoT environment using the AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better tradeoff for security and functionality, and computational and communication costs, in comparison to five other competing approaches.
Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment
Basudeb Bera,Durbadal Chattaraj,Ashok Kumar Das
Computer Communications, CC, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Basudeb Bera, Durbadal Chattaraj, Ashok Kumar Das}, TITLE = {Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment}, BOOKTITLE = {Computer Communications}. YEAR = {2020}}
In recent years, the Internet of Drones (IoD) has emerged as an important research topic in the academy and industry because it has several potential applications ranging from the civilian to military. In IoD environment, several drones, called Unmanned Aerial Vehicles (UAVs), are deployed in different flying zones that communicate each other to exchange crucial information, and then the information are collected by the Ground Station Server . All the drones and the are registered with a central trusted authority, Control Room prior to their deployment. Since the drones and the communicate over open channel (e.g., wireless medium), there are security and privacy issues in the IoD environment. To handle such issues, in this paper we introduce a blockchain-based access control scheme in the IoD environment that allows secure communication among the drones, and also among the drones and the . Secure data gathered by the form transactions, and those transactions are made into the blocks. The blocks are finally added in the blockchain by the cloud servers connected with the via the Ripple Protocol Consensus Algorithm (RPCA) in a peer-to-peer cloud server network. Once the blocks are added into the blockchain, the transactions containing in the blocks cannot be altered, modified or even removed. We provide all sorts of security analysis including formal security under the random oracle model, informal security and simulation-based formal security verification to assure that the proposed scheme can resist various potential attacks with high probability needed in an IoD environment. In addition, a meticulous comparative analysis among the proposed scheme and other closely related existing schemes shows that our scheme offers more functionality attributes and better security, and also low communication and computation costs as compared to other schemes.
An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments
Soumya Banerjee,Vanga Odelu,Ashok Kumar Das,Samiran Chattopadhyay,Youngho Park
@inproceedings{bib_An_E_2020, AUTHOR = {Soumya Banerjee, Vanga Odelu, Ashok Kumar Das, Samiran Chattopadhyay, Youngho Park}, TITLE = {An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments}, BOOKTITLE = {Sensors}. YEAR = {2020}}
In recent years, the Internet of Things (IoT) has exploded in popularity. The smart home, as an important facet of IoT, has gained its focus for smart intelligent systems. As users communicate with smart devices over an insecure communication medium, the sensitive information exchanged among them becomes vulnerable to an adversary. Thus, there is a great thrust in developing an anonymous authentication scheme to provide secure communication for smart home environments. Most recently, an anonymous authentication scheme for smart home environments with provable security has been proposed in the literature. In this paper, we analyze the recent scheme to highlight its several vulnerabilities. We then address the security drawbacks and present a more secure and robust authentication scheme that overcomes the drawbacks found in the analyzed scheme, while incorporating its advantages too. Finally, through a detailed comparative study, we demonstrate that the proposed scheme provides significantly better security and more functionality features with comparable communication and computational overheads with similar schemes.
Designing Efficient Sinkhole Attack Detection Mechanism in Edge-Based IoT Deployment
Sumit Pundir,Mohammad Wazid,Devesh Pratap Singh,Ashok Kumar Das,Joel J. P. C. Rodrigues,Youngho Park
@inproceedings{bib_Desi_2020, AUTHOR = {Sumit Pundir, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Joel J. P. C. Rodrigues, Youngho Park}, TITLE = {Designing Efficient Sinkhole Attack Detection Mechanism in Edge-Based IoT Deployment}, BOOKTITLE = {Sensors}. YEAR = {2020}}
The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate and ruin the whole functioning of the communication. The sinkhole attacker nodes (SHAs) have some properties (for example, they first attract the other normal nodes for the shortest path to the destination and when normal nodes initiate the process of sending their packets through that path (i.e., via SHA), the attacker nodes start disrupting the traffic flow of the network). In the presence of SHAs, the destination (for example, sink node i.e., gateway/base station) does not receive the required information or it may receive partial or modified information. This results in reduction of the network performance and degradation in efficiency and reliability of the communication. In the presence of such an attack, the throughput decreases, end-to-end delay increases and packet delivery ratio decreases. Moreover, it may harm other network performance parameters. Hence, it becomes extremely essential to provide an effective and competent scheme to mitigate this attack in EIoT. In this paper, an intrusion detection scheme to protect EIoT environment against sinkhole attack is proposed, which is named as SAD-EIoT. In SAD-EIoT, the resource rich edge nodes (edge servers) perform the detection of different types of sinkhole attacker nodes with the help of exchanging messages. The practical demonstration of SAD-EIoT is also provided using the well known NS2 simulator to compute the various performance parameters. Additionally, the security analysis of SAD-EIoT is conducted to prove its resiliency against various types of SHAs. SAD-EIoT achieves around 95.83% detection rate and 1.03% false positive rate, which are considerably better than other related existing schemes. Apart from those, SAD-EIoT is proficient with respect to computation and communication costs. Eventually, SAD-EIoT will be a suitable match for those applications which can be used in critical and sensitive operations (for example, surveillance, security and monitoring systems).
SFEEC: Provably-Secure Signcryption-Based Big Data Security Framework for Energy-Efficient Computing Environment
Dharminder Dharminder,Mohammad S. Obaidat,Dheerendra Mishra,Ashok Kumar Das
IEEE Systems Journal, SYSJ, 2020
@inproceedings{bib_SFEE_2020, AUTHOR = {Dharminder Dharminder, Mohammad S. Obaidat, Dheerendra Mishra, Ashok Kumar Das}, TITLE = {SFEEC: Provably-Secure Signcryption-Based Big Data Security Framework for Energy-Efficient Computing Environment}, BOOKTITLE = {IEEE Systems Journal}. YEAR = {2020}}
Digital networks connect an increasing number of users, sensors, and devices, which communicate, access, share, and analyze data. This phenomenon of diverse data generation is recognized as Big data. While people are benefiting from the convenience added by Big data, they also meet direct threats to privacy and data security. As Big data is massive, it needs an effective security framework with energy-efficient computing environment. Signcryption technique combines both encryption and signature to present an efficient solution. To address threats to data security, chosen cipher security and chosen message security are two important attributes. This means that it is very important to design an efficient framework where we can address these issues. This article introduces an identity-based signcryption technique by combining encryption as well as signature, which provides a solution for secure and authenticated communication in the Big data environment, called SFEEC (security framework for energy-efficient computing). SFEEC fulfills the requirements of less computation and communication overheads by offering pairing-free computation at the user end. SFEEC is also proven under the “indistinguishable against chosen ciphertext” and “secure against chosen message” attacks in the standard model.
On the Design of Conditional Privacy Preserving Batch Verification-Based Authentication Scheme for Internet of Vehicles Deployment
Anil Kumar Sutrala,Palak Bagga,Ashok Kumar Das,Neeraj Kumar,Joel J. P. C. Rodrigues, Pascal Lorenz
IEEE Transactions on Vehicular Technology, TVT, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {Anil Kumar Sutrala, Palak Bagga, Ashok Kumar Das, Neeraj Kumar, Joel J. P. C. Rodrigues, Pascal Lorenz}, TITLE = {On the Design of Conditional Privacy Preserving Batch Verification-Based Authentication Scheme for Internet of Vehicles Deployment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2020}}
In the Internet of Vehicles (IoV), secure information sharing among vehicles is crucial in order to upgrade driving safety as well as to strengthen vehicular services. However, public communication among vehicles leads to various potential attacks, such as replay, man-in-the-middle, impersonation, unlinkability and traceability attacks. To address this issue, we design a new conditional privacy preserving batch verification-based authentication mechanism in the IoV environment using Elliptic Curve Cryptography (ECC) technique, where a vehicle can authenticate its neighbor vehicle and also a Road-Side Unit (RSU) can authenticate its nearby vehicles in a batch. The proposed scheme is shown to be highly secure against a passive/active adversary through various security analysis, such as random oracle based formal security, formal security verification via automated simulation tool, and also informal security analysis. An exhaustive comparative analysis reveals that the proposed scheme offers better security and functionality attributes, and comparable storage, communication and computation overheads when these are compared with the relevant schemes.
Multi-authority CP-ABE-based anonymous user access control scheme with constant-size key and ciphertext for IoT deployment
Soumya Banerjee,Sandip Roy,Vanga Odelu,Ashok Kumar Das,Samiran Chattopadhyay,Joel J. P. C. Rodrigues,Youngho Park
Journal of Information Security and Applications, JISA, 2020
@inproceedings{bib_Mult_2020, AUTHOR = {Soumya Banerjee, Sandip Roy, Vanga Odelu, Ashok Kumar Das, Samiran Chattopadhyay, Joel J. P. C. Rodrigues, Youngho Park}, TITLE = {Multi-authority CP-ABE-based anonymous user access control scheme with constant-size key and ciphertext for IoT deployment}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2020}}
With the ever-increasing rate of adoption of internet-enabled smart devices, the allure of greater integration of technologies, such as smart home, smart city, and smart grid into everyday life is undeniable. However, this trend inevitably leaves a massive amount of information and infrastructure connected to the public Internet, which exposes the data to many security threats and challenges. In this paper, we discuss the need for fine-grained user access control for IoT smart devices. The inherently distributed nature of IoT environment necessitates the support of multi-authority attribute-based encryption (ABE) for the implementation of fine-grained access control. Therefore, we present a secure fine-grained user access control scheme for data usage in the IoT environment. The proposed scheme is a three-factor user access control scheme, which supports multi-authority ABE and it is highly scalable as both the ABE key size stored in the user’s smart card and ciphertext size needed for authentication request are constant with respect to the number of attributes. Through the formal and informal security analysis, we show that the proposed scheme is secure and robust against several potential attacks required in an IoT environment. Moreover, we demonstrate that the proposed scheme performs at par or better than existing schemes while providing greater functionality features.
Designing Secure and Efficient Biometric-Based Secure Access Mechanism for Cloud Services
Gaurang Pancha,Debasis Samanta,Ashok Kumar Das,Neeraj Kumar,Kim-Kwang Raymond Choo
IEEE Transactions on Cloud Computing, TCC, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {Gaurang Pancha, Debasis Samanta, Ashok Kumar Das, Neeraj Kumar, Kim-Kwang Raymond Choo}, TITLE = {Designing Secure and Efficient Biometric-Based Secure Access Mechanism for Cloud Services}, BOOKTITLE = {IEEE Transactions on Cloud Computing}. YEAR = {2020}}
The demand for remote data storage and computation services is increasing exponentially in our data-driven society; thus, the need for secure access to such data and services. In this paper, we design a new biometric-based authentication protocol to provide secure access to a remote (cloud) server. In the proposed approach, we consider biometric data of a user as a secret credential. We then derive a unique identity from the user's biometric data, which is further used to generate the user's private key. In addition, we propose an efficient approach to generate a session key between two communicating parties using two biometric templates for a secure message transmission. In other words, there is no need to store the user's private key anywhere and the session key is generated without sharing any prior information. Extensive experiments and a comparative study demonstrate the efficiency and utility of the proposed approach.
A Smart Waste Management Solution Geared towards Citizens
Kellow Pardini,Joel J.P.C. Rodrigues ,Ousmane Diallo,Ashok Kumar Das,Victor Hugo C. de Albuquerque,Sergei A. Kozlov
@inproceedings{bib_A_Sm_2020, AUTHOR = {Kellow Pardini, Joel J.P.C. Rodrigues , Ousmane Diallo, Ashok Kumar Das, Victor Hugo C. De Albuquerque, Sergei A. Kozlov}, TITLE = {A Smart Waste Management Solution Geared towards Citizens}, BOOKTITLE = {Sensors}. YEAR = {2020}}
Global industry is undergoing major transformations with the genesis of a new paradigm known as the Internet of Things (IoT) with its underlying technologies. Many company leaders are investing more effort and money in transforming their services to capitalize on the benefits provided by the IoT. Thereby, the decision makers in public waste management do not want to be outdone, and it is challenging to provide an efficient and real-time waste management system. This paper proposes a solution (hardware, software, and communications) that aims to optimize waste management and include a citizen in the process. The system follows an IoT-based approach where the discarded waste from the smart bin is continuously monitored by sensors that inform the filling level of each compartment, in real-time. These data are stored and processed in an IoT middleware providing information for collection with optimized routes and generating important statistical data for monitoring the waste collection accurately in terms of resource management and the provided services for the community. Citizens can easily access information about the public waste bins through the Web or a mobile application. The creation of the real prototype of the smart container, the development of the waste management application and a real-scale experiment use case for evaluation, demonstration, and validation show that the proposed system can efficiently change the way people deal with their garbage and optimize economic and material resources. View Full-Text
A Tutorial and Future Research for Building a Blockchain-Based Secure Communication Scheme for Internet of Intelligent Things
MOHAMMAD WAZID,Ashok Kumar Das,SACHIN SHETTY,MINHO JO
IEEE Access, ACCESS, 2020
@inproceedings{bib_A_Tu_2020, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, SACHIN SHETTY, MINHO JO}, TITLE = {A Tutorial and Future Research for Building a Blockchain-Based Secure Communication Scheme for Internet of Intelligent Things}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
The Internet of Intelligent Things (IoIT) communication environment can be utilized in various types of applications (for example, intelligent battlefields, smart healthcare systems, the industrial internet, home automation, and many more). Communications that happen in such environments can have different types of security and privacy issues, which can be resolved through the utilization of blockchain. In this paper, we propose a tutorial that aims in desiging a generalized blockchain-based secure authentication key management scheme for the IoIT environment. Moreover, some issues with using blockchain for a communication environment are discussed as future research directions. The details of different types of blockchain are also provided. Some of the widely-accepted consensus algorithms are then discussed. Next, we discuss different types of applications in blockchain-based IoIT communication environments. The details of the associated system models are provided, such as, the network and attack models for the blockchain-based IoIT communication environment, which are helpful in designing a security protocol for such an environment. A practical demonstration of the proposed generalized scheme is provided in order to measure the impact of the scheme on the performance of the essential parameters. Finally, some of the future research challenges in the blockch
BAKMP-IoMT: Design of Blockchain Enabled Authenticated Key Management Protocol for Internet of Medical Things Deployment
NEHA GARG,MOHAMMAD WAZID,Ashok Kumar Das,DEVESH PRATAP SINGH,JOEL J. P. C. RODRIGUES,YOUNGHO PARK
IEEE Access, ACCESS, 2020
@inproceedings{bib_BAKM_2020, AUTHOR = {NEHA GARG, MOHAMMAD WAZID, Ashok Kumar Das, DEVESH PRATAP SINGH, JOEL J. P. C. RODRIGUES, YOUNGHO PARK}, TITLE = {BAKMP-IoMT: Design of Blockchain Enabled Authenticated Key Management Protocol for Internet of Medical Things Deployment}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
The Internet of Medical Things (IoMT) is a kind of connected infrastructure of smart medical devices along with software applications, health systems and services. These medical devices and applications are connected to healthcare systems through the Internet. The Wi-Fi enabled devices facilitate machine-to-machine communication and link to the cloud platforms for data storage. IoMT has the ability to make accurate diagnoses, with fewer mistakes and lower costs of care. IoMT with smartphone applications permits the patients to exchange their health related confidential and private information to the healthcare experts (i.e., doctors) for the better control of diseases, and also for tracking and preventing chronic illnesses. Due to insecure communication among the entities involved in IoMT, an attacker can tamper with the confidential and private health related information for example an attacker can not only intercept the messages, but can also modify, delete or insert malicious messages during communication. To deal this sensitive issue, we design a novel blockchain enabled authentication key agreement protocol for IoMT environment, called BAKMP-IoMT. BAKMP-IoMT provides secure key management between implantable medical devices and personal servers and between personal servers and cloud servers. The legitimate users can also access the healthcare data from the cloud servers in a secure way. The entire healthcare data is stored in a blockchain maintained by the cloud servers. A detailed formal security including the security verification of BAKMP-IoMT using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is performed to demonstrate its resilience against the different types of possible attack. The comparison of BAKMP-IoMT with relevant existing schemes is conducted which identifies that the proposed system furnishes better security and functionality, and also needs low communication and computational costs as compared to other schemes. Finally, the simulation of BAKMP-IoMT is conducted to demonstrate its impact on the performance parameters.
A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT
Mahdi Fotouhi,Majid Bayat,Ashok Kumar Das,Hossein Abdi Nasib Far,S. Morteza Pournaghi,M.A. Doostari
Computer Networks, CN, 2020
@inproceedings{bib_A_li_2020, AUTHOR = {Mahdi Fotouhi, Majid Bayat, Ashok Kumar Das, Hossein Abdi Nasib Far, S. Morteza Pournaghi, M.A. Doostari}, TITLE = {A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT}, BOOKTITLE = {Computer Networks}. YEAR = {2020}}
The widespread use of mobile devices, sensors, and wireless sensor networks and the progressive development of the Internet of Things (IoT) has motivated medical and health-care societies to employ IoT to monitor, collect data, and communicate with patients using the wireless body area networks (WBANs). The collected data will make a lot of medical diagnosis applications of WBANs, which are obtained directly from the patients’ bodies. Therefore, because of the nature of wireless networks and freely accessible data feature over the public channel, the security and privacy of WBANs is the most critical concern for those who use it for health-care purposes. Accordingly, there is a need for an authentication scheme for letting a trusted user such as doctors or clinical personnel access to the sensor’s data from patients. In this paper, we propose a new lightweight hash-chain-based and forward secure authentication scheme for wireless body area networks in health-care IoT. Our scheme is secure against various known attacks obliged for WBANs. Additionally, we perform the formal security analysis using Real-or Random (ROR) model, and informal security on the proposed scheme, also, security verification of our scheme is validated by the ProVerif tool. Besides, our scheme is simulated by the OPNET network simulator and compared with several new schemes in terms of security and performance requirements. The simulation results and comparisons confirm that the proposed scheme is suitable for WBANs, and it supports more security features compared to related schemes.
On the Design of Secure and Efficient Three-factor Authentication Protocol Using Honey List for Wireless Sensor Network
JOONYOUNG LEE,SUNGJIN YU,MYEONGHYUN KIM,YOUNGHO PARK,Ashok Kumar Das
IEEE Access, ACCESS, 2020
@inproceedings{bib_On_t_2020, AUTHOR = {JOONYOUNG LEE, SUNGJIN YU, MYEONGHYUN KIM, YOUNGHO PARK, Ashok Kumar Das}, TITLE = {On the Design of Secure and Efficient Three-factor Authentication Protocol Using Honey List for Wireless Sensor Network}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}
The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.
Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems
C.SRAVANI,Ashok Kumar Das,Prosanta Gope,Neeraj Kumar, Fan Wu,Athanasios V Vasilakos
Future Generation Computer Systems, FGCS, 2020
@inproceedings{bib_Desi_2020, AUTHOR = {C.SRAVANI, Ashok Kumar Das, Prosanta Gope, Neeraj Kumar, Fan Wu, Athanasios V Vasilakos}, TITLE = {Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2020}}
With advancements in engineering and science, the application dimensions of Cyber–Physical System (CPS) are increasing due to their improving efficiency, safety, reliability, usability and autonomy. By providing on-demand access to shared processing resources, cloud computing reduces infrastructure costs. Ensuring quality of service and information privacy and security is important in such environments. In this paper, we design a new authentication scheme related to the cloud-assisted CPS in two directions: (1) authentication between a user and a cloud server, and (2) authentication between a smart meter and a cloud server. In the former situation, any external party (user) can access the information stored in a cloud server provided that the user is legal and has the right to access information. In the later situation, a smart meter and a cloud server authentication is needed for secure communication of data stored in the cloud server. In both cases, both entities first mutually authenticate each other and only after successful authentication with the help of a trusted authority, establish a session key for their future secure communication. The proposed scheme deals with both the cases and provides high security as compared to other related works, which is shown through formal and informal security analysis. In addition, the mutual authentication using the widely-accepted Burrows–Abadi–Needham logic (BAN logic) and also formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool demonstrate further that the scheme is strong in security. Finally, the proposed scheme is shown to be efficient in terms of communication and computation costs as compared to those for other related existing schemes.
Data Security in the Smart Grid Environment
Ashok Kumar Das,Sherali Zeadally
Pathways to a Smarter Power System, PSPS, 2019
@inproceedings{bib_Data_2019, AUTHOR = {Ashok Kumar Das, Sherali Zeadally}, TITLE = {Data Security in the Smart Grid Environment}, BOOKTITLE = {Pathways to a Smarter Power System}. YEAR = {2019}}
Smart grid (SG) technology is regarded as the next generation of the power grid, which makes use of the two-way flows of electricity, as well as information, Pathways to a Smarter Power System. https://doi.org/10.1016/B978-0-08-102592-5.00013-2 © 2019 Elsevier Ltd. All rights reserved. 371 in order to build a broadly distributed automated energy delivery network. The Smart grid is a critical infrastructure that plays a critical role in the daily lives of people. Both the Smart Grid and its data must be protected from cyberattacks at all times [1, 2]. In SG, four components are present, namely sensing, control, communication, and actuation systems. The most important component of SG is the smart meter (SM), which consists of sensing and communication modules. In addition, there are service systems from the service providers (SPs), which consist of several modules for control, communication, and actuation. SMs are broadly used in homes for monitoring energy consumption in real time. Moreover, power pricing information to consumers is also provided by the SMs [3–6]. A detailed survey on SG including its applications can be found in [7–14]. In the following subsections, we now discuss the smart grid framework developed by the National Institute of Standards and Technology (NIST) and its taxonomy, based on domains and targeted research areas.
Certificate-Based Anonymous Device Access Control Scheme for IoT Environment
Saurav Malani,Jangirala Srinivas,Ashok Kumar Das,Srinathan Kannan, Minho Jo
IEEE Internet of Things Journal, IOT, 2019
@inproceedings{bib_Cert_2019, AUTHOR = {Saurav Malani, Jangirala Srinivas, Ashok Kumar Das, Srinathan Kannan, Minho Jo}, TITLE = {Certificate-Based Anonymous Device Access Control Scheme for IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2019}}
As the “Internet communications infrastructure” develops to encircle smart devices, it is very much essential for designing suitable methods for secure communications with these smart devices, in the future Internet of Things (IoT) applications context. Due to wireless communication among the IoT smart devices and the gateway node (GWN), several security threats may arise in the IoT environment, including replay,man-in-the-middle, impersonation, malicious devices deployment,and physical devices capture attacks. In this article, to mitigate such security threats, we design a new certificate-based device access control scheme in IoT environment which is not only secure against mentioned attacks, but it also preserves anonymity property. A detailed security analysis using the widely accepted real-or-random (ROR) model-based formal security analysis, informal security analysis, and also formal security verification based on the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool has been performed on the proposed scheme to show that it is secure against various known attacks. In addition, a comprehensive comparative analysis among the proposed scheme and other relevant schemes shows that a better trade off among the security and functionality attributes, communication, and computational costs is achieved for the proposed scheme as compared to other schemes.
2PBDC: Privacy-Preserving Big Data Collection in Cloud Environment
Jangirala Srinivas,Ashok Kumar Das,Joel J. P. C. Rodrigues
Journal on SuperComputing, JSC, 2019
@inproceedings{bib_2PBD_2019, AUTHOR = {Jangirala Srinivas, Ashok Kumar Das, Joel J. P. C. Rodrigues}, TITLE = {2PBDC: Privacy-Preserving Big Data Collection in Cloud Environment}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2019}}
The combination of two overlapping technologies (bigdata and cloud computing) helps easy access to the evolving applications. In this context, there is a serious requirement of ensuring the transmission of data securely in order to improve the productivity over the public channel. Since the data collected by various sources are strictly private and confidential, there is also a great requirement to deal with the privacy preservation of the bigdata. To handle this issue, a new privacy-preserving bigdata collection technique in cloud computing environment, called 2PBDC, has been designed, which allows secure communication between the bigdata gateway nodes and the cloud servers. 2PBDC is shown to be secure against various known attacks against an active/passive adversary through the formal security verification as well as informal security analysis. A detailed comparative study among 2PBDC and other existing schemes has been conducted. This study shows that 2PBDC offers a better trade-off among the security and functionality features and communication and computation overheads while these are compared with other schemes.
Design of Secure Key Management and User Authentication Scheme for Fog Computing Services
Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Athanasios V. Vasilakos
Future Generation Computer Systems, FGCS, 2019
@inproceedings{bib_Desi_2019, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Neeraj Kumar, Athanasios V. Vasilakos}, TITLE = {Design of Secure Key Management and User Authentication Scheme for Fog Computing Services}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2019}}
Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKAFC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKAFC is shown to be secure with the help of the formal security analysis using the broadly accepted RealOr-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.
Government Regulations in Cyber Security: Framework, Standards and Recommendations
Jangirala Srinivas,Ashok Kumar Das,Neeraj Kumar
Future Generation Computer Systems, FGCS, 2019
@inproceedings{bib_Gove_2019, AUTHOR = {Jangirala Srinivas, Ashok Kumar Das, Neeraj Kumar}, TITLE = {Government Regulations in Cyber Security: Framework, Standards and Recommendations}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2019}}
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information technology along with computer systems with the purpose of compelling various organizations as well as companies to protect their systems and information from cyber attacks. Several cyber attacks are possible, such as viruses, phishing, Trojan horses, worms, Denial-ofService (DoS) attacks, illegal access (e.g., stealing intellectual property or confidential information) as well as control system attacks. In this article, we focus on importance of various standards in cyber defense, and architecture of cyber security framework. We discuss the security threats, attacks and measures in cyber security. We then discuss various standardization challenges in cyber security. We also discuss about the cyber security national strategy to secure cyberspace and also various government policies in protecting the cyber security. Finally, we provide some recommendations that are critical to cyber security and cyber defense. Keywords: Cyber security, Cyber attacks, Information security, Government policies, Standards.
Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks
Prosanta Gope,Ashok Kumar Das,Neeraj Kumar,Yongqiang Cheng
IEEE Transactions on Industrial Informatics, TII, 2019
@inproceedings{bib_Ligh_2019, AUTHOR = {Prosanta Gope, Ashok Kumar Das, Neeraj Kumar, Yongqiang Cheng}, TITLE = {Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}
Industrial wireless sensor network (IWSN) is an emerging class of a generalized WSN having constraints of energy consumption, coverage, connectivity, and security. However, security and privacy is one of the major challenges in IWSN as the nodes are connected to Internet and usually located in an unattended environment with minimum human interventions. In IWSN, there is a fundamental requirement for a user to access the real-time information directly from the designated sensor nodes. This task demands to have a user authentication protocol. To satisfy this requirement, this paper proposes a lightweight and privacy-preserving mutual user authentication protocol in which only the user with a trusted device has the right to access the IWSN. Therefore, in the proposed scheme, we considered the physical layer security of the sensor nodes. We show that the proposed scheme ensures security even if a sensor node is captured by an adversary. The proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations. Security and performance analysis shows that the proposed scheme is secure, and is efficient for the resource-constrained sensing devices in IWSN.
User Authentication in a Tactile Internet Based Remote Surgery Environment: Security Issues, Challenges, and Future Research Directions
Mohammad Wazid,Ashok Kumar Das,Jong-HyoukLee
Pervasive and Mobile Computing, PMC, 2019
@inproceedings{bib_User_2019, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Jong-HyoukLee}, TITLE = {User Authentication in a Tactile Internet Based Remote Surgery Environment: Security Issues, Challenges, and Future Research Directions}, BOOKTITLE = {Pervasive and Mobile Computing}. YEAR = {2019}}
Recently, the Tactile Internet (TI) becomes a new era of the Internet. The TI provides ultra-reliable, ultra-responsive and intelligent network connectivity for delivering real-time control and physical haptic experiences from a remote location. The TI provides a different feeling to human–machine interaction by implementing the real-time interactive systems. In this review article, we discuss a generalized authentication model which can be used to perform authentication procedure among different communicating parties in order to secure remote surgery in the TI environment. By using the proposed authentication model, an authentication protocol can be designed so that an authenticated surgeon can use the robot/robotic arms to perform the surgery securely as well as remotely. Since the application is very critical, the important instructions provided by the surgeon to the robot/robotic arms must not be leaked in between the communication during the surgical procedure. To deal with this emerging research area, a secure mutual user authentication mechanism should be provided between a remote surgeon and the robot/robotic arms so that they can communicate securely using the established session key among them. Further, several security issues and challenges for such kind of communication are also discussed in this article. Finally, we discuss few points that need to be considered as future research works that are related to authentication for securing remote surgery in the TI environment.
Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment
Ashok Kumar Das,MOHAMMAD WAZID,YANNAM ANIMI REDDY,JOEL J. P. C. RODRIGUES ,YOUNGHO PARK
IEEE Access, ACCESS, 2019
@inproceedings{bib_Prov_2019, AUTHOR = {Ashok Kumar Das, MOHAMMAD WAZID, YANNAM ANIMI REDDY, JOEL J. P. C. RODRIGUES , YOUNGHO PARK}, TITLE = {Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, ‘‘node authentication’’ and ‘‘key agreement’’ are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based ‘‘lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,’’ that utilizes the elliptic curve cryptography (ECC) along with the ‘‘collision-resistant one-way cryptographic hash function.’’ Through a detailed security analysis using the formal security under the ‘‘Real-Or-Random (ROR) model,’’ informal (non-mathematical) security analysis, and formal security verification using the broadly used ‘‘Automated Validation of Internet Security Protocols and Applications (AVISPA)’’ tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the ‘‘practical demonstration using the NS2 simulation’’ has been carried out on the LACKA-IoT to measure various network parameters
A Dynamic Privacy-Preserving Key Management Protocol for V2G in Social Internet of Things
KISUNG PARK,YOUNGHO PARK,Ashok Kumar Das,SUNGJIN YU, JOONYOUNG LE,YOHAN PARK
IEEE Access, ACCESS, 2019
@inproceedings{bib_A_Dy_2019, AUTHOR = {KISUNG PARK, YOUNGHO PARK, Ashok Kumar Das, SUNGJIN YU, JOONYOUNG LE, YOHAN PARK}, TITLE = {A Dynamic Privacy-Preserving Key Management Protocol for V2G in Social Internet of Things}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
With the smart grid (SG) and the social Internet of Things (SIoT), an electric vehicle operator can use reliable, flexible, and efficient charging service with vehicle-to-grid (V2G). However, open channels can be vulnerable to various attacks by a malicious adversary. Therefore, secure mutual authentication for V2G has become essential, and numerous related protocols have been proposed. In 2018, Shen et al. proposed a privacy-preserving and lightweight key agreement protocol for V2G in SIoT to ensure security. However, we demonstrate that their protocol does not withstand impersonation, privileged-insider, and offline password guessing attacks, and it does not also guarantee secure mutual authentication, session key security, and perfect forward secrecy. Therefore, this paper proposes a dynamic privacy-preserving and lightweight key agreement protocol for V2G in SIoT to resolve the security weaknesses of Shen et al.'s protocol. The proposed protocol resists several attacks including impersonation, offline password guessing, man-in-the-middle, replay, and trace attacks, ensures anonymity, perfect forward secrecy, session key security, and secure mutual authentication. We evaluate the security of the proposed protocol using formal security analysis under the broadly-accepted real-or-random (ROR) model, secure mutual authentication proof using the widely-accepted Burrows-Abadi-Needham (BAN) logic, informal (non-mathematical) security analysis, and also the formal security verification using the broadly-accepted automated validation of Internet security protocols and applications (AVISPA) tool. We then compare computation costs, and security and functionality features of the proposed protocol with related protocols. Overall, the proposed protocol provides superior security, and it can be efficiently deployed to practical SIoT-based V2G environment.
ECCAuth: Secure Authentication Protocol for Demand Response Management in Smart Grid Systems
Neeraj Kumar,Gagangeet Singh Aujla,Ashok Kumar Das,Mauro Conti
IEEE Transactions on Industrial Informatics, TII, 2019
@inproceedings{bib_ECCA_2019, AUTHOR = {Neeraj Kumar, Gagangeet Singh Aujla, Ashok Kumar Das, Mauro Conti}, TITLE = {ECCAuth: Secure Authentication Protocol for Demand Response Management in Smart Grid Systems}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}
The devices in smart grids (SG) transfer data to a utility center (UC) or to the remote control centers. Using these data, the energy balance is maintained between consumers and the grid. However, this flow of data may be tampered by the intruders, which may result in energy imbalance. Thus, a robust authentication protocol, which supports dynamic SG device validation and UC addition, both in the local and global domains, is an essential requirement. For this reason, ECCAuth: a novel elliptic curve cryptography-based authentication protocol is proposed in this paper for preserving demand response in SG. This protocol allows establishment of a secret session key between an SG device and a UC after mutual authentication. Using this key, they can securely communicate for exchanging the sensitive information. The formal security analysis, informal security analysis, and formal security verification show that ECCAuth can withstand several known attacks
A Provably-Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment
Soumya Banerjee,Vanga Odelu,Ashok Kumar Das,Jangirala Srinivas,Neeraj Kumar,Samiran Chattopadhyay,Kim-Kwang Raymond Choo
Internet of Things Journal, IOT, 2019
@inproceedings{bib_A_Pr_2019, AUTHOR = {Soumya Banerjee, Vanga Odelu, Ashok Kumar Das, Jangirala Srinivas, Neeraj Kumar, Samiran Chattopadhyay, Kim-Kwang Raymond Choo}, TITLE = {A Provably-Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}
With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user's smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme's security using the broadly accepted real-or-random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.
AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment
Mohammad Wazid,Palak Bagga,Ashok Kumar Das,Sachin Shetty,Joel J. P. C. Rodrigues,Youngho Park
Internet of Things Journal, IOT, 2019
@inproceedings{bib_AKM-_2019, AUTHOR = {Mohammad Wazid, Palak Bagga, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park}, TITLE = {AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}
Internet of Vehicles (IoV) is an intelligent application of Internet of Things (IoT) in smart transportation that takes intelligent commitments to the passengers to improve traffic safety and efficiency, and generate a more enjoyable driving and riding environment. Fog cloud-based IoV is another variant of mobile cloud computing where vehicular cloud and Internet can co-operate in more effective way in IoV. However, more increasing dependence on wireless communication, control, and computing technology makes IoV more dangerous to prospective attacks. For secure communication among vehicles, road-side units, fog and cloud servers, we design a secure authenticated key management protocol in fog computing-based IoV deployment, called AKM-IoV. In the designed AKM-IoV, after mutual authentication between communicating entities in IoV they establish session keys for secure communications. AKM-IoV is tested for its security analysis using the formal security analysis under the widely accepted real-or-random (ROR) model, informal, and formal security verification using the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool. The practical demonstration of AKM-IoV is shown using the NS2 simulation. In addition, a detailed comparative study is conducted to show the efficiency and functionality and security features supported by AKM-IoV as compared to other existing recent protocols.
Cryptographic Technologies and Protocol Standards for Internet of Things
Sherali Zeadally,Ashok Kumar Das,Nicolas Sklavos
Internet of Things Journal, IOT, 2019
@inproceedings{bib_Cryp_2019, AUTHOR = {Sherali Zeadally, Ashok Kumar Das, Nicolas Sklavos}, TITLE = {Cryptographic Technologies and Protocol Standards for Internet of Things}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}
The Internet of Things (IoT) comprises physical/virtual networked objects that collect and exchange data with each other via the public Internet. As this exchange often takes place over public networks, many security attacks in an IoT environment are possible. First, we briefly review the security issues in the IoT environment. Next, we focus on recent cryptographic protocol standards that are in use or have been recommended for IoT devices to ensure secure communications. We also highlight the advantages and weaknesses of the several protocol standards for various IoT application scenarios including connected vehicles, health, smart home, and consumer appliances and devices. Finally, we discuss some challenges in the area of cryptographic protocol standards that still require to be addressed for IoT applications in the future.
Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things using Physically Unclonable Functions
SOUMYA BANERJEE,VANGA ODELU,Ashok Kumar Das,SAMIRAN CHATTOPADHYAY,JOEL J. P. C. RODRIGUES,YOUNGHO PARK
IEEE Access, ACCESS, 2019
@inproceedings{bib_Phys_2019, AUTHOR = {SOUMYA BANERJEE, VANGA ODELU, Ashok Kumar Das, SAMIRAN CHATTOPADHYAY, JOEL J. P. C. RODRIGUES, YOUNGHO PARK}, TITLE = {Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things using Physically Unclonable Functions}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing ‘‘cryptographic one-way hash function’’, ‘‘physically unclonable function (PUF)’’ and ‘‘bitwise exclusive-OR (XOR)’’ operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely ‘‘automated validation of internet security protocols and applications (AVISPA)’’ and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.
A lightweight privacy-preserving authenticated key exchange scheme for smart grid communications
Bayat Majid,Zahra Zare Jousheghani,Ashok Kumar Das,Pitam Singh,Saru Kumari ,Mohammad Reza Aref
International Journal of Information Security, IJIS, 2019
@inproceedings{bib_A_li_2019, AUTHOR = {Bayat Majid, Zahra Zare Jousheghani, Ashok Kumar Das, Pitam Singh, Saru Kumari , Mohammad Reza Aref}, TITLE = {A lightweight privacy-preserving authenticated key exchange scheme for smart grid communications}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2019}}
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Due to the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. We found that Mahmood et al. ’ s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted BAN logic and AVISPA tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.
Designing Secure Lightweight Blockchain-Enabled RFID-Based Authentication Protocol for Supply Chains in 5G Mobile Edge Computing Environment
Srinivas Jangirala,Ashok Kumar Das,Athanasios V. Vasilakos
IEEE Transactions on Industrial Informatics, TII, 2019
@inproceedings{bib_Desi_2019, AUTHOR = {Srinivas Jangirala, Ashok Kumar Das, Athanasios V. Vasilakos}, TITLE = {Designing Secure Lightweight Blockchain-Enabled RFID-Based Authentication Protocol for Supply Chains in 5G Mobile Edge Computing Environment}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}
Secure real-time data about goods in transit in supply chains needs bandwidth having capacity that is not fulfilled with the current infrastructure. Hence, 5G-enabled Internet of Things (IoT) in mobile edge computing is intended to substantially increase this capacity. To deal with this issue, we design a new efficient lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment, called LBRAPS. LBRAPS is based on bitwise exclusive-or (XOR), one-way cryptographic hash and bitwise rotation operations only. LBRAPS is shown to be secure against various attacks. Moreover, the simulation-based formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool assures that LBRAPS is secure. Finally, it is shown that LBRAPS has better trade-off among its security and functionality features, communication and computation costs as compared to those for existing protocols
A Mean Quantization Watermarking Scheme for Audio Signals using Singular-Value Decomposition
K. VIVEKANANDA BHAT,Ashok Kumar Das,JONG-HYOUK LEE
IEEE Access, ACCESS, 2019
@inproceedings{bib_A_Me_2019, AUTHOR = {K. VIVEKANANDA BHAT, Ashok Kumar Das, JONG-HYOUK LEE}, TITLE = {A Mean Quantization Watermarking Scheme for Audio Signals using Singular-Value Decomposition}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
Recently, research in audio watermarking technology makes it a promising tool for copyright protection of digital audio files in networked environments. In this paper, we propose a new mean quantization based watermarking mechanism for audio based on the technique due to Singular Value Decomposition (SVD). In this method, the host signal is divided into a number of two-dimensional matrix frames. The SVD is then employed to every frame, and also the Euclidean norm of the Singular Values (SVs) are calculated for every frame. The watermark is then hidden into an audio signal by quantization of the norm of the SVs. The watermark is extracted blindly using the inverse process. Both the subjective and objective tests demonstrate good imperceptibility of the watermark in the audio file. Furthermore, the experimental results show good robustness of the proposed scheme against various common audio attacks and Stirmark benchmark attacks. The false-negative error of the method is very near to zero against Stirmark and audio attacks. The proposed scheme has a high payload, and its performance is superior compared to other related watermarking methods for audio signals. Finally, the proposed method achieves better trade-offs between conflicting requirements of imperceptibility, payload, and robustness.
LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment
Mohammad Wazid,Ashok Kumar Das,Vivekananda Bhat K,Athanasios V. Vasilakos
Journal on Network and Computer Applications, JNCA, 2019
@inproceedings{bib_LAM-_2019, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Vivekananda Bhat K, Athanasios V. Vasilakos}, TITLE = {LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2019}}
Internet of Things (IoT) becomes a new era of the Internet, which consists of several connected physical smart objects (i.e., sensing devices) through the Internet. IoT has different types of applications, such as smart home, wearable devices, smart connected vehicles, industries, and smart cities. Therefore, IoT based applications become the essential parts of our day-to-day life. In a cloud-based IoT environment, cloud platform is used to store the data accessed from the IoT sensors. Such an environment is greatly scalable and it supports real-time event processing which is very important in several scenarios (i.e., IoT sensors based surveillance and monitoring). Since some applications in cloud-based IoT are very critical, the information collected and sent by IoT sensors must not be leaked during the communication. To accord with this, we design a new lightweight authentication mechanism in cloud-based IoT environment, called LAM-CIoT. By using LAM-CIoT, an authenticated user can access the data of IoT sensors remotely. LAM-CIoT applies efficient “one-way cryptographic hash functions” along with “bitwise XOR operations”. In addition, fuzzy extractor mechanism is also employed at the user's end for local biometric verification. LAM-CIoT is methodically analyzed for its security part through the formal security using the broadly-accepted “Real-Or-Random (ROR)” model, formal security verification using the widely-used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool as well as the informal security analysis. The performance analysis shows that LAM-CIoT offers better security, and low communication and computation overheads as compared to the closely related authentication schemes. Finally, LAM-CIoT is evaluated using the NS2 network simulator for the measurement of network performance parameters that envisions the impact of LAM-CIoT on the network performance of LAM-CIoT and other schemes.
LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT
Mohammad Wazid ,Ashok Kumar Das,Sachin Shetty,Joel J. P. C. Rodrigues,Youngho Park
@inproceedings{bib_LDAK_2019, AUTHOR = {Mohammad Wazid , Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park}, TITLE = {LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT}, BOOKTITLE = {Sensors}. YEAR = {2019}}
first_pagesettings Open AccessArticle LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT Deployment by Mohammad Wazid 1OrcID,Ashok Kumar Das 2OrcID,Sachin Shetty 3OrcID,Joel J. P. C. Rodrigues 4,5OrcID andYoungho Park 6,*,†OrcID 1 Department of Computer Science and Engineering, Graphic Era Deemed to be University, Dehradun 248 002, India 2 Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India 3 Virginia Modeling, Analysis and Simulation Center, Center for Cybersecurity Education and Research, Department of Computational Modeling and Simulation Engineering, Old Dominion University, Suffolk, VA 23435, USA 4 Federal University of Piauí (UFPI), 64049-550 Teresina-Pi, Brazil 5 Instituto de Telecomunicações, 1049-001 Lisbon, Portugal 6 School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea * Author to whom correspondence should be addressed. † Current address: School of Electronics Engineering, Kyungpook National University, 80 Daehak-ro, Sangyeok-dong, Buk-gu, Daegu 41566, Korea. Sensors 2019, 19(24), 5539; https://doi.org/10.3390/s19245539 Received: 19 November 2019 / Revised: 9 December 2019 / Accepted: 11 December 2019 / Published: 14 December 2019 (This article belongs to the Special Issue Security and Privacy in Wireless Sensor Network) Download PDF Browse Figures Abstract In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication is successful, they establish a session key between them for secure communication. To achieve this goal, a novel device authentication and key management mechanism for the edge based IoT environment, called the lightweight authentication and key management scheme for the edge based IoT environment (LDAKM-EIoT), was designed. The detailed security analysis and formal security verification conducted by the widely used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool prove that the proposed LDAKM-EIoT is secure against several attack vectors that exist in the infrastructure of the edge based IoT environment. The elaborated comparative analysis of the proposed LDAKM-EIoT and different closely related schemes provides evidence that LDAKM-EIoT is more secure with less communication and computation costs. Finally, the network performance parameters are calculated and analyzed using the NS2 simulation to demonstrate the practical facets of the proposed LDAKM-EIoT
IoMT Malware Detection Approaches: Analysis and Research Challenges
MOHAMMAD WAZID,Ashok Kumar Das,JOEL J. P. C. RODRIGUES,SACHIN SHETTY, YOUNGHO PARK
IEEE Access, ACCESS, 2019
@inproceedings{bib_IoMT_2019, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, JOEL J. P. C. RODRIGUES, SACHIN SHETTY, YOUNGHO PARK}, TITLE = {IoMT Malware Detection Approaches: Analysis and Research Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, privileged-insider, remote hijacking, password guessing and denial of service (DoS) attacks, and malware attacks. Among these attacks, the attacks which are performed through the malware botnet (i.e., Mirai) are the malignant attacks. The existence of malware botnets leads to attacks on confidentiality, integrity, authenticity and availability of the data and other resources of the system. In presence of such attacks, the sensitive data of IoT communication may be disclosed, altered or even may not be available to the authorized users. Therefore, it becomes essential to protect the IoT/IoMT environment from malware attacks. In this review paper, we first perform the study of various types of malware attacks, and their symptoms. We also discuss some architectures of IoT environment along with their applications. Next, a taxonomy of security protocols in IoT environment is provided. Moreover, we conduct a comparative study on various existing schemes for malware detection and prevention in IoT environment. Finally, some future research challenges and directions of malware detection in IoT/IoMT environment are highlighted.
Intrusion Detection Protocols in Wireless Sensor Networks integrated to Internet of Things Deployment: Survey and Future Challenges
SUMIT PUNDIR,MOHAMMAD WAZID,DEVESH PRATAP SINGH,Ashok Kumar Das, JOEL J. P. C. RODRIGUES,YOUNGHO PARK
IEEE Access, ACCESS, 2019
@inproceedings{bib_Intr_2019, AUTHOR = {SUMIT PUNDIR, MOHAMMAD WAZID, DEVESH PRATAP SINGH, Ashok Kumar Das, JOEL J. P. C. RODRIGUES, YOUNGHO PARK}, TITLE = {Intrusion Detection Protocols in Wireless Sensor Networks integrated to Internet of Things Deployment: Survey and Future Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}
As we all know that the technology is projected to be next to humans very soon because of its holistic growth. Now-a-days, we see a lot of applications that are making our lives comfortable such as smart cars, smart homes, smart traffic management, smart offices, smart medical consultation, smart cities, etc. All such facilities are in the reach of a common man because of the advancement in Information and Communications Technology (ICT). Because of this advancement, new computing and communication environment such as Internet of Things (IoT) came into picture. Lot of research work is in progress in IoT domain which helps for the overall development of the society and makes the lives easy and comfortable. But in the resource constrained environment of Wireless Sensor Network (WSN) and IoT, it is almost inconceivable to establish a fully secure system. As we are moving forward very fast, technology is becoming more and more vulnerable to the security threats. In future, the number of Internet connected people will be less than the smart objects so we need to prepare a robust system for keeping the above mentioned environments safe and standardized it for the smooth conduction of communication among IoT objects. In this survey paper, we provide the details of threat model applicable for the security of WSN and IoT based communications. We also discuss the security requirements and various attacks possible in WSN and IoT based communication environments. The emerging projects of WSNs integrated to IoT are also briefed. We then provide the details of different architectures of WSN and IoT based communication environments. Next, we discuss the current issues and challenges related to WSN and IoT. We also provide a critical literature survey of recent intrusion detection protocols for IoT and WSN environments along with their comparative analysis. A taxonomy of security and privacy-preservation protocols in WSN and IoT is also highlighted. Finally, we discuss some research challenges which need to be addressed in the coming future.
Mobile banking: evolution and threats: malware threats and security solutions
Mohammad Wazid,Sherali Zeadally ,Ashok Kumar Das
IEEE Consumer Electronics Magazine, CEM, 2019
@inproceedings{bib_Mobi_2019, AUTHOR = {Mohammad Wazid, Sherali Zeadally , Ashok Kumar Das}, TITLE = {Mobile banking: evolution and threats: malware threats and security solutions}, BOOKTITLE = {IEEE Consumer Electronics Magazine}. YEAR = {2019}}
Mobile banking refers to the use of a mobile device (e.g., a smartphone) to perform online banking activities, while away from the home computer, for transferring funds, monitoring account balance and bill payments, and so on. It provides a great convenience to bank customers, but it suffers from various types of attacks that are possible on the mobile banking infrastructure. We present the evolution of mobile banking and discuss the various threats associated with it as well as some of the most recent malware attacks. Finally, we include a review of recent security solutions for enabling secure mobile banking.
TCALAS: Temporal credential-based anonymous lightweight authentication scheme for Internet of drones environment
Jangirala Srinivas,Ashok Kumar Das,Neeraj Kumar,d Joel J. P. C. Rodrigues
IEEE Transactions on Vehicular Technology, TVT, 2019
@inproceedings{bib_TCAL_2019, AUTHOR = {Jangirala Srinivas, Ashok Kumar Das, Neeraj Kumar, d Joel J. P. C. Rodrigues}, TITLE = {TCALAS: Temporal credential-based anonymous lightweight authentication scheme for Internet of drones environment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2019}}
A user (external party) is interested in accessing the real-time data from some designated drones of a particular fly zone in the Internet of Drones (IoD) deployment. However, to provide this facility, the user needs to be authenticated by an accessed remote drone and vice-versa. After successful authentication both parties can establish a secret session key for the secure communication. To handle this important problem in IoD environment, we design a novel temporal credential based anonymous lightweight user authentication mechanism for IoD environment, called TCALAS. A detailed security analysis using formal security under the broadly applied real-or-random (ROR) model, formal security verification under the broadly used software verification tool, known as automated validation of internet security protocols and applications, and also informal security analysis reveal that TCALAS has the capability to resist various known attacks against passive/active adversary. In addition, a detailed comparative study has been conducted for TCALAS and other related schemes, and the study also reveals that TCALAS provides better security and functionality features, and lower costs in both computation and communication as compared to existing schemes.
A provably secure biometrics-based authenticated key agreement scheme for multi-server environments
Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Muhammad Khurram Khan,Qi Jiang,S. K. Hafizul Islam
Journal on Multimedia Tools Applications, JMTA, 2018
@inproceedings{bib_A_pr_2018, AUTHOR = {Saru Kumari, Ashok Kumar Das, Xiong Li, Fan Wu, Muhammad Khurram Khan, Qi Jiang, S. K. Hafizul Islam}, TITLE = {A provably secure biometrics-based authenticated key agreement scheme for multi-server environments}, BOOKTITLE = {Journal on Multimedia Tools Applications}. YEAR = {2018}}
An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using one-time registration. The practical realization of distribution of online services efficiently and transparently in multiple-server systems has come true by virtue of multi-server user authentication schemes. Due to distinguished properties like, difficulty to forge or copy, in-feasibility to lose or guess or forget, etc., biometrics have been widely preferred as a third authenticating factor in password and smart card based user authentication protocols. In this paper, we design a new biometrics-based multi-server authentication scheme based on trusted multiple-servers. We harness the concept of fuzzy extractor to provide the proper matching of biometric patterns. We evaluate our scheme through informal discussions on performance and also using Burrows-Abadi-Needham logic (BAN-logic) & random oracle model for formal security analysis. We also compose a comparative assessment of our scheme and the related ones. Outcome of the analysis and assessment shows our scheme an edge above many related and contemporary schemes.
Design of an Anonymity-Preserving Group Formation Based Authentication Protocol in Global Mobility Networks
SOUMYA BANERJEE,VANGA ODELU,Ashok Kumar Das,SAMIRAN CHATTOPADHYAY,Neeraj Kumar,SUDEEP TANWAR,YOUNGHO PARK
IEEE Access, ACCESS, 2018
@inproceedings{bib_Desi_2018, AUTHOR = {SOUMYA BANERJEE, VANGA ODELU, Ashok Kumar Das, SAMIRAN CHATTOPADHYAY, Neeraj Kumar, SUDEEP TANWAR, YOUNGHO PARK}, TITLE = {Design of an Anonymity-Preserving Group Formation Based Authentication Protocol in Global Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}
Remote user authentication without compromising user anonymity is an emerging area in the last few years. In this paper, we propose a new anonymity preserving mobile user authentication scheme for the global mobility networks (GLOMONETs). We also propose a new anonymity preserving group formation phase for roaming services in GLOMONETs that meets the extended anonymity requirement without compromising any standard security requirements. We provide the security analysis using the widely-accepted Burrows-Abadi-Needham logic and informal analysis for the proposed scheme to show that it is secure against possible well-known attacks, such as replay, man-in-the-middle, impersonation, privileged-insider, stolen smart card, ephemeral secret leakage, and password guessing attacks. In addition, the formal security verification with the help of the broadly accepted automated validation of internet security protocols and applications software simulation tool is tested on the proposed scheme and the simulation results confirm that the proposed scheme is safe. Moreover, the comparative study of the proposed scheme with other relevant schemes reveals that it performs well as compared to other techniques.
Provably Secure Fine-Grained Data Access Control over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications
Sandip Roy,Ashok Kumar Das,Santanu Chatterjee,Neeraj Kumar,Samiran Chattopadhyay, Joel J. P. C. Rodrigues
IEEE Transactions on Industrial Informatics, TII, 2018
@inproceedings{bib_Prov_2018, AUTHOR = {Sandip Roy, Ashok Kumar Das, Santanu Chatterjee, Neeraj Kumar, Samiran Chattopadhyay, Joel J. P. C. Rodrigues}, TITLE = {Provably Secure Fine-Grained Data Access Control over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2018}}
Mobile cloud computing (MCC) allows mobile users to have on-demand access to cloud services. A mobile cloud model helps in analyzing the information regarding the patients' records and also in extracting recommendations in healthcare applications. In MCC, a fine-grained level access control of multiserver cloud data is a prerequisite for successful execution of end-users applications. In this paper, we propose a new scheme that provides a combined approach of fine-grained access control over cloud-based multiserver data along with a provably secure mobile user authentication mechanism for the Healthcare Industry 4.0. To the best of our knowledge, the proposed scheme is the first to pursue fine-grained data access control over multiple cloud servers in a MCC environment. The proposed scheme has been validated extensively in different heterogeneous environment where its performance was found good in comparison to other existing schemes.
Cloud Centric Authentication for Wearable Healthcare Monitoring System
Srinivas Jangirala,Ashok Kumar Das, Neeraj Kumar,Joel J. P. C. Rodrigues
IEEE Transactions on Dependable and Secure Computing, TDSC, 2018
@inproceedings{bib_Clou_2018, AUTHOR = {Srinivas Jangirala, Ashok Kumar Das, Neeraj Kumar, Joel J. P. C. Rodrigues}, TITLE = {Cloud Centric Authentication for Wearable Healthcare Monitoring System}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2018}}
Security and privacy are the major concerns in cloud computing as users have limited access on the stored data at the remote locations managed by different service providers.These become more challenging especially for the data generated from the wearable devices as it is highly sensitive and heterogeneous in nature. Most of the existing techniques reported in the literature are having high computation and communication costs and are vulnerable to various known attacks, which reduce their importance for applicability in real-world environment. Hence, in this paper, we propose a new cloud based user authentication scheme for secure authentication of medical data. After successful mutual authentication between a user and wearable sensor node, both establish a secret session key that is used for future secure communications. The extensively-used Real-Or-Random (ROR) model based formal security analysis and the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool based formal security verification show that the proposed scheme provides the session-key security and protects active attacks. Theproposed scheme is also informally analyzed to show its resilience against other known attacks. Moreover, we have done a detailed comparative analysis for the communication and computation costs along with security and functionality features which proves its efficiency in comparison to the other existing schemes of its category.
A Privacy Preserving Three-Factor Authenticated Key Agreement Protocol for Client-Server Environment
Alavalapati Goutham Reddy ,Ashok Kumar Das,Vanga Odelu, Awais Ahmad,Ji Sun Shin
Journal on Ambient Intelligence and Humanized Computing, JAIHC, 2018
@inproceedings{bib_A_Pr_2018, AUTHOR = {Alavalapati Goutham Reddy , Ashok Kumar Das, Vanga Odelu, Awais Ahmad, Ji Sun Shin}, TITLE = {A Privacy Preserving Three-Factor Authenticated Key Agreement Protocol for Client-Server Environment}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}
Research has proven that accomplishing security properties while improving performance of an authentication protocol is a challenging task. Numerous authentication protocols proposed in the recent times are still behind in achieving the concrete objectives. Qi et al. and Lu et al. recently proposed two-factor authenticated key-agreement protocols for client–server architecture. This paper revisits their protocols and analyzes the shortcomings of such approaches. We also propose an improved authenticated key agreement protocol for client–server environment to defeat mentioned weaknesses of existing protocols that are discussed in related works. The rigorous security analysis using Burrows–Abadi–Needham logic, formal security verification using Real-OR-Random model, simulations using the Automated Validation of Internet Security Protocols and Applications tool, and the informal security analysis shows that the proposed protocol is secure. Additionally, we summarize the results to ensure that the proposed protocol is efficient compared to the existing related protocols.
Secure Remote User Mutual Authentication Scheme with KeyAgreement for Cloud Environment
Marimuthu Karuppiah,Ashok Kumar Das,Xiong Li,Saru Kumari,Fan Wu,Shehzad Ashraf Chaudhry,R. Niranchana
Mobile Networks and Applications, MONET, 2018
@inproceedings{bib_Secu_2018, AUTHOR = {Marimuthu Karuppiah, Ashok Kumar Das, Xiong Li, Saru Kumari, Fan Wu, Shehzad Ashraf Chaudhry, R. Niranchana}, TITLE = {Secure Remote User Mutual Authentication Scheme with KeyAgreement for Cloud Environment}, BOOKTITLE = {Mobile Networks and Applications}. YEAR = {2018}}
Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks.Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally,we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.
2PAKEP: Provably Secure and Efficient Two-party Authenticated Key Exchange Protocol for Mobile Environment
KISUNG PARK,YOUNGHO PARK, YOHAN PARK,Ashok Kumar Das
IEEE Access, ACCESS, 2018
@inproceedings{bib_2PAK_2018, AUTHOR = {KISUNG PARK, YOUNGHO PARK, YOHAN PARK, Ashok Kumar Das}, TITLE = {2PAKEP: Provably Secure and Efficient Two-party Authenticated Key Exchange Protocol for Mobile Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}
With the increasing use of mobile devices, a secure communication and key exchange become the significant security issues in mobile environments. However, because of open network envi-ronments, mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange.Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for mobile environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined above mentioned security vulnerabilities,we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications,on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEPis applicable to mobile environment efficiently.
Taxonomy and Analysis of Security Protocols for Internet of Things
Ashok Kumar Das,SheraliZeadally,Debiao He
Future Generation Computer Systems, FGCS, 2018
@inproceedings{bib_Taxo_2018, AUTHOR = {Ashok Kumar Das, SheraliZeadally, Debiao He}, TITLE = {Taxonomy and Analysis of Security Protocols for Internet of Things}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2018}}
The Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since the communication often takes place over the Internet, it is vulnerable to various security threats in an IoT environment. We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to the IoT environment. We then present a taxonomy of security protocols for the IoT environment which includes important security services such as key management, user and device authentication, access control, privacy preservation, and identity management. We also present a comparative study of recently proposed IoT-related state-of-art security protocols in terms of various security and functionality features they support. Finally, we discuss some future challenges for IoT security protocols that need to be addressed in the future.
Provably Secure Multi-Server Authentication Protocol using Fuzzy Commitment
SUBHAS BARMAN,Ashok Kumar Das,DEBASIS SAMANTA,SAMIRAN CHATTOPADHYAY,JOEL J. P. C. RODRIGUES,YOUNGHO PARK
IEEE Access, ACCESS, 2018
@inproceedings{bib_Prov_2018, AUTHOR = {SUBHAS BARMAN, Ashok Kumar Das, DEBASIS SAMANTA, SAMIRAN CHATTOPADHYAY, JOEL J. P. C. RODRIGUES, YOUNGHO PARK}, TITLE = {Provably Secure Multi-Server Authentication Protocol using Fuzzy Commitment}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}
Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the sameuser for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses,including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user’s password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the trade off among the security and functionality features and the communication and computation costs
Authentication Protocols for the Internet of Drones: Taxonomy, Analysis and Future Directions
Mohammad Wazid,Ashok Kumar Das, Jong‑Hyouk Lee
Journal on Ambient Intelligence and Humanized Computing, JAIHC, 2018
@inproceedings{bib_Auth_2018, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Jong‑Hyouk Lee}, TITLE = {Authentication Protocols for the Internet of Drones: Taxonomy, Analysis and Future Directions}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}
The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future
Secure Healthcare Data Dissemination Using Vehicle Relay Networks
Prabhjot Singh,Rasmeet Singh Bali,Neeraj Kumar,Ashok Kumar Das,Alexey Vinel,Laurence T. Yang
IEEE Internet of Things Journal, IOT, 2018
@inproceedings{bib_Secu_2018, AUTHOR = {Prabhjot Singh, Rasmeet Singh Bali, Neeraj Kumar, Ashok Kumar Das, Alexey Vinel, Laurence T. Yang}, TITLE = {Secure Healthcare Data Dissemination Using Vehicle Relay Networks}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}
In the recent years, vehicular adhoc networks (VANETs) can be an attractive choice for collecting and transferring the healthcare data of the passengers to the remote healthcare centers. In VANETs, some of the intermediate nodes may act as relay nodes in which case, these networks are called as vehicular relay networks (VRNs). However, the transmitted information in VRNs can be captured by intruders during transmission. Moreover, an attacker can launch selective forwarding, blackhole, and sinkhole attacks in the network, which may in turn degrade the network performance parameters like high end-to-end delay, low packet delivery ratio (PDR) and network throughput. Hence, to address these issues, a secure data dissemination scheme using VRNs is proposed. In the proposed scheme, first, a secure vehicular medical relay network system is designed for the users belonging to disconnected rural areas. The collected information is filtered at zonal levels before transmission to a nearby road side units, which further pass it to the incoming vehicles. Second, a secure passenger health monitoring network is designed which continuously monitors health services of the passengers traveling in different vehicles. The information collected through small body sensors installed in the vehicles act as data sets that is forwarded to the on-board monitoring unit within the vehicle. This collected data is then transmitted to centralized healthcare centers for processing by using VRNs. Lastly, a strong elliptic curve cryptography-based cryptographic solution is designed for secure communication among different vehicles. The performance of the proposed scheme is evaluated in various network scenarios with respect to different selected parameters, such as throughput, network delay, PDR, jitter, transmission and computation overheads, and key distribution overhead. The obtained results indicate that the proposed scheme provides improvement of 52% in average delay and 5% in PDR. This further indicates effective message delivery even with high mobility of the vehicles.
Authenticated key management protocol for cloud-assisted body area sensor networks
Mohammad Wazid,Ashok Kumar Das,Athanasios V.Vasilakos
Journal on Network and Computer Applications, JNCA, 2018
@inproceedings{bib_Auth_2018, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Athanasios V.Vasilakos}, TITLE = {Authenticated key management protocol for cloud-assisted body area sensor networks}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2018}}
Due to recent advances in various technologies such as integrated circuit, embedded systems and wireless communications, the wireless body area network (WBAN) becomes a propitious networking paradigm. WBANs play a very important role in modern medical systems as the real-time biomedical data through intelligent medical sensors in or around the patients' body can be collected and sent the data to remote medical personnel for clinical diagnostics. However, wireless nature of communication makes an adversary to intercept or modify the private and secret data collected by the sensors in WBANs. In critical applications of WBANs, there is a great requirement to access directly the sensing information collected by the body sensors by an external user (e.g., a doctor) in order to monitor the health condition of a patient. In order to do so, the user needs to first authenticate with the accessed body sensors, and only after mutual authentication between that user and the body sensors the real-time data can be directly accessed securely by the user. In this paper, we propose a new user authentication and key management scheme for this purpose. The proposed scheme allows mutual authentication between a user and personal server connected to WBAN via the healthcare server situated at the cloud, and once the mutual authentication is successful, both user and personal server are able to establish a secret session key for their future communication. In addition, key management process is provided for establishment of secret keys among the sensors and personal server for their secure communication. The formal security based on broadly-accepted Real-Or-Random (ROR) model and informal security give confidence that the proposed scheme can withstand several known attacks needed for WBAN security. A detailed comparative analysis among the proposed scheme and other schemes shows that the proposed scheme provides better security & functionality features, low computation and comparable communication costs as compared to recently proposed related schemes. Finally, the practical demonstration using the NS2 based simulation is shown for the proposed scheme and also for other schemes.
Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment
Ashok Kumar Das,Mohammad Wazid,Neeraj Kumar,Athanasios V. Vasilakos,Joel J. P. C. Rodrigues
IEEE Internet of Things Journal, IOT, 2018
@inproceedings{bib_Biom_2018, AUTHOR = {Ashok Kumar Das, Mohammad Wazid, Neeraj Kumar, Athanasios V. Vasilakos, Joel J. P. C. Rodrigues}, TITLE = {Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}
Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.
On the Design of a Secure Proxy Signature-based Handover Authentication Scheme for LTEWireless Networks.
Behnam Zahednejad,Majid Bayat,Ashok Kumar Das
IACR Cryptology ePrint Archive, CEA, 2018
@inproceedings{bib_On_t_2018, AUTHOR = {Behnam Zahednejad, Majid Bayat, Ashok Kumar Das}, TITLE = {On the Design of a Secure Proxy Signature-based Handover Authentication Scheme for LTEWireless Networks.}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2018}}
Designing a secure and efficient handover authentication scheme has al-ways been a concern of cellular networks especially in 4G Long Term Evolution(LTE) wireless networks. What makes their handover so complex, is the presence of different types of base stations namely eNodeB (eNB) and Home eNodeB (HeNB).In addition, they cannot directly communicate with each other. Recently, an efficient proxy signature-based handover authentication scheme has been suggested by Qui etal. Despite its better performance and security advantages than previous schemes, itsuffers serious vulnerabilities, namely being prone to DoS attack , eNB imperson-ation attack and lack of perfect forward secrecy. In this paper, we propose an im-proved handover authentication scheme in LTE wireless networks that resists against such attacks. Further, we validate the security of the proposed scheme using Real-Or-Random (ROR) model and ProVerif analysis tool. The results confirm our security claims of the proposed scheme. In addition, the performance analysis shows that compared to other schemes, our proposed scheme is more efficient.
HEAP: An Efficient and Fault-tolerant Authentication and Key Exchange Protocol for Hadoop-assisted Big Data Platform
Durbadal Chattaraj,Monalisa Sarma,Ashok Kumar Das,Neeraj Kumar,JOEL J. P. C. RODRIGUES,YOUNGHO PARK
IEEE Access, ACCESS, 2018
@inproceedings{bib_HEAP_2018, AUTHOR = {Durbadal Chattaraj, Monalisa Sarma, Ashok Kumar Das, Neeraj Kumar, JOEL J. P. C. RODRIGUES, YOUNGHO PARK}, TITLE = {HEAP: An Efficient and Fault-tolerant Authentication and Key Exchange Protocol for Hadoop-assisted Big Data Platform}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}
Hadoop framework has been evolved to manage big data in cloud. Hadoop distributedfile system and MapReduce, the vital components of this framework, provide scalable and fault-tolerantbig data storage and processing services at a lower cost. However, Hadoop does not provide any robustauthentication mechanism for principals’ authentication. In fact, the existing state-of-the-art authenticationprotocols are vulnerable to various security threats, such as man-in-the-middle, replay, password guessing,stolen-verifier, privileged-insider, identity compromization, impersonation, denial-of-service, online/off-linedictionary, chosen plaintext, workstation compromization, and server-side compromisation attacks. Besidethese threats, the state-of-the-art mechanisms lack to address the server-side data integrity and confidentialityissues. In addition to this, most of the existing authentication protocols follow a single-server-based userauthentication strategy, which, in fact, originates single point of failure and single point of vulnerabilityissues. To address these limitations, in this paper, we propose a fault-tolerant authentication protocol suitablefor the Hadoop framework, which is called the efficient authentication protocol for Hadoop (HEAP). HEAPalleviates the major issues of the existing state-of-the-art authentication mechanisms, namely operating-system-based authentication, password-based approach, and delegated token-based schemes, respectively,which are presently deployed in Hadoop. HEAP follows two-server-based authentication mechanism. HEAPauthenticates the principal based on digital signature generation and verification strategy utilizing bothadvanced encryption standard and elliptic curve cryptography. The security analysis using both the formalsecurity using the broadly accepted real-or-random (ROR) model and the informal (non-mathematical)security shows that HEAP protects several well-known attacks. In addition, the formal security verificationusing the widely used automated validation of Internet security protocols and applications ensures that HEAPis resilient against replay and man-in-the-middle attacks. Finally, the performance study contemplates thatthe overheads incurred in HEAP is reasonable and is also comparable to that of other existing state-of-the-art authentication protocols. High security along with comparable overheads makes HEAP to be robust andpractical for a secure access to the big data storage and processing services.
Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment
Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Athanasios V. Vasilakos,Joel J. P. C. Rodrigues
IEEE Internet of Things Journal, IOT, 2018
@inproceedings{bib_Desi_2018, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Neeraj Kumar, Athanasios V. Vasilakos, Joel J. P. C. Rodrigues}, TITLE = {Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}
The Internet of Drones (IoD) provides a coordinated access to unmanned aerial vehicles that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely accepted NS2 simulation.
Authentication in cloud-driven IoT-based big data environment: Survey and outlook
Mohammad Wazid,Ashok Kumar Das,Rasheed Hussain,Giancarlo Succi,Joel J.P.C. Rodrigues
Journal of Systems Architecture, JSA, 2018
@inproceedings{bib_Auth_2018, AUTHOR = {Mohammad Wazid, Ashok Kumar Das, Rasheed Hussain, Giancarlo Succi, Joel J.P.C. Rodrigues}, TITLE = {Authentication in cloud-driven IoT-based big data environment: Survey and outlook}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2018}}
The Internet of Things (IoT) is composed of different networked objects (i.e., smart devices) which are interconnected to gather, process, refine, and exchange meaningful data over the Internet. These objects are assigned to their respective IP addresses, and they are able to send and receive data over a network without any human assistance. IoT offers different types of applications, such as, but not limited to, smart traffic monitoring, smart home, smart health care and smart cities, to name a few. In a Cyber-Physical System (CPS), computing elements coordinate and communicate with sensor devices, which monitor cyber and physical indicators, and actuators, and also modify the cyber and physical environment where they run. The synergy of computational as well as physical components, specifically the use of CPSs, led to the advancement of IoT implementations. In a cloud-driven IoT-based big data environment, a cloud-based platform is used to store the data generated by IoT devices (normally by sensor devices) which further can be considered as a big data warehouse. This environment is highly scalable and provides important real-time event processing (for example, in critical scenarios like surveillance and monitoring of an industrial plant). In IoT-based critical applications, the real-time data access is obligatory as and when it is required. Such access is possible if we permit only authorized external users to access the real-time data directly from the IoT sensors. Sometimes authorized user may also request for big data query processing and big data analytics over the data stored in cloud servers to figure out hidden patterns of some phenomena (i.e., chances of fire in an industrial plant in future). Therefore, we need secure authentication schemes for cloud-driven IoT-based big data environment in which a legitimate user and an IoT sensor can mutually authenticate each other and establish a common session key for secure communication. In this context, this paper first discusses the network and threat models of the authentication schemes for cloud-driven IoT-based big data environment. Some security requirements, issues and challenges of this environment are then discussed. A taxonomy of various existing authentication schemes applicable for cloud-driven IoT-based big data environment is also discussed, which covers a comparative study of these schemes. We identify and briefly discuss some future research challenges in designing the authentication schemes and other security protocols for cloud-driven IoT-based big data environment that need to be addressed in the future.
SecSVA: secure storage, verification, and auditing of big data in the cloud environment
Gagangeet Singh Aujla, Rajat Chaudhary,Neeraj Kumar,Ashok Kumar Das, Joel J. P. C. Rodrigues
IEEE Communications Magzine, CM, 2018
@inproceedings{bib_SecS_2018, AUTHOR = {Gagangeet Singh Aujla, Rajat Chaudhary, Neeraj Kumar, Ashok Kumar Das, Joel J. P. C. Rodrigues }, TITLE = {SecSVA: secure storage, verification, and auditing of big data in the cloud environment}, BOOKTITLE = {IEEE Communications Magzine}. YEAR = {2018}}
With the widespread popularity of Internet-enabled devices, there is an exponential increase in the information sharing among different geographically located smart devices. These smart devices may be heterogeneous in nature and may use different communication protocols for information sharing among themselves. Moreover, the data shared may also change with respect to various Vs (volume, velocity, variety, and value) to categorize it as big data. However, as these devices communicate with each other using an open channel, the Internet, there is a higher chance of information leakage during communication. Most of the existing solutions reported in the literature ignore these facts. Keeping focus on these points, in this article, we propose secure storage, verification, and auditing (SecSVA) of big data in cloud environment. SecSVA includes the following modules: an attribute-based secure data deduplication framework for data storage on the cloud, Kerberos-based identity verification and authentication, and Merkle hash-tree-based trusted third-party auditing on cloud. From the analysis, it is clear that SecSVA can provide secure third party auditing with integrity preservation across multiple domains in the cloud environment.
Providing healthcare-as-a-service using fuzzy rule based big data analytics in cloud computing
Anish Jindal,Amit Dua,Neeraj Kumar,Ashok Kumar Das,Athanasios V. Vasilakos,Joel J. P. C. Rodrigues
IEEE Journal of Biomedical and Health Informatics, JBioHI, 2018
@inproceedings{bib_Prov_2018, AUTHOR = {Anish Jindal, Amit Dua, Neeraj Kumar, Ashok Kumar Das, Athanasios V. Vasilakos, Joel J. P. C. Rodrigues}, TITLE = {Providing healthcare-as-a-service using fuzzy rule based big data analytics in cloud computing}, BOOKTITLE = {IEEE Journal of Biomedical and Health Informatics}. YEAR = {2018}}
With advancements in information and communication technology, there is a steep increase in the remote healthcare applications in which patients can get treatment from the remote places also. The data collected about the patients by remote healthcare applications constitute big data because it varies with volume, velocity, variety, veracity, and value. To process such a large collection of heterogeneous data is one of the biggest challenges which requires a specialized approach. To address this challenge, a new fuzzy rule based classifier is presented in this paper with an aim to provide Healthcare-as-a-Service. The proposed scheme is based upon the initial cluster formation, retrieval, and processing of the big data in cloud environment. Then, a fuzzy rule based classifier is designed for efficient decision making for data classification in the proposed scheme. To perform inferencing from the collected data, membership functions are designed for fuzzification and defuzzification processes. The proposed scheme is evaluated on various evaluation metrics, such as average response time, accuracy, computation cost, classification time, and false positive ratio. The results obtained confirm the effectiveness of the proposed scheme with respect to various performance evaluation metrics in cloud computing environment.
A new two-server authentication and key agreement protocol for accessing secure cloud services
Durbadal Chattaraj,Monalisa Sarma,Ashok Kumar Das
Computer Networks, CN, 2018
@inproceedings{bib_A_ne_2018, AUTHOR = {Durbadal Chattaraj, Monalisa Sarma, Ashok Kumar Das}, TITLE = {A new two-server authentication and key agreement protocol for accessing secure cloud services}, BOOKTITLE = {Computer Networks}. YEAR = {2018}}
Emerging Cloud computing paradigm came up with the on-demand ubiquitous service sharing facility via the Internet. In this synergy, the cloud service providers provide various services, namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) to their clients. In such a provision, both the end parties demand proper auditing so that the resources can be legitimately utilized, and meanwhile the privacy is also preserved. In order to achieve this goal, there is a need for designing an efficient and robust authentication mechanism. Though other existing authentication protocols, such as Kerberos, Open Authorization (OAuth) and OpenID are proposed in the literature, they are vulnerable to various security threats such as replay, online dictionary, offline dictionary, stolen-verifier, impersonation, denial-of-service, privileged-insider and man-in-the-middle attacks. In this paper, we aim to propose an authentication protocol which overcomes these security loopholes in the existing protocols. In the proposed protocol, a new dynamic password-based two-server authentication and key exchange mechanism is proposed with the help of both public and private key cryptography. Moreover, to achieve strong user anonymity property, a new multi-factor authentication scheme with identity preservation has been also introduced. The security analysis using both the formal security using the broadly-accepted Real-Or-Random (ROR) model and the informal security show that the proposed protocol protects several well-known attacks. In addition, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) ensures that the scheme is resilient against replay as well as man-in-the-middle attacks. Finally, the performance study contemplates that the overheads incurred in the protocol is reasonable and comparable to that of other existing state-of-art authentication protocols. High security along with comparable overheads make the proposed protocol to be robust and practical for a secure access to the cloud services.
A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers
Saru Kumari,Marimuthu Karuppiah,Ashok Kumar Das,Xiong Li,Fan Wu,Neeraj Kumar
Journal on SuperComputing, JSC, 2018
@inproceedings{bib_A_se_2018, AUTHOR = {Saru Kumari, Marimuthu Karuppiah, Ashok Kumar Das, Xiong Li, Fan Wu, Neeraj Kumar}, TITLE = {A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2018}}
The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.
LaCSys: Lattice-based cryptosystem for secure communication in smart grid environment
Rajat Chaudhary,Gagangeet Singh Aujla,Neeraj Kumar,Ashok Kumar Das,Neetesh Saxena,Joel J.P.C. Rodrigues
International Conference on Communications, ICC, 2018
@inproceedings{bib_LaCS_2018, AUTHOR = {Rajat Chaudhary, Gagangeet Singh Aujla, Neeraj Kumar, Ashok Kumar Das, Neetesh Saxena, Joel J.P.C. Rodrigues}, TITLE = {LaCSys: Lattice-based cryptosystem for secure communication in smart grid environment}, BOOKTITLE = {International Conference on Communications}. YEAR = {2018}}
Smart grid (SG) is a modernized power grid that uses information and communication technologies for bidirectional flow of information between the power utilities and the consumers. Nowadays, the focus of SG has shifted towards intelligent processing and control of various operations in order to provide high quality of experience to the end users domain (consumers, smart devices, utility, etc). Therefore, in near future, for smooth execution of various operations in SG, high volume of data is expected to move across different inter-connected smart devices. So, to handle this challenge, a self-configurable network technology known as software-defined networking (SDN)that provides faster and dynamic forwarding of data through adaptable flow-table management is a viable solution. However, in SDN- enabled SG systems, security and privacy are major challenges that need to be handled effectively. So, in this paper, a lattice-based cryptosystem for secure communication in SG environment, called LaCSys, is presented which works in three phases. In first phase, a secure authentication between all the network communication entities based on lattice based key exchange scheme is designed using a third party auditor (TPA). In second phase, a lightweight lattice-based public-key encryption scheme is designed to provide data confidentiality and integrity. In last phase, a temporary key-based scheme for detection of suspicious activity is designed. The proposed crytosystem is evaluated and compared with existing scheme in order to prove its effectiveness
Design of a secure anonymity‑preserving authentication scheme for session initiation protocol using elliptic curve cryptography
Saru Kumari,Marimuthu Karuppiah,Ashok Kumar Das,Xiong Li, Fan Wu,Vidushi Gupta
Journal on Ambient Intelligence and Humanized Computing, JAIHC, 2018
@inproceedings{bib_Desi_2018, AUTHOR = {Saru Kumari, Marimuthu Karuppiah, Ashok Kumar Das, Xiong Li, Fan Wu, Vidushi Gupta}, TITLE = {Design of a secure anonymity‑preserving authentication scheme for session initiation protocol using elliptic curve cryptography}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}
The session initiation protocol (SIP) is a signaling protocol which is used to controlling communication in the Internet. It is also used for initiating, terminating and maintaining the sessions. A strong authentication scheme plays a pivotal role in safeguarding communications over the Internet. In order to ensure the secure communication, several authentication schemes have been proposed for SIP in the literature. Recently, Lu et al. proposed an authentication scheme for SIP-based communications and proved that their scheme can resist various network attacks. In this paper, we show that their scheme is susceptible to the user and server impersonation attacks. Also, their scheme fails to achieve user anonymity and mutual authentication. Hence, there is a need to propose a secure ECC-based authentication scheme with user anonymity for SIP to overcome the shortcomings of Lu et al.’s scheme. Security analysis shows that the proposed scheme is able to fix the flaws found in Lu et al.’s scheme. In addition to informal security discussions, we give formal security analysis of the proposed scheme under the generic group model of cryptography. Performance analysis also shows that the proposed scheme is suitable for SIP based communication
An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks
C.SRAVANI,Ashok Kumar Das,Vanga Odelu,Neeraj Kumar,Saru Kumari,Muhammad Khurram Khan,Athanasios V. Vasilakos
Computers & Electrical Engineering, CEEng, 2018
@inproceedings{bib_An_e_2018, AUTHOR = {C.SRAVANI, Ashok Kumar Das, Vanga Odelu, Neeraj Kumar, Saru Kumari, Muhammad Khurram Khan, Athanasios V. Vasilakos}, TITLE = {An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2018}}
We first show the security limitations of a recent user authentication scheme proposed for wireless healthcare sensor networks. We then present a provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. The proposed scheme supports functionality features, such as dynamic sensor node addition, password as well as biometrics update, smart card revocation along with other usual features required for user authentication in wireless sensor networks. Our scheme is shown to be secure through the rigorous formal security analysis under the Real-Or-Random (ROR) model and broadly-accepted Burrows-Abadi-Needham (BAN) logic. Furthermore, the simulation through the widely-known Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that our scheme is also secure. High security, and low communication and computation costs make our scheme more suitable for practical application in healthcare applications as compared to other related existing schemes
Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things
Srinivas Jangirala,Ashok Kumar Das,Mohammad Wazid,Neeraj Kumar
IEEE Transactions on Dependable and Secure Computing, TDSC, 2018
@inproceedings{bib_Anon_2018, AUTHOR = {Srinivas Jangirala, Ashok Kumar Das, Mohammad Wazid, Neeraj Kumar}, TITLE = {Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2018}}
With an exponential increase in the popularity of Internet, the real-time data collected by various smart sensing devices can be analyzed remotely by a remote user (e.g., a manager) in the Industrial Internet of Things (IIoT). However, in the IIoT environment, the gathered real-time data is transmitted over the public channel, which raises the issues of security and privacy in this environment. Therefore, to protect illegal access by an adversary, user authentication mechanism is one of the promising security solutions in the IIoT environment. To achieve this goal, we propose a new user authenticated key agreement scheme in which only authorized users can access the services from the designated IoT sensing devices installed in the IIoT environment. In the proposed scheme, fuzzy extractor technique is used for biometric verification. Moreover, three factors, namely smart card, password and personal biometrics of a legal registered user are applied in the proposed scheme to increase the level of security in the system. The proposed scheme supports new devices addition after initial deployment of the devices, password/biometric change phase and also smart card revocation phase in case the smart card is lost or stolen by an adversary. In addition, the proposed scheme is lightweight in nature. We carry out the formal security analysis using the broadly accepted Real-Or-Random (ROR) model and also the non-mathematical (informal) security analysis on the proposed scheme. Furthermore, the formal security verification using the popularly-used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool is carried out on the proposed scheme. The detailed security analysis assures that the proposed scheme can withstand several well-known attacks in the IIoT environment. A practical demonstration using the NS2 simulation study is also performed for the proposed scheme and other related existing schemes. Also, a detailed comparative study shows that the proposed scheme is efficient, and provides superior security in comparison to the other schemes.
A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications
Fan Wu, Lili Xu, Saru Kumari,Xiong Li,Ashok Kumar Das, Jian Shen
Journal on Ambient Intelligence and Humanized Computing, JAIHC, 2018
@inproceedings{bib_A_li_2018, AUTHOR = {Fan Wu, Lili Xu, Saru Kumari, Xiong Li, Ashok Kumar Das, Jian Shen}, TITLE = {A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}
As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.
Attribute-based authentication on the cloud for thin clients
Maged Hamada Ibrahim,Saru Kumari,Ashok Kumar Das,Vanga Odelu
Journal on SuperComputing, JSC, 2018
@inproceedings{bib_Attr_2018, AUTHOR = {Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Vanga Odelu}, TITLE = {Attribute-based authentication on the cloud for thin clients}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2018}}
We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.
A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks
Vanga Odelu,Sherali Zeadally,Ashok Kumar Das,Mohammad Wazid,Debiao He
Telecommunication Systems, TCSys, 2018
@inproceedings{bib_A_se_2018, AUTHOR = {Vanga Odelu, Sherali Zeadally, Ashok Kumar Das, Mohammad Wazid, Debiao He}, TITLE = {A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks}, BOOKTITLE = {Telecommunication Systems}. YEAR = {2018}}
The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SKsecurity along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.
Demand Response Management Using Lattice-Based Cryptography in Smart Grids
Santosh Kumar Desai,Amit Dua,Neeraj Kumar,Ashok Kumar Das,Joel J. P. C. Rodrigues
IEEE Global Communications Conference, GLOBECOM, 2018
@inproceedings{bib_Dema_2018, AUTHOR = {Santosh Kumar Desai, Amit Dua, Neeraj Kumar, Ashok Kumar Das, Joel J. P. C. Rodrigues}, TITLE = {Demand Response Management Using Lattice-Based Cryptography in Smart Grids}, BOOKTITLE = {IEEE Global Communications Conference}. YEAR = {2018}}
The prolonged usage of non-renewable resources like petroleum and coal have adverse affect on the environment and has led to energy crisis in the world. In order to mitigate the situation, efficient strategies have been proposed for generation, distribution and consumption of energy obtained from renewable sources such as tidal, wind and solar power. With the advent of Smart Grids being developed world wide, the most widely accepted strategy is Demand-Response management. In this strategy, the customers or end-users are incentivized to change their energy-utility behavior with time in response to fluid price changes or to induce lower energy consumption during peak demand time. The system is controlled by a cloud of servers that monitor the demand- supply chain over a network all the time. This brings up the issue of security within the operations of the system. Current security mechanisms such as Rivest-Shamir-Alderman (RSA) public key encryption, Advanced Encryption Standard (AES) symmetric encryption, Elliptic Curve Cryptography (ECC) public-key cryptosytem and the recently proposed works are not future- proof in the world of post-quantum cryptography. This paper proposes a lattice based cryptographic scheme to ensure proper security in the system. The proposed scheme has been proven secure against major known attacks
Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications
C.SRAVANI,MOHAMMAD WAZID,Ashok Kumar Das,NEERAJ KUMAR,ALAVALAPATI GOUTHAM REDDY,EUN-JUN YOON,KEE-YOUNG YOO
IEEE Access, ACCESS, 2017
@inproceedings{bib_Secu_2017, AUTHOR = {C.SRAVANI, MOHAMMAD WAZID, Ashok Kumar Das, NEERAJ KUMAR, ALAVALAPATI GOUTHAM REDDY, EUN-JUN YOON, KEE-YOUNG YOO}, TITLE = {Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. These devices can be remotely accessed and controlled using existing network infrastructure, thus allowing a direct integration of computing systems with the physical world. This also reduces human involvement along with improving accuracy and efficiency, resulting in economic benefit. The devices in IoT facilitate the day-to-day life of people. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between user and devices happens. In this paper, we present a new signature-based authenticated key establishment scheme for the IoT environment. The proposed scheme is tested for security with the help of the widely used Burrows-Abadi-Needham logic, informal security analysis, and also the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool. The proposed scheme is also implemented using the widely accepted NS2 simulator, and the simulation results demonstrate the practicability of the scheme. Finally, the proposed scheme provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.
Lightweight authentication protocols for wearable devices
Ashok Kumar Das,Sherali Zeadally,MOHAMMAD WAZID
Computers & Electrical Engineering, CEEng, 2017
@inproceedings{bib_Ligh_2017, AUTHOR = {Ashok Kumar Das, Sherali Zeadally, MOHAMMAD WAZID}, TITLE = {Lightweight authentication protocols for wearable devices}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2017}}
In the wearable communication environment, wearable devices are used for various applications including fitbit flex tracks steps, sleep cycles, workout stats, and recording health-related sensitive information. The decreasing costs and increasing performance of Information Communication Technologies (ICTs) have made wearable devices more cost effective. Different types of wearable devices are being used today by citizens to improve their health and lifestyle. However, the data (such as health-related or movement data) generated from the user’s daily activities is often private and therefore, ensuring the security and privacy of this data is important. First, we present some emerging trends of wearable devices followed by a discussion of the main security and functionality requirements along with the threats to the wearable communication environment. We then present a review of some of the recently proposed lightweight authentication protocols for wearable devices based on performance metrics such as computation cost and communication cost. We also compare these authentication protocols in terms of various security features they support. Finally, we discuss some future challenges in the area of security protocols for wearable devices that need to be addressed in the future.
Provably Secure and Efficient Authentication Protocol for Roaming Service in Global Mobility Networks
KISUNG PARK,YOUNGHO PARK,YOHAN PARK,ALAVALAPATI GOUTHAM REDDY,Ashok Kumar Das
IEEE Access, ACCESS, 2017
@inproceedings{bib_Prov_2017, AUTHOR = {KISUNG PARK, YOUNGHO PARK, YOHAN PARK, ALAVALAPATI GOUTHAM REDDY, Ashok Kumar Das}, TITLE = {Provably Secure and Efficient Authentication Protocol for Roaming Service in Global Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
In global mobility networks, a mobile user can access roaming services using a mobile device at anytime and anywhere. However, mobile users can be vulnerable to various attacks by adversaries, because the roaming services are provided through public network. Therefore, an anonymous mobile user authentication for roaming services is an essential security issue in global mobility networks. Recently, Lee et al. pointed out the security weaknesses of a previous scheme and proposed an advanced secure anonymous authentication scheme for roaming services in global mobility networks. However, we found that the scheme proposed by Lee et al. is vulnerable to password guessing and user impersonation attacks, and that it cannot provide perfect forward secrecy and secure password altered phase. In this paper, to overcome the security weaknesses of the scheme proposed by Lee et al., we propose an improved secure anonymous authentication scheme using shared secret keys between home agent and foreign agent. In addition, we analyze the security of our proposed scheme against various attacks and prove that it provides secure mutual authentication using Burrows–Abadi–Needham logic. In addition, the formal security analysis using the broadly-accepted real-or-random (ROR) random oracle model and the formal security verification using the widely accepted automated validation of the Internet security protocols and applications tool show that the proposed scheme provides the session key security and protection against replay as well as man-in-themiddle attacks, respectively. Finally, we compare the performance of the proposed scheme with the related schemes, and the results show that the proposed scheme provides better security and comparable efficiency as compared with those for the existing schemes.
Design of Secure User Authenticated Key Management Protocol for Generic IoT Network
MOHAMMAD WAZID,Ashok Kumar Das,Vanga Odelu,Neeraj Kumar,Mauro Conti,Minho Jo
IEEE Internet of Things Journal, IOT, 2017
@inproceedings{bib_Desi_2017, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Vanga Odelu, Neeraj Kumar, Mauro Conti, Minho Jo}, TITLE = {Design of Secure User Authenticated Key Management Protocol for Generic IoT Network}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}
In recent years, the research in generic Internet of Things (IoT) attracts a lot of practical applications including smart home, smart city, smart grid, industrial Internet, connected healthcare, smart retail, smart supply chain and smart farming. The hierarchical IoT network (HIoTN) is a special kind of the generic IoT network, which is composed of the different nodes, such as the gateway node, cluster head nodes, and sensing nodes organized in a hierarchy. In HIoTN, there is a need, where a user can directly access the real-time data from the sensing nodes for a particular application in generic IoT networking environment. This paper emphasizes on the design of a new secure lightweight three-factor remote user authentication scheme for HIoTNs, called the user authenticated key management protocol (UAKMP). The three factors used in UAKMP are the user smart card, password, and personal biometrics. The security of the scheme is thoroughly analyzed under the formal security in the widely accepted real-or-random model, the informal security as well as the formal security verification using the widely accepted automated validation of Internet security protocols and applications tool. UAKMP offers several functionality features including offline sensing node registration, freely password and biometric update facility, user anonymity, and sensing node anonymity compared to other related existing schemes. In addition, UAKMP is also comparable in computation and communication costs as compared to other existing schemes.
On the Design of Secure User Authenticated Key Management Scheme for Multi-Gateway Based Wireless Sensor Networks using ECC
ANIL KUMAR SUTRALA,Ashok Kumar Das,Neeraj Kumar,Alavalapati Goutham Reddy,Athanasios V. Vasilakos,Joel J. P. C. Rodrigues
International Journal of Communication Systems, IJCS, 2017
@inproceedings{bib_On_t_2017, AUTHOR = {ANIL KUMAR SUTRALA, Ashok Kumar Das, Neeraj Kumar, Alavalapati Goutham Reddy, Athanasios V. Vasilakos, Joel J. P. C. Rodrigues}, TITLE = {On the Design of Secure User Authenticated Key Management Scheme for Multi-Gateway Based Wireless Sensor Networks using ECC}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2017}}
In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.
Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment
ALAVALAPATI GOUTHAM REDDY,EUN-JUN YOON,Ashok Kumar Das,VANGA ODELU, KEE-YOUNG YOO
IEEE Access, ACCESS, 2017
@inproceedings{bib_Desi_2017, AUTHOR = {ALAVALAPATI GOUTHAM REDDY, EUN-JUN YOON, Ashok Kumar Das, VANGA ODELU, KEE-YOUNG YOO}, TITLE = {Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment during the past decade. Wang et al. recently proposed a biometric-based authentication with key agreement protocol for multi-server environment and claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper shows that Wang et al. protocol's users are sharing personal identifiable information with the application servers during the registration and authentication process. This nature of disclosing credentials leads to severe threats particularly insider attacks, user impersonation attacks, and server impersonation attacks. As a remedy of the aforementioned problems, this paper proposes a novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography. We prove that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows-Abadi-Needham logic. The formal security of the proposed protocol is verified using the widely accepted automated validation of Internet security protocols and applications tool to show that our protocol can withstand active and passive attacks including the replay and man-in-the-middle attacks. The proposed protocol is robust and efficient compared with the existing related protocols.
Expressive CP-ABE Scheme for Mobile Devices in IoT satisfying Constant-size Keys and Ciphertexts
VANGA ODELU,Ashok Kumar Das,MUHAMMAD KHURRAM KHAN,KIM-KWANG RAYMOND CHOO,MINHO JO
IEEE Access, ACCESS, 2017
@inproceedings{bib_Expr_2017, AUTHOR = {VANGA ODELU, Ashok Kumar Das, MUHAMMAD KHURRAM KHAN, KIM-KWANG RAYMOND CHOO, MINHO JO}, TITLE = {Expressive CP-ABE Scheme for Mobile Devices in IoT satisfying Constant-size Keys and Ciphertexts}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertextpolicy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can ‘‘write’’ the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has O(1) timecomplexity for each decryption and encryption. Our scheme is then shown to be secure against a chosenciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.
Provably secure authenticated key agreement scheme for distributed mobile cloud computing services
Ashok Kumar Das,Vanga Odelu, Saru Kumari,Xinyi Huang,MOHAMMAD WAZID
Future Generation Computer Systems, FGCS, 2017
@inproceedings{bib_Prov_2017, AUTHOR = {Ashok Kumar Das, Vanga Odelu, Saru Kumari, Xinyi Huang, MOHAMMAD WAZID}, TITLE = {Provably secure authenticated key agreement scheme for distributed mobile cloud computing services}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2017}}
With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.
Design of a provably secure biometrics-based multi-cloud-server authentication scheme
Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Kim-Kwang Raymond Choo,Jian Shen
Future Generation Computer Systems, FGCS, 2017
@inproceedings{bib_Desi_2017, AUTHOR = {Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Kim-Kwang Raymond Choo, Jian Shen}, TITLE = {Design of a provably secure biometrics-based multi-cloud-server authentication scheme}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2017}}
Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user’s privacy. A viable solution is user authentication set-up for multi-cloud-server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-server up on registration with a registration authority. Biometrics is a widely used authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based authentication scheme for multi-cloud-server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.
On the design of fine grained access control with user authentication scheme for telecare medicine information systems
SANTANU CHATTERJEE,SANDIP ROY,Ashok Kumar Das,SAMIRAN CHATTOPADHYA, NEERAJ KUMAR,ALAVALAPATI GOUTHAM REDDY,KISUNG PARK,YOUNGHO PARK
IEEE Access, ACCESS, 2017
@inproceedings{bib_On_t_2017, AUTHOR = {SANTANU CHATTERJEE, SANDIP ROY, Ashok Kumar Das, SAMIRAN CHATTOPADHYA, NEERAJ KUMAR, ALAVALAPATI GOUTHAM REDDY, KISUNG PARK, YOUNGHO PARK}, TITLE = {On the design of fine grained access control with user authentication scheme for telecare medicine information systems}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi-Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.
Secure Authentication Scheme for Medicine Anti-Counterfeiting System in IoT Environment
MOHAMMAD WAZID,Ashok Kumar Das,Muhammad Khurram Khan,Abdulatif Al-Dhawailie Al-Ghaiheb,Neeraj Kumar, Athanasios V. Vasilakos
IEEE Internet of Things Journal, IOT, 2017
@inproceedings{bib_Secu_2017, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Muhammad Khurram Khan, Abdulatif Al-Dhawailie Al-Ghaiheb, Neeraj Kumar, Athanasios V. Vasilakos}, TITLE = {Secure Authentication Scheme for Medicine Anti-Counterfeiting System in IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}
A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anticounterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.
Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things
Sandip Roy,Santanu Chatterjee,Ashok Kumar Das,Samiran Chattopadhyay,Saru Kumari,Minho Jo
IEEE Internet of Things Journal, IOT, 2017
@inproceedings{bib_Chao_2017, AUTHOR = {Sandip Roy, Santanu Chatterjee, Ashok Kumar Das, Samiran Chattopadhyay, Saru Kumari, Minho Jo}, TITLE = {Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}
The recent proliferation of mobile devices, such as smartphones and wearable devices has given rise to crowdsourcing Internet of Things (IoT) applications. E-healthcare service is one of the important services for the crowdsourcing IoT applications that facilitates remote access or storage of medical server data to the authorized users (for example, doctors, patients, and nurses) via wireless communication. As wireless communication is susceptible to various kinds of threats and attacks, remote user authentication is highly essential for a hazard-free use of these services. In this paper, we aim to propose a new secure three-factor user remote user authentication protocol based on the extended chaotic maps. The three factors involved in the proposed scheme are: 1) smart card; 2) password; and 3) personal biometrics. As the proposed scheme avoids computationally expensive elliptic curve point multiplication or modular exponentiation operation, it is lightweight and efficient. The formal security verification using the widely-accepted verification tool, called the ProVerif 1.93, shows that the presented scheme is secure. In addition, we present the formal security analysis using the both widely accepted real-or-random model and Burrows-Abadi-Needham logic. With the combination of high security and appreciably low communication and computational overheads, our scheme is very much practical for battery limited devices for the healthcare applications as compared to other existing related schemes.
A novel authentication and key agreement scheme for implantable medical devices deployment
MOHAMMAD WAZID,Ashok Kumar Das,Neeraj Kumar,Mauro Conti,Athanasios V Vasilakos
IEEE Journal of Biomedical and Health Informatics, JBioHI, 2017
@inproceedings{bib_A_no_2017, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Neeraj Kumar, Mauro Conti, Athanasios V Vasilakos}, TITLE = {A novel authentication and key agreement scheme for implantable medical devices deployment}, BOOKTITLE = {IEEE Journal of Biomedical and Health Informatics}. YEAR = {2017}}
Implantable medical devices (IMDs) are man-made devices, which can be implanted in the human body to improve the functioning of various organs. The IMDs monitor and treat physiological condition of the human being (for example, monitoring of blood glucose level by insulin pump). The advancement of information and communication technology enhances the communication capabilities of IMDs. In healthcare applications, after mutual authentication, a user (for example, doctor) can access the health data from the IMDs implanted in a patient's body. However, in this kind of communication environment, there are always security and privacy issues, such as leakage of health data and malfunctioning of IMDs by an unauthorized access. To mitigate these issues, in this paper, we propose a new secure remote user authentication scheme for IMDs communication environment to overcome security and privacy issues in existing schemes. We provide the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. We also provide the informal security analysis of the proposed scheme. The formal security verification and informal security analysis prove that the proposed scheme is secure against known attacks. The practical demonstration of the proposed scheme is performed using the broadly accepted NS2 simulation tool. The computation and communication costs of the proposed scheme are also comparable with the existing schemes. Moreover, the scheme provides additional functionality features, such as anonymity, untraceability, and dynamic implantable medical device addition.
An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment
Fan Wu, Lili Xu,Saru Kumari,Xiong Li,Jian Shen,Kim-Kwang Raymond Choo,MOHAMMAD WAZID,Ashok Kumar Das
Journal on Network and Computer Applications, JNCA, 2017
@inproceedings{bib_An_e_2017, AUTHOR = {Fan Wu, Lili Xu, Saru Kumari, Xiong Li, Jian Shen, Kim-Kwang Raymond Choo, MOHAMMAD WAZID, Ashok Kumar Das}, TITLE = {An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2017}}
Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanović et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.
Design of lightweight authentication and key agreement protocol for vehicular ad hoc networks
MOHAMMAD WAZID,Ashok Kumar Das,NEERAJ KUMAR,VANGA ODELU,ALAVALAPATI GOUTHAM REDDY,YOUNGHO PARK
IEEE Access, ACCESS, 2017
@inproceedings{bib_Desi_2017, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, NEERAJ KUMAR, VANGA ODELU, ALAVALAPATI GOUTHAM REDDY, YOUNGHO PARK}, TITLE = {Design of lightweight authentication and key agreement protocol for vehicular ad hoc networks}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}
Due to the widespread popularity in both academia and industry, vehicular ad hoc networks (VANETs) have been used in a wide range of applications starting from intelligent transportation to e-health and itinerary planning. This paper proposes a new decentralized lightweight authentication and key agreement scheme for VANETs. In the proposed scheme, there are three types of mutual authentications: 1) between vehicles; 2) between vehicles and their respective cluster heads; and 3) between cluster heads and their respective roadside units. Apart from these authentications, the proposed scheme also maintains secret keys between roadside units for their secure communications. The rigorous formal and informal security analysis shows that the proposed scheme is capable to defend various malicious attacks. Moreover, the ns-2 simulation demonstrates the practicability of the proposed scheme in VANET environment.
Secure three-factor user authentication scheme for renewable-energy-based smart grid environment
MOHAMMAD WAZID,Ashok Kumar Das,Neeraj Kumar,Joel J. P. C. Rodrigues
IEEE Transactions on Industrial Informatics, TII, 2017
@inproceedings{bib_Secu_2017, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Neeraj Kumar, Joel J. P. C. Rodrigues}, TITLE = {Secure three-factor user authentication scheme for renewable-energy-based smart grid environment}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2017}}
Smart grid (SG) technology has recently received significant attention due to its usage in maintaining demand response management in power transmission systems. In SG, charging of electric vehicles becomes one of the emerging applications. However, authentication between a vehicle user and a smart meter is required so that both of them can securely communicate for managing demand response during peak hours. To address the above mentioned issues, in this paper, we propose a new efficient three-factor user authentication scheme for a renewable energy-based smart grid environment (TUAS-RESG), which uses the lightweight cryptographic computations such as one-way hash functions, bitwise XOR operations, and elliptic curve cryptography. The detailed security analysis shows the robustness of TUAS-RESG against various well-known attacks. Moreover, TUAS-RESG provides superior security with additional features, such as dynamic smart meter addition, flexibility for password and biometric update, user and smart meter anonymity, and untraceability as compared to other related existing schemes. The practical demonstration of TUAS-RESG is also proved using the widely accepted NS2 simulation.
A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards
Srinivas Jangiral,Sourav Mukhopadhyay,Ashok Kumar Das
Wireless Personal Communications, WPC, 2017
@inproceedings{bib_A_mu_2017, AUTHOR = {Srinivas Jangiral, Sourav Mukhopadhyay, Ashok Kumar Das}, TITLE = {A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2017}}
The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, numerous remote user authentication schemes based on dynamic ID have been proposed for the multi-server environment using smart cards. Recently, Shunmuganathan et al. pointed out that Li et al.’s scheme is defenseless in resisting the password guessing attack, stolen smart card attack and forgery attack. Furthermore, they showed the poor repairability and no two-factor security in Li et al.’s scheme. To surmount these security disadvantages, Shunmuganathan et al. proposed a remote user authentication scheme using smart card for multi-server environment and claimed that their scheme is secure and efficient. In this paper, we show that Shunmuganathan et al.’s scheme is also defenseless in resisting the password guessing attack, stolen smart card attack, user impersonation attack, forgery attack, forward secrecy and session key secrecy. Moreover, the two-factor security is also not preserved in their scheme. In our proposed scheme, a user is free to choose his/her login credentials such as user id and password. And also a user can regenerate the password any time. Simultaneously the proposed scheme preserves the merits of Shunmuganathan et al.’s scheme and also provides better functionality and security features, such as mutual authentication, session key agreement and perfect forward secrecy. The security analysis using the widely accepted Burrows–Abadi–Needham logic shows that the proposed scheme provides the mutual authentication proof between a user and a server. Through the rigorous formal and informal security analysis, we show that the proposed scheme is secure against possible known attacks. In addition, we carry out the simulation of the proposed scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results clearly indicate that our scheme is secure.
Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment
Vanga Odelu,Ashok Kumar Das,Y. Sreenivasa Rao,Saru Kumari,Muhammad Khurram Khan,Kim-Kwang Raymond Choo
Computer Standards & Interfaces, CSI, 2017
@inproceedings{bib_Pair_2017, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Y. Sreenivasa Rao, Saru Kumari, Muhammad Khurram Khan, Kim-Kwang Raymond Choo}, TITLE = {Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment}, BOOKTITLE = {Computer Standards & Interfaces}. YEAR = {2017}}
Ciphertext-policy attribute-based encryption (CP-ABE) scheme can be deployed in a mobile cloud environment to ensure that data outsourced to the cloud will be protected from unauthorized access. Since mobile devices are generally resource-constrained, CP-ABE schemes designed for a mobile cloud deployment should have constant sizes for secret keys and ciphertexts. However, most existing CP-ABE schemes do not provide both constant size ciphertexts and secret keys. Thus, in this paper, we propose a new pairing-based CP-ABE scheme, which offers both constant size ciphertexts and secret keys (CSCTSK) with an expressive AND gate access structure. We then show that the proposed CP-ABE-CSCTSK scheme is secure against chosen-ciphertext adversary in the selective security model, and present a comparative summary to demonstrate the utility of the scheme.
A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security
Xiong Li,Jianwei Niu,Saru Kumari,SK Hafizul Islam,Fan Wu,Muhammad Khurram Khan,Ashok Kumar Das
Wireless Personal Communications, WPC, 2016
@inproceedings{bib_A_No_2016, AUTHOR = {Xiong Li, Jianwei Niu, Saru Kumari, SK Hafizul Islam, Fan Wu, Muhammad Khurram Khan, Ashok Kumar Das}, TITLE = {A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}
The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.
SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
IEEE Transactions Consumer Electronics, TCE, 2016
@inproceedings{bib_SEAP_2016, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami }, TITLE = {SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2016}}
Authentication protocol plays an important role in the short-range wireless communications for the Near Field Communication (NFC) technology. Due to the shared nature of wireless communication networks, there are several kinds of security vulnerabilities. Recently, a pseudonym-based NFC protocol (PBNFCP) has been proposed to withstand the security pitfalls found in the existing conditional privacy preserving security protocol (CPPNFC). However, this paper further analyzes PBNFCP and shows that it still fails to prevent the claimed security properties, such as impersonation attacks against an adversary, who is a malicious registered user having a valid pseudonym and corresponding private key. In order to overcome these security drawbacks, this paper proposes a secure and efficient authentication protocol (SEAP) for NFC applications using lifetime-based pseudonyms. The proposed SEAP is simulated for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The simulation results show that SEAP is secure. The rigorous security and performance analysis shows that the proposed SEAP is secure and efficient as compared to the related existing authentication protocols for NFC applications.
A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks
Ashok Kumar Das,ANIL KUMAR SUTRALA,Vanga Odelu,Adrijit Goswami
Wireless Personal Communications, WPC, 2016
@inproceedings{bib_A_Se_2016, AUTHOR = {Ashok Kumar Das, ANIL KUMAR SUTRALA, Vanga Odelu, Adrijit Goswami}, TITLE = {A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}
A wireless medical sensor network (WMSN) is a professional application of the traditional wireless body area sensor networks in medicine. Using WMSNs, the parameters of patients’ vital signs can be gathered from the sensor nodes deployed on the body of the patients and accessed by the healthcare professionals by using a mobile device. Due to wireless communication, securing communication becomes a vital issue in WMSNs. Since the vital signs parameters are sensitive to the patients’ health status and these information must not be revealed to the others except the healthcare professionals, the protection of patients’ privacy becomes another key issue for WMSNs applications. Thus, user authentication with anonymity property is the most basic and commonly used method in order to resolve the security and privacy issues of WMSNs. He et al. presented a user authentication protocol for healthcare applications using WMSNs to protect the security and privacy problems. However, Li et al. showed that their scheme is incorrect in authentication and session key agreement phase, has no wrong password detection mechanism and is vulnerable to denial of service caused by password change with wrong password. In this paper, we review Li et al.’s scheme and show that their scheme is still vulnerable to privileged-insider attack, sensor node capture attack and fails to provide user anonymity property. Moreover, we find that He et al.’s scheme is still vulnerable to the same attacks as we find out in Li et al.’s scheme. In order to remedy the security weak-nesses found in both He et al.’s scheme and Li et al.’s scheme, we present a secure biometrics-based user authentication scheme in WMSNs using smart card. Through the rigorous formal and informal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Application stool and the simulation results reveal that our scheme is secure. Our scheme is also efficient in computation and communication as compared to He et al.’s scheme, Li et al.’sscheme and other related schemes.
A Secure Group-Based Blackhole Node Detection Scheme for Hierarchical Wireless Sensor Networks
MOHAMMAD WAZID,Ashok Kumar Das
Wireless Personal Communications, WPC, 2016
@inproceedings{bib_A_Se_2016, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das}, TITLE = {A Secure Group-Based Blackhole Node Detection Scheme for Hierarchical Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}
Rapid development of the wireless communication technology and low cost of sensing devices has accelerated the development of wireless sensor networks (WSNs). These types of networks have a wide range of applications including habitat monitoring, health monitoring, data acquisition in hazardous environmental conditions and military operations. Sensor nodes are resource constrained having limited communication range, battery and processing power. Sensor nodes are prone to failure and can be also physically captured by an adversary. One of the main concerns in WSNs is to provide security, especially in the cases where they are deployed for military applications and monitoring. Further, WSNs are prone to various attacks such as wormhole, sinkhole and blackhole attacks. A blackhole attack is a kind of denial of service attack, which is very difficult to detect and defend and such blackhole attack, if happens, affects the entire performance of the network. In addition, it causes high end-to-end delay and less throughput with less packet delivery ratio. The situation can be worst if multiple blackhole attacker nodes present in the network. As a result, detection and prevention of the blackhole attack becomes crucial in WSNs. In this paper, we aim to propose a new efficient group-based technique for the detection and prevention of multiple blackhole attacker nodes in WSNs. In our approach, the entire WSN is divided into several clusters and each cluster has a powerful high-end sensor node (called a cluster head), which is responsible for the detection of blackhole attacker nodes, if present, in that cluster. The proposed scheme achieves about 90 % detection rate and 3.75 % false positive rate, which are significantly better than the existing related schemes. Furthermore, our scheme is efficient and thus, it is very appropriate for practical applications in WSNs.
Provably Secure Authenticated Key Agreement Scheme for Smart Grid
Vanga Odelu,Ashok Kumar Das,MOHAMMAD WAZID,Mauro Conti
IEEE Transactions on Smart Grid, TSG, 2016
@inproceedings{bib_Prov_2016, AUTHOR = {Vanga Odelu, Ashok Kumar Das, MOHAMMAD WAZID, Mauro Conti}, TITLE = {Provably Secure Authenticated Key Agreement Scheme for Smart Grid}, BOOKTITLE = {IEEE Transactions on Smart Grid}. YEAR = {2016}}
Due to the rapid development of wireless communication systems, authentication becomes a key security component in smart grid environments. Authentication then plays an important role in the smart grid domain by providing a variety of security services including credentials' privacy, session-key (SK) security, and secure mutual authentication. In this paper, we analyze the security of a recent relevant work in smart grid, and it is unfortunately not able to deal with SK-security and smart meter secret credentials' privacy under the widely accepted Canetti-Krawczyk adversary (CK-adversary) model. We then propose a new efficient provably secure authenticated key agreement scheme for smart grid. Through the rigorous formal security analysis, we show that the proposed scheme achieves the well-known security functionalities including smart meter credentials' privacy and SK-security under the CK-adversary model. The proposed scheme reduces the computation overheads for both smart meters and service providers. Furthermore, the proposed scheme offers more security functionalities as compared to the existing related schemes.
An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks
MOHAMMAD WAZID,Ashok Kumar Das
Wireless Personal Communications, WPC, 2016
@inproceedings{bib_An_E_2016, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das}, TITLE = {An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}
Sensor nodes in a wireless sensor network (WSN) may be lost due to enervation or malicious attacks by an adversary. WSNs deployed for several applications including military applications are prone to various attacks, which degrade the network performance very rapidly. Hybrid anomaly is a type of anomaly that contains the different types of attacker nodes such as blackhole, misdirection, wormhole etc. These multiple attacks can be launched in the network using the hybrid anomaly. In this situation, it is very difficult to find out which kind of attacker nodes are activated in the network. This motivates us to design a robust and efficient secure intrusion detection approach in order to extend thelifetime of a WSN. In this paper, we aim to propose a new intrusion detection technique forhybrid anomaly, which uses the existing data mining algorithm, called K-means clustering.For the detection purpose, patterns of intrusions are built automatically by the K-mean sclustering algorithm over training data. After that intrusions are detected by matching network activities against these detection patterns. We evaluate our approach over a WSNd ataset that is created using Opnet modeler, which contains various attributes, such as end-to-end delay, traffic sent and traffic received. The training data set contains the normal values of the network parameters. The testing dataset is created in actual working mode consists of normal and abnormal values of the network parameters. The proposed tech-nique has the ability to detect two types of malicious nodes: black hole and misdirection nodes. Our scheme achieves 98.6 % detection rate and 1.2 % false positive rate, which are significantly better than the existing related schemes.
An efficient fast algorithm for discoverin closed+highutility itemsets
Jayakrushna Sahoo,Ashok Kumar Das,A. Goswami
Applied Intelligence, APIN, 2016
@inproceedings{bib_An_e_2016, AUTHOR = {Jayakrushna Sahoo, Ashok Kumar Das, A. Goswami}, TITLE = {An efficient fast algorithm for discoverin closed+highutility itemsets}, BOOKTITLE = {Applied Intelligence}. YEAR = {2016}}
In recent years, high utility itemsets (HUIs) mining from the transactional databases becomes one of the most emerging research topic in the field of data mining due to its wide range of applications in online e-commerce data analysis, identifying interesting patterns in biomedical data and for cross marketing solutions in retail business. It aims to discover the itemsets with high utilities efficiently by considering item quantities in a transaction and profit values of each item. However, it produces a tremendous number of HUIs, which imposes further burden in analysis of the extracted patterns and also degrades the performance of mining methods. Mining the set of closed + high utility itemsets (CHUIs) solves this issue as it is a loss-less and condensed representation of all HUIs. In this paper, we aim to present a new algorithm for finding CHUIs from a transactional database, called the CHUM (Closed + High Utility itemset Miner), which is scalable and efficient. The proposed mining algorithm adopts a tricky aimed vertical representation of the database in order to speed up the execution time in generating itemset closures and compute their utility information without accessing the database. The proposed method makes use of the item co-occurrences strategy in order to further reduce the number of intersections needed to be performed. Several experiments are conducted on various sparse and dense datasets and the simulation results clearly show the scalability and superior performance of our algorithm as compared to those for the existing state-of-the-art CHUD (Closed + High Utility itemset Discovery) algorithm.
A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks
Ashok Kumar Das
Peer to Peer Networking and Applications, PPNA, 2016
@inproceedings{bib_A_se_2016, AUTHOR = {Ashok Kumar Das}, TITLE = {A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks}, BOOKTITLE = {Peer to Peer Networking and Applications}. YEAR = {2016}}
User authentication is one of the most important security services required forthe resource-constrained wire-less sensor networks (WSNs). In user authentication, for critical applications of WSNs, a legitimate user is allowed to query and collect the real-time data at any time from a sensor node of the network as and when he/she demands for it. In order to get the real-time information from the nodes,the user needs to be first authenticated by the nodes as well as the gateway node (GWN) of WSN so that illegal accesst o nodes do not happen in the network. Recently, Jiang et al.proposed an efficient two-factor user authentication scheme with unlinkability property in WSNs Jiang (2014). In this paper, we analyze Jiang et al.’s scheme. Unfortunately, we point out that Jiang et al.’s scheme has still several draw-backs such as (1) it fails to protect privileged insider attack,(2) inefficient registration phase for the sensor nodes,(3) it fails to provide proper authentication in login and authentication phase, (4) it fails to update properly the new changed password of a user in the password update phase,(5) it lacks of supporting dynamic sensor node addition after initial deployment of nodes in the network, and (6) itlacks the formal security verification. In order to withstand these pitfalls found in Jiang et al.’s scheme, we aim to pro-pose a three-factor user authentication scheme for WSNs.Our scheme preserves the original merits of Jiang et al.’sscheme. Our scheme is efficient as compared to Jiang et al.’s
A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card
Dheerendra Mishra,Ashok Kumar Das,Sourav Mukhopadhyay
Peer to Peer Networking and Applications, PPNA, 2016
@inproceedings{bib_A_se_2016, AUTHOR = {Dheerendra Mishra, Ashok Kumar Das, Sourav Mukhopadhyay}, TITLE = {A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card}, BOOKTITLE = {Peer to Peer Networking and Applications}. YEAR = {2016}}
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’sscheme. Furthermore, we simulate our scheme for the for-mal security analysis using the widely-accepted AVISPA(Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.
Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS
MOHAMMAD WAZID,Ashok Kumar Das,Saru Kumari,Xiong Li, Fan Wu
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_Desi_2016, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Saru Kumari, Xiong Li, Fan Wu}, TITLE = {Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
Several remote user authentication techniques for telecare medicine information system (TMIS) have been proposed in the literature. But most existing techniques have limitations such as vulnerable to various attacks, lack of functionalities, and inefficiency. Recently, Amin and Biswas proposed a three‐factor authentication and key agreement technique for TMIS. But their scheme is inefficient and has several security drawbacks. The attacks such as privileged‐insider, user impersonation, and strong reply attacks are possible on their scheme. It also has flaw in password update phase. In order to overcome drawbacks of their scheme, a new provably secure and efficient three‐factor remote user authentication scheme for TMIS is proposed in this paper. The proposed scheme overcomes all drawbacks of their scheme and also provides additional features such as user unlinkability, user anonymity, efficient password, and biometric update. The rigorous informal and formal security analysis using random oracle models and the mostly acceptable Automated Validation of Internet Security Protocols and Applications tool is also performed. During the experimentation, it has been observed that the proposed scheme is secure against various known attacks that include replay and man‐in‐the‐middle attacks. Furthermore, the analysis of computation and communication cost estimation of the proposed scheme depicts that our scheme is efficient as compared with other related exiting schemes.
Lightweight authentication with key-agreement protocol for mobile network environment using smartcards
Alavalapati Goutham Reddy,Eun-Jun Yoon,Ashok Kumar Das,Kee-Young Yoo
IET Information Security, INS, 2016
@inproceedings{bib_Ligh_2016, AUTHOR = {Alavalapati Goutham Reddy, Eun-Jun Yoon, Ashok Kumar Das, Kee-Young Yoo}, TITLE = {Lightweight authentication with key-agreement protocol for mobile network environment using smartcards}, BOOKTITLE = {IET Information Security}. YEAR = {2016}}
In 2012, Mun et al. proposed an enhanced secure authentication with key-agreement protocol for roaming service in global mobility networks environment based on elliptic curve cryptography. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful analysis of this study proves that Mun et al.'s protocol is susceptible to several attacks such as replay attack, man-in-middle attack, user impersonation attack, privileged insider attack, denial-ofservice attack, no login phase and imperfect mutual authentication phase. In addition, this study proposes an enhanced lightweight authentication with key-agreement protocol for mobile networks based on elliptic curve cryptography using smart cards. The proposed protocol is lightweight and perfectly suitable for real-time applications as it accomplishes simple one-way hash function, message authentication code and exclusive-OR operation. Furthermore, it achieves all the eminent security properties and is resistant to various possible attacks. The security analysis and comparison section demonstrates that the proposed protocol is robust compared with Mun et al.'s protocol.
An efficient multi-gateway based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks
Ashok Kumar Das,ANIL KUMAR SUTRALA,Saru Kumari,Vanga Odelu,MOHAMMAD WAZID,Xiong Li
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_An_e_2016, AUTHOR = {Ashok Kumar Das, ANIL KUMAR SUTRALA, Saru Kumari, Vanga Odelu, MOHAMMAD WAZID, Xiong Li}, TITLE = {An efficient multi-gateway based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
User authentication in wireless sensor network (WSN) plays a very important role in which a legal registered user is allowed to access the real‐time sensing information from the sensor nodes inside WSN. To allow such access, a user needs to be authenticated by the accessed sensor nodes as well as gateway nodes inside WSNs. Because of resource limitations and vulnerability to physical capture of some sensor nodes by an attacker, design of a secure user authentication in WSN continues to be an important and challenging research area in recent years. In this paper, we propose a new three‐factor user authentication scheme based on the multi‐gateway WSN architecture. Through the widely‐accepted Burrows–Abadi–Needham logic, we prove that our scheme provides the secure mutual authentication. We then present the formal security verification of our proposed scheme using AVISPA tool, which is a powerful validation tool for network security applications, and show that our scheme is secure. In addition, the rigorous informal security analysis shows that our scheme is also secure against possible other known attacks including the sensor node capture attack. Furthermore, we present the additional functionality features that our scheme offers, which are efficient in communication and computation.
Design of a provably secure identity-based digital multi-signature scheme using biometrics and fuzzy extractor
SK Hafizul Islam,Ashok Kumar Das,Muhammad Khurram Khan
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_Desi_2016, AUTHOR = {SK Hafizul Islam, Ashok Kumar Das, Muhammad Khurram Khan}, TITLE = {Design of a provably secure identity-based digital multi-signature scheme using biometrics and fuzzy extractor}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
A novel biometric identity-based digital multi-signature (BIO-IDMS) scheme is put forwarded in this paper. The proposed scheme is constructed with the help of fuzzy extractor and elliptic curve bilinear pairings. Furthermore, we designed the formal model and the security model of the proposed BIO-IDMS scheme. The formal security analysis demonstrates that the forgery of the proposed scheme is infeasible in the random oracle model based on the intractability assumption of the computational Diffie–Hellman (CDH) problem. The proposed scheme outperforms in terms of computational cost compared with other related existing multi-signature schemes.
Design of a secure smart card-based multi-server authentication scheme
Ankita Chaturvedi,Ashok Kumar Das,Dheerendra Mishra,Sourav Mukhopadhyay
Journal of Information Security and Applications, JISA, 2016
@inproceedings{bib_Desi_2016, AUTHOR = {Ankita Chaturvedi, Ashok Kumar Das, Dheerendra Mishra, Sourav Mukhopadhyay}, TITLE = {Design of a secure smart card-based multi-server authentication scheme}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2016}}
Traditional two party client server authentication protocol may not provide a scalable solution for present network environments where personal and ubiquitous computing technologies are involved as it is now becoming multi-server based. To achieve efficient authorized communication, multi-server based authentication protocols have been designed. The key feature of multi-server based protocols is one time registration. We study the existing multi-server based authentication protocols, and identify that many of the multi-server based authentication protocols involve control server in mutual authentication or trusted server environment is required. The involvement of central authority in mutual authentication may be a bottleneck for large network, and the servers may be semi-trusted. To erase these drawbacks, Wei et al. recently proposed a multi-server based authentication protocol. Their protocol does not require all servers to be trusted and involvement of control server in mutual authentication. Unfortunately, we identify the security vulnerability of Wei et al.'s scheme to insider attack and password guessing attack. Additionally, lack of pre-smart card authentication leads to denial of service attack. To enhance the security of Wei et al.'s protocol, we propose a secure biometric-based authentication scheme for multi-server environment using smart card. We simulate the proposed protocol for the formal security verification using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against active and passive attacks. In addition, we prove that our proposed scheme provides mutual authentication using the widely-accepted Burrows–Abadi–Needham (BAN) logic and is also secured against various well known attacks. In addition, our scheme is efficient in terms of computational and communication overheads as compared to Wei et al.'s scheme and other existing related schemes.
Provably secure user authentication and key agreement scheme for wireless sensor networks
Ashok Kumar Das,Saru Kumari,Vanga Odelu,Xiong Li,Fan Wu,Xinyi Huang
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_Prov_2016, AUTHOR = {Ashok Kumar Das, Saru Kumari, Vanga Odelu, Xiong Li, Fan Wu, Xinyi Huang}, TITLE = {Provably secure user authentication and key agreement scheme for wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols urn:x-wiley:sec:media:sec1573:sec1573-math-0001 and urn:x-wiley:sec:media:sec1573:sec1573-math-0002. urn:x-wiley:sec:media:sec1573:sec1573-math-0003 is based on exclusive or (XOR) and hash functions, while urn:x-wiley:sec:media:sec1573:sec1573-math-0004 deploys elliptic curve cryptography in addition to the two functions used in urn:x-wiley:sec:media:sec1573:sec1573-math-0005. Although their protocols are efficient, we point out that both urn:x-wiley:sec:media:sec1573:sec1573-math-0006 and urn:x-wiley:sec:media:sec1573:sec1573-math-0007 are vulnerable to session specific temporary information attack and offline password guessing attack, while urn:x-wiley:sec:media:sec1573:sec1573-math-0008 is also vulnerable to session key breach attack. In addition, we show that both the protocols urn:x-wiley:sec:media:sec1573:sec1573-math-0009 and urn:x-wiley:sec:media:sec1573:sec1573-math-0010 are inefficient in authentication and password change phases. To withstand these weaknesses found in their protocols, we aim to design a new authentication and key agreement scheme using elliptic curve cryptography. Rigorous formal security proofs using the broadly accepted, the random oracle models, and the Burrows–Abadi–Needham logic and verification using the well‐known Automated Validation of Internet Security Protocols and Applications tool are preformed on our scheme. The analysis shows that our designed scheme has the ability to resist a number of known attacks comprising those found in both Chang–Le's protocols
Provably secure biometric-based user authentication and key agreement scheme in cloud computing
MOHAMMAD WAZID,Ashok Kumar Das,Saru Kumari,Xiong Li, Fan Wu
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_Prov_2016, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Saru Kumari, Xiong Li, Fan Wu}, TITLE = {Provably secure biometric-based user authentication and key agreement scheme in cloud computing}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
Cloud computing, the conjoin of many types of computing, has made a great impact on the life of everyone. People from anywhere can access the different cloud-based services by using the Internet. A user, who wants to access some cloud-based service, needs to register himself/herself to an authority (service provider), and after that, he/she can use the service. To access the service, each user needs to authenticate to that particular cloud server. Several user authentication schemes for cloud computing have been presented but mostly have limitations/drawbacks as they are prone to various known attacks, such as privileged insider, user and server impersonation, and strong reply attacks, and they also have lack of functionality features. Moreover, these schemes do not provide efficient password change phase. In order to overcome these drawbacks, we propose a new provably secure biometric-based user authentication and key agreement scheme for cloud computing. The proposed scheme overcomes the weaknesses of the existing schemes and supports extra functionality features including user anonymity and efficient password and biometric update phase for multi-server environment. The careful formal security analysis under standard model and informal security analysis and the simulation results for formal security verification using the most acceptable AVISPA tool show that the proposed scheme is secure against various known possible attacks. The analysis of computation and communication overheads of our scheme depicts its efficiency over other related existing schemes, and thus, the proposed scheme is suitable for the cloud computing environment.
Design of a new CP-ABE with constant size secret keys for lightweight devices using elliptic curve cryptography
Vanga Odelu,Ashok Kumar Das
Security and Communication Networks, SCNW, 2016
@inproceedings{bib_Desi_2016, AUTHOR = {Vanga Odelu, Ashok Kumar Das}, TITLE = {Design of a new CP-ABE with constant size secret keys for lightweight devices using elliptic curve cryptography}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}
The energy cost of public‐key cryptography is a vital component of modern secure communications. It inhibits the widespread adoption within the ultra‐low energy regimes (for example, implantable medical devices and Radio Frequency Identification tags). In the ciphertext‐policy attribute‐based encryption (CP‐ABE), an encryptor can decide the access policy that who can decrypt the data. Thus, data will be protected from the unauthorized users. However, most of the existing CP‐ABE schemes require huge storage and computational overheads. Moreover, CP‐ABE schemes based on bilinear map loose high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra‐low energy devices in practice. In this paper, we aim to propose a novel expressive AND gate access structured CP‐ABE scheme with constant‐size secret keys (CSSK) with cost‐efficient solutions for encryption and decryption using elliptic curve cryptography, called the CP‐ABE‐CSSK scheme. In the proposed CP‐ABE‐CSSK, the size of the secret key is as small as 320 bits. In addition, elliptic curve cryptography is efficient and more suitable for lightweight devices as compared with bilinear pairing‐based cryptosystem. Thus, the proposed CP‐ABE‐CSSK scheme provides low computation and storage overheads with an expressive AND gate access structure as compared with related existing schemes. Consequently, our scheme becomes very practical for CP‐ABE key storage and computation cost for ultra‐low energy devices. Copyright © 2016 John Wiley & Sons, Ltd.
A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks
Marimuthu Karuppiah,Saru Kumari,Ashok Kumar Das,Xiong Li,Fan Wu,Sayantani Basu
Security in Communication Networks, SCN, 2016
@inproceedings{bib_A_se_2016, AUTHOR = {Marimuthu Karuppiah, Saru Kumari, Ashok Kumar Das, Xiong Li, Fan Wu, Sayantani Basu}, TITLE = {A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely‐accepted push‐button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright © 2016 John Wiley & Sons, Ltd.
A novel and provable authentication and key agreement scheme with user anonymity for global mobility networks
Fan Wu,Lili Xu,SaruKumari,Xiong Li,Ashok Kumar Das,Muhammad Khurram Khan,Marimuthu Karuppiah,Renuka Baliyan
Security in Communication Networks, SCN, 2016
@inproceedings{bib_A_no_2016, AUTHOR = {Fan Wu, Lili Xu, SaruKumari, Xiong Li, Ashok Kumar Das, Muhammad Khurram Khan, Marimuthu Karuppiah, Renuka Baliyan}, TITLE = {A novel and provable authentication and key agreement scheme with user anonymity for global mobility networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off‐line guessing attack and the de‐synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two‐factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.
An Anonymous Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Biometrics and Smartcards
Alavalapati Goutham Reddy,Ashok Kumar Das,Eun-Jun Yoon,Kee-Young Yoo
Transactions on Internet and Information Systems, TiiS, 2016
@inproceedings{bib_An_A_2016, AUTHOR = {Alavalapati Goutham Reddy, Ashok Kumar Das, Eun-Jun Yoon, Kee-Young Yoo}, TITLE = {An Anonymous Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Biometrics and Smartcards}, BOOKTITLE = {Transactions on Internet and Information Systems}. YEAR = {2016}}
Authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in computing technologies and associated constraints. Lu et al. recently proposed a biometrics and smartcards-based authentication scheme for multi-server environment. The careful analysis of this paper demonstrates Lu et al.’s protocol is susceptible to user impersonation attacks and comprises insufficient data. In addition, this paper proposes an improved authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. The formal security of the proposed protocol is verified using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our protocol can withstand active and passive attacks. The formal and informal security analysis, and performance analysis sections determines that our protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols.
An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks
Saru Kumari,Marimuthu Karuppiah,Xiong Li,Fan Wu,Ashok Kumar Das,Vanga Odelu
Security in Communication Networks, SCN, 2016
@inproceedings{bib_An_e_2016, AUTHOR = {Saru Kumari, Marimuthu Karuppiah, Xiong Li, Fan Wu, Ashok Kumar Das, Vanga Odelu}, TITLE = {An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Vehicular Ad‐hoc Networks (VANETs) are a move towards regulating safe traffic and intelligent transportation system. A VANETs is characterized by extremely dynamic topographical conditions owing to speedily moving vehicles. In VANETs, vehicles can transmit messages within a pre‐defined area to achieve safety and efficiency of the system. Then ensuring authenticity of origin of messages to the receiver in such a dynamic environment is a crucial challenge. Another concern in VANET is preservation of privacy of user/vehicle. Recently, Chuang and Lee proposed a trust‐extended authentication mechanism (TEAM) for vehicle‐to‐vehicle communications in VANETs. TEAM not only satisfies various security features but also enhances the performance of the authentication process using transitive trust relationship among vehicles. Nonetheless, our analysis shows that TEAM is vulnerable to insider attack, privacy breach, impersonation attacks and some other problems. In this paper, to eradicate the vulnerabilities found in Chuang‐Lee's scheme, an enhanced trust‐extended authentication scheme for VANET is proposed. We display the efficiency of our scheme through security analysis and comparison. Through simulation results using widely accepted NS‐2 simulator, we show that our scheme authenticates vehicles faster than Chuang‐Lee's scheme. Copyright © 2016 John Wiley & Sons, Ltd.
A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography
ALAVALAPATI GOUTHAM REDDY,Ashok Kumar Das,EUN-JUN YOON,KEE-YOUNG YOO
IEEE Access, ACCESS, 2016
@inproceedings{bib_A_Se_2016, AUTHOR = {ALAVALAPATI GOUTHAM REDDY, Ashok Kumar Das, EUN-JUN YOON, KEE-YOUNG YOO}, TITLE = {A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography}, BOOKTITLE = {IEEE Access}. YEAR = {2016}}
Mobile user authentication is an essential topic to consider in the current communications technology due to greater deployment of handheld devices and advanced technologies. Memon et al. recently proposed an efficient and secure two-factor authentication protocol for location-based services using asymmetric key cryptography. Unlike their claims, the vigilant analysis of this paper substantiates that Memon et al.'s protocol has quite a few limitations such as vulnerability to key compromised impersonation attack, insecure password changing phase, imperfect mutual authentication, and vulnerability to insider attack. Furthermore, this paper proposes an enhanced secure authentication protocol for roaming services on elliptic curve cryptography. The proposed protocol is also a two-factor authentication protocol and is suitable for practical applications due to the composition of light-weight operations. The proposed protocol's formal security is verified using Automated Validation of Internet Security Protocols and Applications tool to certify that the proposed protocol is free from security threats. The informal and formal security analyses along with the performance analysis sections determine that the proposed protocol performs better than Memon et al.'s protocol and other related protocols in terms of security and efficiency.
Secure Biometric-Based Authentication Scheme using Chebyshev Chaotic Map for Multi-Server Environment
Santanu Chatterjee,Sandip Roy,Ashok Kumar Das,Samiran Chattopadhyay,Neeraj Kumar,Athanasios V. Vasilakos
IEEE Transactions on Dependable and Secure Computing, TDSC, 2016
@inproceedings{bib_Secu_2016, AUTHOR = {Santanu Chatterjee, Sandip Roy, Ashok Kumar Das, Samiran Chattopadhyay, Neeraj Kumar, Athanasios V. Vasilakos}, TITLE = {Secure Biometric-Based Authentication Scheme using Chebyshev Chaotic Map for Multi-Server Environment}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2016}}
—Multi-server environment is the most common scenario for a large number of enterprise class applications. In this environment, user registration at each server is not recommended. Using multi-server authentication architecture, user can manage authentication to various servers using single identity and password. We introduce a new authentication scheme for multi-server environments using Chebyshev chaotic map. In our scheme, we use the Chebyshev chaotic map and biometric verification along with password verification for authorization and access to various application servers. The proposed scheme is light-weight compared to other related schemes. We only use the Chebyshev chaotic map, cryptographic hash function and symmetric key encryptiondecryption in the proposed scheme. Our scheme provides strong authentication, and also supports biometrics & password change phase by a legitimate user at any time locally, and dynamic server addition phase. We perform the formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to show that the presented scheme is secure. In addition, we use the formal security analysis using the Burrows-Abadi-Needham (BAN) logic along with random oracle models and prove that our scheme is secure against different known attacks. High security and significantly low computation and communication costs make our scheme is very suitable for multi-server environments as compared to other existing related schemes
An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography
Alavalapati Goutham Reddy,Ashok Kumar Das,Vanga Odelu,Kee-Young Yoo
@inproceedings{bib_An_e_2016, AUTHOR = {Alavalapati Goutham Reddy, Ashok Kumar Das, Vanga Odelu, Kee-Young Yoo}, TITLE = {An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography}, BOOKTITLE = {Plos One}. YEAR = {2016}}
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols.
An enhanced anonymous two-factor mutual authentication with key-agreement scheme for session initiation protocol
Alavalapati Goutham Reddy,Eun-Jun Yoon ,Ashok Kumar Das,Kee-Young Yoo
Proceedings of the 9th International Conference on Security of Information and Networks, SIN, 2016
@inproceedings{bib_An_e_2016, AUTHOR = {Alavalapati Goutham Reddy, Eun-Jun Yoon , Ashok Kumar Das, Kee-Young Yoo}, TITLE = {An enhanced anonymous two-factor mutual authentication with key-agreement scheme for session initiation protocol}, BOOKTITLE = {Proceedings of the 9th International Conference on Security of Information and Networks}. YEAR = {2016}}
A two-factor authenticated key-agreement scheme for session initiation protocol emerged as a best remedy to overcome the ascribed limitations of the password-based authentication scheme. Recently, Lu et al. proposed an anonymous two-factor authenticated key-agreement scheme for SIP using elliptic curve cryptography. They claimed that their scheme is secure against attacks and achieves user anonymity. Conversely, this paper's keen analysis points out several severe security weaknesses of the Lu et al.'s scheme. In addition, this paper puts forward an enhanced anonymous two-factor mutual authenticated key-agreement scheme for session initiation protocol using elliptic curve cryptography. The security analysis and performance analysis sections demonstrates that the proposed scheme is more robust and efficient than Lu et al.'s scheme.
A User Anonymous Mutual Authentication Protocol.
Saru Kumari,Xiong Li, Fan Wu,Ashok Kumar Das,Vanga Odelu,Muhammad Khurram Khan
Transactions on Internet and Information Systems, TiiS, 2016
@inproceedings{bib_A_Us_2016, AUTHOR = {Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Vanga Odelu, Muhammad Khurram Khan}, TITLE = {A User Anonymous Mutual Authentication Protocol.}, BOOKTITLE = {Transactions on Internet and Information Systems}. YEAR = {2016}}
Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author’s claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server’s reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.’s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.
A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps
Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Hamed Arshad,Muhammad Khurram Khan
Future Generation Computer Systems, FGCS, 2016
@inproceedings{bib_A_us_2016, AUTHOR = {Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Hamed Arshad, Muhammad Khurram Khan}, TITLE = {A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2016}}
Spread of wireless network technology has opened new doors to utilize sensor technology in various areas via Wireless Sensor Networks (WSNs). Many authentication protocols for among the service seeker users, sensing component sensor nodes (SNs) and the service provider base-station or gateway node (GWN) are available to realize services from WSNs efficiently and without any fear of deceit. Recently, Li et al. and He et al. independently proposed mutual authentication and key agreement schemes for WSNs. We find that both the schemes achieve mutual authentication, establish session key and resist many known attacks but still have security weaknesses. We show the applicability of stolen verifier, user impersonation, password guessing and smart card loss attacks on Li et al.’s scheme. Although their scheme employs the feature of dynamic identity, an attacker can reveal and guess the identity of a registered user. We demonstrate the susceptibility of He et al.’s scheme to password guessing attack. In both the schemes, the security of the session key established between user and SNs is imperfect due to lack of forward secrecy and session-specific temporary information leakage attack. In addition both the schemes impose extra computational load on resource scanty sensor-nodes and are not user friendly due to absence of user anonymity and lack of password change facility. To handle these drawbacks, we design a mutual authentication and key agreement scheme for WSN using chaotic maps. To the best of our knowledge, we are the first to propose an authentication scheme for WSN based on chaotic maps. We show the superiority of the proposed scheme over its predecessor schemes by means of detailed security analysis and comparative evaluation. We also formally analyze our scheme using BAN logic.
Secure anonymous mutual authentication for star two-tier wireless body area networks
Maged Hamada Ibrahim,Saru Kumari ,Ashok Kumar Das,MOHAMMAD WAZID,Vanga Odelu
Computer Methods and Programs in Biomedicine, CMPB, 2016
@inproceedings{bib_Secu_2016, AUTHOR = {Maged Hamada Ibrahim, Saru Kumari , Ashok Kumar Das, MOHAMMAD WAZID, Vanga Odelu}, TITLE = {Secure anonymous mutual authentication for star two-tier wireless body area networks}, BOOKTITLE = {Computer Methods and Programs in Biomedicine}. YEAR = {2016}}
Background and objectives: Mutual authentication is a very important service that must be established between sensor nodes in wireless body area network (WBAN) to ensure the originality and integrity of the patient’s data sent by sensors distributed on different parts of the body. However, mutual authentication service is not enough. An adversary can benefit from monitoring the traffic and knowing which sensor is in transmission of patient’s data. Observing the traffic (even without disclosing the context) and knowing its origin, it can reveal to the adversary information about the patient’s medical conditions. Therefore, anonymity of the communicating sensors is an important service as well. Few works have been conducted in the area of mutual authentication among sensor nodes in WBAN. However, none of them has considered anonymity among body sensor nodes. Up to our knowledge, our protocol is the first attempt to consider this service in a two-tier WBAN. We propose a new secure protocol to realize anonymous mutual authentication and confidential transmission for star two-tier WBAN topology. Methods: The proposed protocol uses simple cryptographic primitives. We prove the security of the proposed protocol using the widely-accepted Burrows-Abadi-Needham (BAN) logic, and also through rigorous informal security analysis. In addition, to demonstrate the practicality of our protocol, we evaluate it using NS-2 simulator. Results: BAN logic and informal security analysis prove that our proposed protocol achieves the necessary security requirements and goals of an authentication service. The simulation results show the impact on the various network parameters, such as end-to-end delay and throughput. The nodes in the network require to store few hundred bits. Nodes require to perform very few hash invocations, which are computationally very efficient. The communication cost of the proposed protocol is few hundred bits in one round of communication. Due to the low computation cost, the energy consumed by the nodes is also low.
Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems
ANIL KUMAR SUTRALA,Ashok Kumar Das,Vanga Odelu,MOHAMMAD WAZID,Saru Kumari
Computer Methods and Programs in Biomedicine, CMPB, 2016
@inproceedings{bib_Secu_2016, AUTHOR = {ANIL KUMAR SUTRALA, Ashok Kumar Das, Vanga Odelu, MOHAMMAD WAZID, Saru Kumari}, TITLE = {Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems}, BOOKTITLE = {Computer Methods and Programs in Biomedicine}. YEAR = {2016}}
Background and objectives Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Methods Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin–Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin–Biswas's scheme and also preserves user anonymity property. Results The careful formal security analysis using the two widely accepted Burrows–Abadi–Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin–Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. Conclusions We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin–Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications.
Analysis of Security Protocols for Mobile Healthcare
MOHAMMAD WAZID,· Sherali Zeadally,Ashok Kumar Das,Vanga Odelu
Journal of Medical Systems, JMs, 2016
@inproceedings{bib_Anal_2016, AUTHOR = {MOHAMMAD WAZID, · Sherali Zeadally, Ashok Kumar Das, Vanga Odelu}, TITLE = {Analysis of Security Protocols for Mobile Healthcare}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2016}}
Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient’s health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.
An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment
Dheerendra Mishra,Ashok Kumar Das,Sourav Mukhopadhyay
Security in Communication Networks, SCN, 2016
@inproceedings{bib_An_a_2016, AUTHOR = {Dheerendra Mishra, Ashok Kumar Das, Sourav Mukhopadhyay}, TITLE = {An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
In [1] the authorship was originally shown as “Ashok Kumar Das, Dheerendra Mishra and Sourav Mukhopadhyay”. This has now been corrected to “Dheerendra Mishra, Ashok Kumar Das and Sourav Mukhopadhyay”. We apologize for any inconvenience caused … 1. Mishra D, Das AK, Mukhopadhyay S. An anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Security and Communica- tions Networks2015;8:3383–3404 . doi:10.1002/sec.1266." … SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:3762 … Published online 18 August 2016 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1604
Design of sinkhole node detection mechanism for hierarchical wireless sensor networks
MOHAMMAD WAZID,Ashok Kumar Das,Saru Kumari,Muhammad Khurram Khan
Security in Communication Networks, SCN, 2016
@inproceedings{bib_Desi_2016, AUTHOR = {MOHAMMAD WAZID, Ashok Kumar Das, Saru Kumari, Muhammad Khurram Khan}, TITLE = {Design of sinkhole node detection mechanism for hierarchical wireless sensor networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Wireless sensor networks (WSNs) have several applications ranging from the civilian to military applications. WSNs are prone to various hole attacks, such as sinkhole, wormhole, blackhole, and greyhole. Among these hole attacks, the sinkhole attack is the malignant one. A sinkhole attack allows a malicious node, called the sinkhole node, advertises a best possible path to the base station (BS). This misguides its neighbors to utilize that path more frequently. The sinkhole node has the opportunity to tamper with the data, and it also performs the modifications in messages or it drops messages or it produces unnecessary delay before forwarding them to the BS. On the basis of these malicious acts that are performed by a sinkhole attacker node, we consider three types of malicious nodes in a WSN: sinkhole message modification node (SMD), sinkhole message dropping node (SDP), and sinkhole message delay node (SDL). None of the existing techniques in the literature is capable to handle all three types of nodes at a time. This paper presents a new detection scheme for the detection of different types of sinkhole nodes for a hierarchical wireless sensor network (HWSN). To the best of our knowledge, this is the first attempt to design such a detection scheme in HWSNs which can detect SMD, SDP, and SDL nodes. In our approach, the entire HWSN is divided into several disjoint clusters, and each cluster has a powerful high-end sensor node (called a cluster head), which is responsible for the detection of different sinkhole attacker nodes if present in that cluster. We simulate our scheme using the widely-accepted NS2 simulator for measurement of various network parameters. The proposed scheme achieves around 95% detection rate and 1.25% false positive rate. These factors are significantly better than the previous related schemes. Furthermore, the computation and communication efficiency is achieved in our scheme. As a result, our scheme seems suitable for the sensitive critical applications, such as military applications.
Provably secure three‐factor authentication and key agreement scheme for session initiation protocol
C.SRAVANI,Ashok Kumar Das, Saru Kumar,Vanga Odelu,Fan Wu,Xiong Li
Security in Communication Networks, SCN, 2016
@inproceedings{bib_Prov_2016, AUTHOR = {C.SRAVANI, Ashok Kumar Das, Saru Kumar, Vanga Odelu, Fan Wu, Xiong Li}, TITLE = {Provably secure three‐factor authentication and key agreement scheme for session initiation protocol}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Session initiation protocol (SIP) is a widely used authentication protocol for the Voice over IP communications. Over the years, several protocols have been proposed in the literature to strengthen the security of SIP. In this paper, we present an efficient elliptic curve cryptography (ECC)‐based provably secure three‐factor authentication and session key agreement scheme for SIP, which uses the identity, password, and personal biometrics of a user as three factors. Our scheme aims to resolve the security weaknesses and drawbacks in existing SIP authentication protocols. In addition, our scheme supports password and biometric update phase without involving the server and the user mobile device revocation phase in case the mobile device is lost/stolen. Formal security analysis under the standard model and the broadly accepted Burrows–Abadi–Needham logic ensures that the proposed scheme can withstand several known security attacks. The proposed scheme has also been analyzed informally. Simulation for formal security verification using the widely known automated validation of internet security protocols and applications tool shows the replay, and the man‐in‐the‐middle attacks are protected by the scheme. High security and low communication and computation costs make the proposed scheme more suitable for practical application as compared with other existing related ECC‐based schemes. Copyright © 2016 John Wiley & Sons, Ltd
Jamming resistant non‐interactive anonymous and unlinkable authentication scheme for mobile satellite networks
Maged Hamada Ibrahim,Saru Kumari,Ashok Kumar Das,Vanga Odelu
Security in Communication Networks, SCN, 2016
@inproceedings{bib_Jamm_2016, AUTHOR = {Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Vanga Odelu}, TITLE = {Jamming resistant non‐interactive anonymous and unlinkable authentication scheme for mobile satellite networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}
Most of the previously proposed schemes use temporary identities for mobile users to provide unlinkable anonymous authentication for mobile users to the satellite network control center (NCC), where the temporary identities are picked at random after each session and agreed between a mobile user U and the NCC for the next session. Although such schemes provide full anonymity and are computationally efficient, the common problem with such strategies is that an adversary is able to desynchronize the temporary identity shared between U and NCC by means of simple jamming attack at a certain round in the authentication protocol. It results in the denial of all future sessions unless U re‐registers a new identity at the NCC. In this paper, we propose a new authentication scheme for mobile satellite networks. We avoid using synchronized temporary identities, which are always vulnerable to desynchronization attacks. We also avoid multi‐round authentication phase in order to reduce the jamming effect. Instead, a mobile user is able to create a new blinded version of his clear identity for each established session noninteractively, allowing him to anonymously authenticate himself to NCC in a fully unlinkable fashion. Moreover, in few milliseconds and one move non‐interactive way, U is able to establish a session key with NCC in a fully anonymous and authenticated way. Our new scheme uses recent advances in elliptic curve cryptography, and hence, it is efficient for implementation on mobile devices with limited resources. Through the rigorous security analysis using the broadly accepted Burrows–Abadi–Needham logic, informal security analysis, and the simulation for formal security verification using the widely known automated validation of Internet security protocols and sapplications tool, we show that our scheme is secure against various known attacks. Copyright © 2017 John Wiley & Sons, Ltd.
A Secure and Robust User Authenticated Key AgreementScheme for Hierarchical Multi-medical Server Environmentin TMIS
Ashok Kumar Das,Vanga Odelu,Adrijit Goswami
Journal of Medical Systems, JMs, 2015
@inproceedings{bib_A_Se_2015, AUTHOR = {Ashok Kumar Das, Vanga Odelu, Adrijit Goswami}, TITLE = {A Secure and Robust User Authenticated Key AgreementScheme for Hierarchical Multi-medical Server Environmentin TMIS}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}
The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas’s scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.
A Secure User Anonymity-Preserving Three-FactorRemote User Authentication Scheme for the TelecareMedicine Information Systems
Ashok Kumar Das
Journal of Medical Systems, JMs, 2015
@inproceedings{bib_A_Se_2015, AUTHOR = {Ashok Kumar Das}, TITLE = {A Secure User Anonymity-Preserving Three-FactorRemote User Authentication Scheme for the TelecareMedicine Information Systems}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}
Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan’s scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan’s scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan’s scheme and then presented an improvement on Tan’s s scheme. However, we show that Arshad and Nikooghadam’s scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan’s scheme, and Arshad and Nikooghadam’s scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan’s scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan’s scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan’s scheme and then presented an improvement on Tan’s s scheme. However, we show that Arshad and Nikooghadam’s scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan’s scheme, and Arshad and Nikooghadam’s scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.
A robust anonymous biometric-based remote user authentication scheme using smart cards
Ashok Kumar Das,Adrijit Goswami
Journal of King Saud University - Computer and Information Sciences, JKSU-CIS, 2015
@inproceedings{bib_A_ro_2015, AUTHOR = {Ashok Kumar Das, Adrijit Goswami}, TITLE = {A robust anonymous biometric-based remote user authentication scheme using smart cards}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2015}}
Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i) flaw in user’s biometric verification during the login phase, (ii) flaw in user’s password verification during the login and authentication phases, and (iii) flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.
A Secure and Robust Password-Based Remote User Authentication Scheme using Smart Cards for the Integrated EPR Information System
Ashok Kumar Das
Journal of Medical Systems, JMs, 2015
@inproceedings{bib_A_Se_2015, AUTHOR = {Ashok Kumar Das}, TITLE = {A Secure and Robust Password-Based Remote User Authentication Scheme using Smart Cards for the Integrated EPR Information System}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}
An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients’ information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients’ health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen’s scheme has the same security drawbacks as in Lee at al.’s scheme. In order to remedy these security weaknesses found in Lee et al.’s scheme and Wen’s scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.’s scheme and Wen’s scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.
An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Journal of Information Security and Applications, JISA, 2015
@inproceedings{bib_An_e_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2015}}
The authentication protocols are trusted components in a communication system in order to protect sensitive information against a malicious adversary in the client-server environment by means of providing a variety of services including users' privacy and authentication. In the cryptographic protocols, understanding the security failures is the key for both patching to the existing protocols and designing the future protocols. Recently, in 2014, Wang proposed an improved Elliptic Curve Cryptography (ECC) based anonymous remote authentication scheme using smart card and claimed that the proposed scheme is secure against password guessing attack, smart card lost/stolen verifier attack, and also preserves user anonymity and prevents credential leakage. However, in this paper, we show that Wang's scheme fails to preserve the user anonymity and does not prevent the off-line password guessing attack, credential leakage and smart card lost/stolen verifier attack. In order to withstand those security pitfalls found in Wang's scheme, we aim to propose a new secure privacy-preserving ECC-based client authentication with key agreement protocol using smart card. Through the formal and informal security analysis we show that our scheme is secure against possible known attacks including the off-line password guessing attack, credential leakage attack and smart card lost/stolen verifier attack. Our scheme also preserves the user anonymity property. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low computational and communication costs. As a result, our scheme is practically suitable for mobile devices in the client-server environment as compared to other related schemes in the literature.
DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Wireless Personal Communications, WPC, 2015
@inproceedings{bib_DMAM_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2015}}
In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue in distributed network environment. There are several potential security risks in protecting data and providing access control over the data. It is a challenging problem to manage dynamically the access rights to the resources and protect them from unauthorized access.Several migration access control mechanisms have been proposed in the literature using hierarchical structure to manage the cryptographic keys to prevent from unauthorized access of resources. However, most of them suffer from some known attacks and they do not efficiently support all required dynamic properties for mobile agent environment. Since, in practical scenarios, from time to time changing of decryption key of a confidential file provides maximum security for the system, it affects significantly the performance of the key management mechanism. In this paper, we propose a novel dynamic migration access control mechanism for the mobile agents (DMAMA) in a distributed network environment using symmetric-key cryptosystem. Further, we provide an elliptic curve cryptography based signature (El-Gamal type) on the decryption key assigned to the confidential file to avoid unauthorized modifications by an attacker. Moreover, DMAMA provides an efficient solution to the dynamic property such as changing decryption key of a confidential file, whereas other schemes do not provide. In addition, DMAMA is efficient in computation and storage overheads as compared to the other related existing schemes. Through the informal and formal security analysis, we show that DMAMA is secure against possible known attacks including man-in-the-middle attack as well as DMAMA provides backward secrecy to the decryption key of a confidential file when adding a new node or creating a new relationship in the existing hierarchy. As a result, higher security, low computational and storage overheads along with efficient access control properties make DMAMA more suitable for practical applications compared to the other related schemes.
A Secure and Scalable Group Access Control Scheme for Wireless Sensor Networks
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Wireless Personal Communications, WPC, 2015
@inproceedings{bib_A_Se_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {A Secure and Scalable Group Access Control Scheme for Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2015}}
Recently, in 2013, Wu et al. proposed an efficient adaptable and scalable group access control scheme (GAC) for managing wireless sensor networks and they claimed that their proposed GAC approach provides the forward secrecy and backward secrecy, and it also prevents the man-in-the-middle attack. However, in this paper, we revisit Wu et al.’s scheme and show that Wu et al.’s scheme fails to provide the forward and backward secrecy to the group access key (GAK), and also their scheme does not prevent the man-inthe-middle attack and it does not provide the mutual authentication between a node and the task manager. Moreover, in Wu et al.’s scheme, all the past GAKs used by a node can be revealed to an adversary when that node is compromised. We then aim to propose a novel group access control mechanism to withstand the security weaknesses found in Wu et al.’s scheme while retaining the original merits of their scheme. Through the rigorous informal security analysis and the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic, we show that our scheme is secure against various known attacks including the attacks found in Wu et al.’s scheme. Moreover, in our scheme, the vulnerability of the GAKs used by a node is limited and bounded to the last GAK update protocol interval when that node is compromised by an adversary. Our scheme provides efficient dynamic properties such as joining and leaving of a node from a group along with high security and the required desirable features as compared to Wu et al.’s scheme, and as a result, our scheme is very suitable for the practical applications.
Key chain-based key predistribution protocols for securing wireless sensor networks
Prasun Hazra,Debasis Giri,Ashok Kumar Das
International Conference on Mathematics and Computing, ICMC, 2015
@inproceedings{bib_Key__2015, AUTHOR = {Prasun Hazra, Debasis Giri, Ashok Kumar Das}, TITLE = {Key chain-based key predistribution protocols for securing wireless sensor networks}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2015}}
Since the conception of the seminal work proposed by Eschenauer and Gligor in 2002, several key predistribution mechanisms have been proposed in the literature in order to establish symmetric secret keys between any two neighbor sensor nodes in wireless sensor networks (WSNs) for secure communication. However, due to lack of prior deployment knowledge, limited resources of sensor nodes and security threats posed in the unattended environment of WSNs, it is always a challenging task to propose a better secure key predistribution scheme apart from existing schemes. In this paper, we aim to propose two new key predistribution schemes based on hashed key chains, which provide secure communication between the sensor nodes with the desired storage and communication overheads. The proposed schemes provide better tradeoff among security, network connectivity, and overheads as compared to those for other existing schemes.
A secure password-based authentication and key agreement scheme using smart cards
Dheerendra Mishra,Ashok Kumar Das,Ankita Chaturvedi,Sourav Mukhopadhyay
Journal of Information Security and Applications, JISA, 2015
@inproceedings{bib_A_se_2015, AUTHOR = {Dheerendra Mishra, Ashok Kumar Das, Ankita Chaturvedi, Sourav Mukhopadhyay}, TITLE = {A secure password-based authentication and key agreement scheme using smart cards}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2015}}
Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et al. designed a robust authentication scheme to erase the weaknesses of Sood et al.'s scheme. In 2013, Jiang et al. showed that Chen et al.'s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented an efficient solution to overcome the shortcoming of Chen et al.'s scheme. We demonstrate that Jiang et al.'s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide user's anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et al.'s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passive attacks.
An effective ECC‐based user access control scheme with attribute‐based encryption for wireless sensor networks
Santanu Chatterjee,Ashok Kumar Das
Security and Communication Networks, SCNW, 2015
@inproceedings{bib_An_e_2015, AUTHOR = {Santanu Chatterjee, Ashok Kumar Das}, TITLE = {An effective ECC‐based user access control scheme with attribute‐based encryption for wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2015}}
For critical applications, real‐time data access is essential from the nodes inside a wireless sensor network (WSN). Only the authorized users with unique access privilege should access the specific, but not all, sensing information gathered by the cluster heads in a hierarchical WSNs. Access rights for the correct information and resources for different services from the cluster heads to the genuine users can be provided with the help of efficient user access control mechanisms. In this paper, we propose a new user access control scheme with attribute‐based encryption using elliptic curve cryptography in hierarchical WSNs. In attribute‐based encryption, the ciphertexts are labeled with sets of attributes and secret keys of the users that are associated with their own access structures. The authorized users with the relevant set of attributes can able to decrypt the encrypted message coming from the cluster heads. Our scheme provides high security. Moreover, our scheme is efficient as compared with those for other existing user access control schemes. Through both the formal and informal security analysis, we show that our scheme has the ability to tolerate different known attacks required for a user access control designed for WSNs. Furthermore, we simulate our scheme for the formal security verification using the widely‐accepted automated validation of Internet security protocols and applications tool. The simulation results demonstrate that our scheme is secure.
An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smartcards
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Security in Communication Networks, SCN, 2015
@inproceedings{bib_An_e_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smartcards}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2015}}
In communication systems, authentication protocols play an important role in protecting sensitive information against a malicious adversary by means of providing a variety of services such as mutual authentication, user credentials' privacy, and user revocation facility when the smart card of the user is lost/stolen or user's authentication parameters are revealed. Recently, several three‐party authentication with key agreement (3PAKA) schemes are proposed in the literature, but most of them do not provide the basic security requirements such as user anonymity as well as user revocation and re‐registration with the same identity. Thus, we feel that there is a great need to design a secure 3PAKA scheme with these security properties. In this paper, we propose a new secure biometric‐based privacy‐preserving 3PAKA scheme using the elliptic curve cryptography with efficient mechanism for the user revocation and re‐registration with the same identity. The formal security analysis using the widely accepted Burrows–Abadi–Needham logic shows that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results show that our scheme is secure against passive and active attacks. Furthermore, our scheme is efficient as compared with other related schemes. Our scheme provides high security along with low computation and communication costs, and extra features as compared with other related existing schemes in the literature, and as a result, our scheme is suitable for battery‐limited mobile devices.
An Efficient CP-ABE with Constant Size Secret Keys using ECC for Lightweight Devices.
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
IACR Cryptology ePrint Archive, CEA, 2015
@inproceedings{bib_An_E_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {An Efficient CP-ABE with Constant Size Secret Keys using ECC for Lightweight Devices.}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2015}}
The energy cost of asymmetric cryptography is a vital component of modern secure communications, which inhibits its wide spread adoption within the ultra-low energy regimes such as Implantable Medical Devices (IMDs) and Radio Frequency Identification (RFID) tags. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic tool, where an encryptor can decide the access policy that who can decrypt the data. Thus, the data will be protected from the unauthorized users. However, most of the existing CP-ABE schemes require huge storage and computational overheads. Moreover, CP-ABE schemes based on bilinear map loose the high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra-low energy devices in practice. In this paper, we aim to propose a novel expressive AND-gate access structured CP-ABE scheme with constant-size secret keys (CSSK) with the cost efficient solutions for the encryption and decryption using ECC, called the CP-ABE-CSSK scheme. In the proposed CP-ABE-CSSK, the size of secret key is as small as 320 bits. In addition, ECC is efficient and more suitable for the lightweight devices as compared to the bilinear pairing based cryptosystem. Thus, the proposed CP-ABE-CSSK scheme provides the low computation and storage overheads with an expressive AND-gate access structure as compared to the related existing schemes in the literature. As a result, our scheme is very suitable for CP-ABE key storage and computation cost in the ultra-low energy devices.
A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor
SK Hafizul Islam,Ashok Kumar Das,Muhammad Khurram Khan
International Journal of Ad Hoc and Ubiquitous Computing, IJAHUC, 2015
@inproceedings{bib_A_no_2015, AUTHOR = {SK Hafizul Islam, Ashok Kumar Das, Muhammad Khurram Khan}, TITLE = {A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor}, BOOKTITLE = {International Journal of Ad Hoc and Ubiquitous Computing}. YEAR = {2015}}
In this paper, we devise a new and efficient biometric-based password authentication scheme (BIO-PWA) for the client-server environment. Our scheme uses the elliptic curve cryptography (ECC) along with the fuzzy extractor. Through the rigorous security analysis, we show that our scheme is secure against various known attacks. We further show that our scheme is secure in the generic group model through the formal security analysis. In addition, the formal security verification of our scheme using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool is performed against active and passive adversaries and the simulation results clearly demonstrate that our scheme is secure against active and passive attacks, including the replay and man-in-the-middle attacks. Finally, we show that our scheme is also efficient in computation against the existing related ECC-based authentication schemes for the client-server environment.
Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card
Saru Kumari,Fan Wu,Xiong Li,Mohammad Sabzinejad Farash,Qi Jiang,Muhammad Khurram Khan,Ashok Kumar Das
Journal on Multimedia Tools Applications, JMTA, 2015
@inproceedings{bib_Sing_2015, AUTHOR = {Saru Kumari, Fan Wu, Xiong Li, Mohammad Sabzinejad Farash, Qi Jiang, Muhammad Khurram Khan, Ashok Kumar Das}, TITLE = {Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card}, BOOKTITLE = {Journal on Multimedia Tools Applications}. YEAR = {2015}}
In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP applications including VoIP, the topic of Session Initiation Protocol (SIP) has attracted major concern from researchers. SIP is an advanced signaling protocol operating on Internet Telephony. SIP uses digest authentication protocols such as Simple Mail Transport Protocol (SMTP) and HyperText Transport Protocol (HTTP). When a user seeks SIP services, authentication plays an important role in providing secure access to the server only to the authorized access seekers. Being an insecure-channel-based protocol, a SIP authentication protocol is susceptible to adversarial threats. Therefore, security is a big concern in SIP authentication mechanisms. This paper reveals the security vulnerabilities of two recently proposed SIP authentication schemes for VoIP, Irshad et al.’s scheme [Multimed. Tools. Appl. doi:10.1007/s11042-013- 1807-z] and Arshad and Nikooghadam’s scheme [Multimed. Tools. Appl. DOI 10.1007/ s11042-014-2282-x], the later scheme is based on the former scheme. Irshad et al.’s scheme suffers from password guessing, user impersonation and server spoofing attacks. Arshad and Nikooghadam’s scheme can be threatened with server spoofing and stolen verifier attack. None of these two schemes achieve mutual authentication. It also fails to follow the single round-trip authentication design of Irshad et al.’s scheme. To overcome these weaknesses, we propose a provable secure single round-trip SIP authentication scheme for VoIP using smart card. We formally prove the security of the scheme in random oracle and demonstrate through discussion its resistance to various attacks. The comparative analysis shows that the proposed SIP authentication scheme offers superior performance with a little extra computational cost.
A secure biometrics-based multi-server authentication protocol using smart cards
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
IEEE Transactions on Information Forensics and Security, TIFS, 2015
@inproceedings{bib_A_se_2015, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {A secure biometrics-based multi-server authentication protocol using smart cards}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2015}}
Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's authentication parameter is revealed. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multi-server authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the Burrows-Abadi-Needham logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted and used automated validation of Internet security protocols and applications tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared with He-Wang's scheme.
An efficient approach for mining association rules from high utility itemsets
Jayakrushna Sahoo,Ashok Kumar Das,ADITI GOSWAMI
Expert Systems with Applications, ESWA, 2015
@inproceedings{bib_An_e_2015, AUTHOR = {Jayakrushna Sahoo, Ashok Kumar Das, ADITI GOSWAMI}, TITLE = {An efficient approach for mining association rules from high utility itemsets}, BOOKTITLE = {Expert Systems with Applications}. YEAR = {2015}}
Traditional association rule mining based on the support–confidence framework provides the objective measure of the rules that are of interest to users. However, it does not reflect the semantic measure among the items. The semantic measure of an itemset is characterized with utility values that are typically associated with transaction items, where a user will be interested to an itemset only if it satisfies a given utility constraint. In this paper, we first define the problem of finding association rules using utility-confidence framework, which is a generalization of the amount-confidence measure. Using this semantic concept of rules, we then propose a compressed representation for association rules having minimal antecedent and maximal consequent. This representation is generated with the help of high utility closed itemsets (HUCI) and their generators. We propose the algorithms to generate the utility based non-redundant association rules and methods for reconstructing all association rules. Furthermore, we describe the algorithms which generate high utility itemsets (HUI) and high utility closed itemsets with their generators. These proposed algorithms are implemented using both synthetic and real datasets. The results demonstrate better efficiency and effectiveness of the proposed HUCI-Miner algorithm compared to other well-known existing algorithms. In addition, the experimental results show better quality in the compressed representation of the entire rule set under the considered framework.
An effective association rule mining scheme using a new generic basis
Jayakrushna Sahoo,Ashok Kumar Das,A. Goswami
Knowledge and Information Systems, KAIS, 2014
@inproceedings{bib_An_e_2014, AUTHOR = {Jayakrushna Sahoo, Ashok Kumar Das, A. Goswami}, TITLE = {An effective association rule mining scheme using a new generic basis}, BOOKTITLE = {Knowledge and Information Systems}. YEAR = {2014}}
Association rule mining among itemsets is a fundamental task and is of great importance in many data mining applications including attacks in network data, stock market, financial applications, bioinformatics to find genetic disorders, etc. However, association rule extraction from a reasonable-sized database produces a large number of rules. As a result, many of them are redundant to other rules, and they are practically useless. To overcome this issue, methods for mining non-redundant rules are essentially required. To address such problem, we initially propose a definition for redundancy in sense of minimal knowledge and then a compact representation of non-redundant association rules which we call as compact informative generic basis. We also provide an improved version of the existing DCI_CLOSED algorithm (DCI_PLUS) to find out the frequent closed itemsets (FCI) with their minimal representative generators in combination with BitTable which represents a compact database form in a single scan of the original database. We further introduce an algorithm for constructing the compact informative generic basis from the FCI and their generators in an efficient way. We finally present an inference mechanism in which all association rules can be generated without accessing the database. Experiments are performed on the proposed method. The experimental results show that the proposed method outperforms the other existing related methods.
An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce using Chaotic Hash Function
Ashok Kumar Das,Adrijit Goswami
Journal of Medical Systems, JMs, 2014
@inproceedings{bib_An_E_2014, AUTHOR = {Ashok Kumar Das, Adrijit Goswami}, TITLE = {An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce using Chaotic Hash Function}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2014}}
Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.
A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Journal of King Saud University - Computer and Information Sciences, JKSU-CIS, 2014
@inproceedings{bib_A_se_2014, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2014}}
With the rapid growth of the Internet, a lot of electronic patient records (EPRs) have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE). However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.
A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards
Dheerendra Mishra,Ashok Kumar Das,Sourav Mukhopadhyay
Expert Systems with Applications, ESWA, 2014
@inproceedings{bib_A_se_2014, AUTHOR = {Dheerendra Mishra, Ashok Kumar Das, Sourav Mukhopadhyay}, TITLE = {A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards}, BOOKTITLE = {Expert Systems with Applications}. YEAR = {2014}}
Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.
A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks
Vanga Odelu ,Ashok Kumar Das,Adrijit Goswami
Security and Communication Networks, SCNW, 2014
@inproceedings{bib_A_se_2014, AUTHOR = {Vanga Odelu , Ashok Kumar Das, Adrijit Goswami}, TITLE = {A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2014}}
A user authentication in the distributed computer networks (DCNs) plays a crucial rule to verify whether the user is a legal user and can therefore be granted access to the requested services to that user. In recent years, several RSA‐based single sign‐on mechanisms have been proposed in DCNs. However, most of them cannot preserve the user anonymity when possible attacks occur. The user devices are usually battery limited (e.g., cellular phones) and the elliptic‐curve cryptosystem is much efficient than RSA cryptosystem for the battery‐limited devices. In this paper, we aim to propose a new secure elliptic‐curve cryptosystem‐based single sign‐on mechanism for user authentication and key establishment for the secure communications in a DCNs using biometric‐based smart card. In our scheme, a user only needs to remember a private password and his or her selected unique identity to authenticate and agree on a high‐entropy cryptographic one‐time session key with a provider to communicate over untrusted public networks. Through formal and informal security analysis, we show that our scheme prevents other known possible attacks. In addition, we perform simulation on our scheme for the formal security verification using the widely‐accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results ensure that our scheme is secure against replay and man‐in‐the‐middle attacks. Furthermore, our scheme provides high security along with lower computational cost and communication cost, and as a result, our scheme is much suitable for the battery‐limited devices as compared to other related RSA‐based schemes.
Cryptanalysis on ‘Robust Biometrics-Based Authentication Scheme for Multi-server Environment’
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
IACR Cryptology ePrint Archive, CEA, 2014
@inproceedings{bib_Cryp_2014, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {Cryptanalysis on ‘Robust Biometrics-Based Authentication Scheme for Multi-server Environment’}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2014}}
Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials’ privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang’s scheme and show that He-Wang’s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user’s anonymity. Furthermore, He-Wang’s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang’s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.
On the Security of ‘An Efficient Biometric Authentication Protocol for Wireless Sensor Networks’
Ashok Kumar Das
IACR Cryptology ePrint Archive, CEA, 2014
@inproceedings{bib_On_t_2014, AUTHOR = {Ashok Kumar Das}, TITLE = {On the Security of ‘An Efficient Biometric Authentication Protocol for Wireless Sensor Networks’}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2014}}
In 2013, Althobaiti et al. proposed an efficient biometricbased user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack,(2) it is insecure against impersonation attack and (3) it is insecure against man-in-the-middle attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.
A robust and effective smart card-based remote user authentication mechanism using hash function
Ashok Kumar Das,Vanga Odelu,Adrijit Goswami
e Scientific World Journal, SWJ, 2014
@inproceedings{bib_A_ro_2014, AUTHOR = {Ashok Kumar Das, Vanga Odelu, Adrijit Goswami}, TITLE = {A robust and effective smart card-based remote user authentication mechanism using hash function}, BOOKTITLE = {e Scientific World Journal}. YEAR = {2014}}
In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.
A secure effective key management scheme for dynamic access control in a large leaf class hierarchy
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Information Sciences, IS, 2014
@inproceedings{bib_A_se_2014, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {A secure effective key management scheme for dynamic access control in a large leaf class hierarchy}, BOOKTITLE = {Information Sciences}. YEAR = {2014}}
Lo et al. (2011) proposed an efficient key assignment scheme for access control in a large leaf class hierarchy where the alternations in leaf classes are more frequent than in non-leaf classes in the hierarchy. Their scheme is based on the public-key cryptosystem and hash function where operations like modular exponentiations are very much costly compared to symmetric-key encryptions and decryptions, and hash computations. Their scheme performs better than the previously proposed schemes. However, in this paper, we show that Lo et al.’s scheme fails to preserve the forward security property where a security class can also derive the secret keys of its successor classes ’s even after deleting the security class from the hierarchy. We aim to propose a new key management scheme for dynamic access control in a large leaf class hierarchy, which makes use of symmetric-key cryptosystem and one-way hash function. We show that our scheme requires significantly less storage and computational overheads as compared to Lo et al.’s scheme and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against all possible attacks including the forward security. In addition, our scheme supports efficiently dynamic access control problems compared to Lo et al.’s scheme and other related schemes. Thus, higher security along with low storage and computational costs make our scheme more suitable for practical applications compared to other schemes.
A novel and efficient user access control scheme for wireless body area sensor networks
Santanu Chatterjee,Ashok Kumar Das,Jamuna Kanta Sing
Journal of King Saud University - Computer and Information Sciences, JKSU-CIS, 2014
@inproceedings{bib_A_no_2014, AUTHOR = {Santanu Chatterjee, Ashok Kumar Das, Jamuna Kanta Sing}, TITLE = {A novel and efficient user access control scheme for wireless body area sensor networks}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2014}}
Wireless body area networks (WBANs) can be applied to provide healthcare and patient monitoring. However, patient privacy can be vulnerable in a WBAN unless security is considered. Access to authorized users for the correct information and resources for different services can be provided with the help of efficient user access control mechanisms. This paper proposes a new user access control scheme for a WBAN. The proposed scheme makes use of a group-based user access ID, an access privilege mask, and a password. An elliptic curve cryptography-based public key cryptosystem is used to ensure that a particular legitimate user can only access the information for which he/she is authorized. We show that our scheme performs better than previously existing user access control schemes. Through a security analysis, we show that our scheme is secure against possible known attacks. Furthermore, through a formal security verification using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is also secure against passive and active attacks.
An Algorithm for Mining High Utility Closed Itemsets and Generators
Jayakrushna Sahoo,Ashok Kumar Das,A. Goswami
Technical Report, arXiv, 2014
@inproceedings{bib_An_A_2014, AUTHOR = {Jayakrushna Sahoo, Ashok Kumar Das, A. Goswami}, TITLE = {An Algorithm for Mining High Utility Closed Itemsets and Generators}, BOOKTITLE = {Technical Report}. YEAR = {2014}}
Traditional association rule mining based on the support-confidence framework provides the objective measure of the rules that are of interest to users. However, it does not reflect the utility of the rules. To extract non-redundant association rules in support-confidence framework frequent closed itemsets and their generators play an important role. To extract non-redundant association rules among high utility itemsets, high utility closed itemsets (HUCI) and their generators should be extracted in order to apply traditional support-confidence framework. However, no efficient method exists at present for mining HUCIs with their generators. This paper addresses this issue. A postprocessing algorithm, called the HUCI-Miner, is proposed to mine HUCIs with their generators. The proposed algorithm is implemented using both synthetic and real datasets.
A novel proxy signature scheme based on user hierarchical access control policy
Ashok Kumar Das,MASSAND ASHISH SUNIL,SAGAR P PATIL
Journal of King Saud University - Computer and Information Sciences, JKSU-CIS, 2013
@inproceedings{bib_A_no_2013, AUTHOR = {Ashok Kumar Das, MASSAND ASHISH SUNIL, SAGAR P PATIL}, TITLE = {A novel proxy signature scheme based on user hierarchical access control policy}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2013}}
In this paper, we propose a new security protocol for proxy signature by a hierarchy of proxy signers. In this protocol, the original signer delegates his/her signing capability to a predefined hierarchy of proxy signers. Given the documents of a security class to be signed by the original signer, our scheme suggests a protocol for the hierarchy of proxy signers to sign the document on behalf of the original signer. The concept of hierarchical access control limits the number of people who could sign the document to the people who have the required security clearances. User in a security class requires two secret keys: one which identifies his/her security clearance, and that can also be derived by a user of upper level security clearance and second is his/her private key which identifies him/her as a proxy signer for the signature generation. We show that our scheme is efficient in terms of computational complexity as compared to the existing related proxy signature schemes based on the hierarchical access control. Our scheme also supports addition and deletion of security classes in the hierarchy. We show through security analysis that our scheme is secure against possible attacks. Furthermore, through the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our scheme is also secure against passive and active attacks.
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
Ashok Kumar Das,· Bezawada Bruhadeshwar
Journal of Medical Systems, JMs, 2013
@inproceedings{bib_An_I_2013, AUTHOR = {Ashok Kumar Das, · Bezawada Bruhadeshwar}, TITLE = {An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu’s scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu’s scheme. We show that our scheme is efficient as compared to Lee-Liu’s scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.
LHSC: an effective dynamic key management scheme for linear hierarchical access control
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
International Conference on Communication Systems & Networks, COMSNETS, 2013
@inproceedings{bib_LHSC_2013, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {LHSC: an effective dynamic key management scheme for linear hierarchical access control}, BOOKTITLE = {International Conference on Communication Systems & Networks}. YEAR = {2013}}
Several key management schemes for access control in a user hierarchy have been proposed in the recent years. However, most of them have dealt with key management issues for tree structured hierarchies, which result overheads when they are applied to the linear hierarchies. Linear hierarchy comprises a particularly interesting type of hierarchies, and it appears in a wide range of applications such as secure communications within security corporations and multi-layered data streaming. In this paper, we propose an effective key management scheme for linear hierarchies. Compared to the recently proposed Hassen et al.'s scheme, our scheme reduces the storage overhead of each class significantly. Further, use of symmetric-key cryptosystem (Advanced Encryption Standard algorithm) makes the key sizes for security classes to reduce in our scheme. In addition, our scheme is secure against possible attacks required for a linear hierarchy access control scheme. Security along with low storage and computational overheads make our scheme to be much suitable for practical applications for linear hierarchies.
Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey.
Santanu Chatterjee,Ashok Kumar Das,Jamuna Kanta Sing
Journal of Information Assurance & Security, JIAS, 2013
@inproceedings{bib_Anal_2013, AUTHOR = {Santanu Chatterjee, Ashok Kumar Das, Jamuna Kanta Sing}, TITLE = {Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey.}, BOOKTITLE = {Journal of Information Assurance & Security}. YEAR = {2013}}
In an access control scheme, a deployed sensor node proves its identity to its neighbor nodes through authentication and also proves that it has the proper right to access the sensor network. After successful authentication, the shared secret keys should be established between a deployed sensor node and its neighbor nodes to protect communications. In a wireless sensor network, we often require deployment of new nodes to extend the lifetime of the network because sensor network may be lost due to power exhaustion problem or malicious nodes. In order to protect malicious nodes from joining the sensor network, access control mechanism becomes a major challenge in the design of sensor network protocols due to resource limitations of sensor nodes. Until now, there have been ample of access control schemes published in the literature, and each published scheme has its own merits and demerits. In this paper, we have identified all the functionality features and security requirements which must be satisfied for an ideal access control scheme. We have presented and discussed the recently proposed access control schemes available so far in the literature and their cryptanalysis. We have critically analyzed the storage, communication, computational overheads requirement, functionality and security analysis of the existing schemes. Further, we have performed formal security analysis of existing schemes using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. All the schemes are vulnerable to different attacks except the Zhou et al.’s scheme and the Chatterjee et al.’s scheme. However he Zhou et al.’s scheme requires high storage, communication and computational costs. Hence, we feel that there is a strong need to design an ideal efficient access control scheme in future, which should meet all the security requirements and achieve all the functionality features.
A biometric-based user authentication scheme for heterogeneous wireless sensor networks
Ashok Kumar Das,Bezawada Bruhadeshwar
International Conference on Advanced Information Networking and Applications Workshops, AINA-W, 2013
@inproceedings{bib_A_bi_2013, AUTHOR = {Ashok Kumar Das, Bezawada Bruhadeshwar}, TITLE = {A biometric-based user authentication scheme for heterogeneous wireless sensor networks}, BOOKTITLE = {International Conference on Advanced Information Networking and Applications Workshops}. YEAR = {2013}}
In this paper, we propose a new biometric-based user authentication mechanism in heterogeneous wireless sensor networks. The proposed protocol provides strong authentication compared to traditional related password-based schemes and achieves good properties such as works without synchronized clock, freely changes password, low computation costs and mutual authentication. Our scheme establishes a symmetric secret session key shared between the user and a sensor node so that the secret session key can be used later for secure future communications between them. Moreover, the proposed scheme provides unconditional security against node capture attack and it is also resilient against different attacks.
An effective and secure key-management scheme for hierarchical access control in e-medicine system
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
Journal of Medical Systems, JMs, 2013
@inproceedings{bib_An_e_2013, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {An effective and secure key-management scheme for hierarchical access control in e-medicine system}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}
Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against ‘man-in-the-middle attack’ or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.’s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu–Chen’s scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu–Chen’s scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu–Chen’s scheme, Nikooghadam–Zakerolhosseini’s scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.
A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care
Ashok Kumar Das,Adrijit Goswami
Journal of Medical Systems, JMs, 2013
@inproceedings{bib_A_se_2013, AUTHOR = {Ashok Kumar Das, Adrijit Goswami}, TITLE = {A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}
Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user’s personal biometrics along with his/her password with the help of the smart card. The user’s biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.’s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.’s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.
Formal security verification of a dynamic password-based user authentication scheme for hierarchical wireless sensor networks
Ashok Kumar Das,Santanu Chatterjee, Jamuna Kanta Sing
International Journal of Trust Management in Computing and Communications, IJTMCC, 2013
@inproceedings{bib_Form_2013, AUTHOR = {Ashok Kumar Das, Santanu Chatterjee, Jamuna Kanta Sing}, TITLE = {Formal security verification of a dynamic password-based user authentication scheme for hierarchical wireless sensor networks}, BOOKTITLE = {International Journal of Trust Management in Computing and Communications}. YEAR = {2013}}
In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user’s password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols nd Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.’s scheme is secure against possible assive and active attacks.
Improving Identity-based Random Key Establishment Scheme for Large-Scale Hierarchical Wireless Sensor Networks.
Ashok Kumar Das
International Journal of Network Security, IJNS, 2012
@inproceedings{bib_Impr_2012, AUTHOR = {Ashok Kumar Das}, TITLE = {Improving Identity-based Random Key Establishment Scheme for Large-Scale Hierarchical Wireless Sensor Networks.}, BOOKTITLE = {International Journal of Network Security}. YEAR = {2012}}
In this paper, we propose a novel identity-based random key pre-distribution scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other existing key predistribution schemes. IBPRF always guarantees that no matter how many sensor nodes are captured, the secret communication between non-compromised sensor nodes are still secure. We then propose an improved version of our scheme in a large-scale hierarchical wireless sensor network. This improved approach has better trade off among network connectivity, security, communication, computational and storage overheads, and scalability than the existing random key pre-distribution schemes. The strength of the proposed IBPRF scheme and its improved approach is establishing pairwise secret keys between neighboring nodes with scantling communication and computational overheads. The improved IBPRF approach further supports a large-scale sensor network for the network connectivity. Through the analysis we show that the improved IBPRF scheme provides better security and lower overheads than other existing schemes.
A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks
Ashok Kumar Das
International Journal of Information Security, IJIS, 2012
@inproceedings{bib_A_ra_2012, AUTHOR = {Ashok Kumar Das}, TITLE = {A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2012}}
Several symmetric-key distribution mechanisms are proposed in the literature, but most of them are not scalable or they are vulnerable to a small number of captured nodes. In this paper, we propose a new dynamic random key establishment mechanism in large-scale distributed sensor networks, which supports deployment of sensor nodes in multiple phases. In the existing random key distribution schemes, nodes do not refresh their own keys, and thus, the keys in their key rings remain static throughout the lifetime of the network. One good property of our dynamic key distribution scheme is that the already deployed nodes in a deployment phase refresh their own keys in key rings before another deployment phase occurs. The strength of the proposed scheme is that it provides high resilience against node capture as compared to that for the other existing random key distribution schemes. Through analysis and simulation results, we show that our scheme achieves better network performances as compared to those for the existing random key distribution schemes. Finally, we propose an extended version of our scheme for practical usefulness to support high network connectivity and resilience against node capture
A dynamic password-based user authentication scheme for hierarchical wireless sensor networks
Ashok Kumar Das,PRANAY SHARMA,Santanu Chatterjee, Jamuna Kanta Sing
Journal on Network and Computer Applications, JNCA, 2012
@inproceedings{bib_A_dy_2012, AUTHOR = {Ashok Kumar Das, PRANAY SHARMA, Santanu Chatterjee, Jamuna Kanta Sing}, TITLE = {A dynamic password-based user authentication scheme for hierarchical wireless sensor networks}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2012}}
Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external users (parties) those who are authorized to access data as and when they demand. The user authentication plays a vital role for this purpose. In this paper, we propose a new password-based user authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the user's password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.
A novel key management mechanism for dynamic hierarchical access control based on linear polynomials
Vanga Odelu,Ashok Kumar Das,Adrijit Goswami
International Conference on Security in Computer Networks and Distributed Systems, ICSCNDS, 2012
@inproceedings{bib_A_no_2012, AUTHOR = {Vanga Odelu, Ashok Kumar Das, Adrijit Goswami}, TITLE = {A novel key management mechanism for dynamic hierarchical access control based on linear polynomials}, BOOKTITLE = {International Conference on Security in Computer Networks and Distributed Systems}. YEAR = {2012}}
Several key management schemes for dynamic access control in a user hierarchy are proposed in the literature based on elliptic curve cryptosystem (ECC) and polynomial interpolation. Since the elliptic curve scalar multiplication and construction of interpolating polynomials are time-consuming operations, most of the proposed schemes require high storage and computational complexity. Further, most of the proposed schemes are vulnerable to different attacks including the man-in-the-middle attacks. In this paper, we propose a novel key management scheme for hierarchical access control based on linear polynomials only. We show that our scheme is secure against different attacks including the man-in-the-middle attack, which are required for an idle access control scheme. Moreover, the computational cost and the storage space are significantly reduced in our scheme while compared to the recently proposed related schemes.
Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem
Ashok Kumar Das,Nayan Ranjan Paul,Laxminath Tripathy
Information Sciences, IS, 2012
@inproceedings{bib_Cryp_2012, AUTHOR = {Ashok Kumar Das, Nayan Ranjan Paul, Laxminath Tripathy}, TITLE = {Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem}, BOOKTITLE = {Information Sciences}. YEAR = {2012}}
In a key management scheme for hierarchy based access control, each security class having higher clearance can derive the cryptographic secret keys of its other security classes having lower clearances. In 2008, Chung et al. proposed an efficient scheme on access control in user hierarchy based on elliptic curve cryptosystem [Information Sciences 178 (1) (2008) 230–243]. Their scheme provides solution of key management efficiently for dynamic access problems. However, in this paper, we propose an attack on Chung et al.’s scheme to show that Chung et al.’s scheme is insecure against the exterior root finding attack. We show that under this attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class by using the root finding algorithm. In order to remedy this attack, we further propose a simple improvement on Chung et al.’s scheme. Overall, the main theme of this paper is very simple: a security flaw is presented on Chung et al.’s scheme and then a fix is provided in order to remedy the security flaw found in Chung et al.’s scheme.
A key establishment scheme for mobile wireless sensor networks using post-deployment knowledge
Ashok Kumar Das
International Journal of Computer Networks & Communications, IJCNC, 2011
@inproceedings{bib_A_ke_2011, AUTHOR = {Ashok Kumar Das}, TITLE = {A key establishment scheme for mobile wireless sensor networks using post-deployment knowledge}, BOOKTITLE = {International Journal of Computer Networks & Communications}. YEAR = {2011}}
Establishment of pairwise keys between sensor nodes in a sensor network is a difficult problem due to resource limitations of sensor nodes as well as vulnerability to physical captures of sensor nodes by the enemy. Public-key cryptosystems are not much suited for most resource-constrained sensor networks. Recently, elliptic curve cryptographic techniques show that public key cryptosystem is also feasible for resource-constrained sensor networks. However, most researchers accept that the symmetric key cryptosystems are viable options for resource-constrained sensor networks. In this paper, we first develop a basic principle to address the key pre-distribution problem in mobile sensor networks. Then, using this developed basic principle, we propose a scheme which takes the advantage of the post-deployment knowledge. Our scheme is a modified version of the key prioritization technique proposed by Liu and Ning. Our improved scheme provides reasonable network connectivity and security. Moreover, the proposed scheme works for any deployment topology.
Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards
Ashok Kumar Das
IET Information Security, INS, 2011
@inproceedings{bib_Anal_2011, AUTHOR = {Ashok Kumar Das}, TITLE = {Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards}, BOOKTITLE = {IET Information Security}. YEAR = {2011}}
The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.