Faculty - Dashboard

@inproceedings{bib_Auth_2025, AUTHOR = {Mallick, Debjani and Das, Ashok Kumar and WAZID, MOHAMMAD and PARK, YOUNGHO }, TITLE = {Authenticated Certificateless Verifiable Searchable Public Key Encryption Scheme With Big Data Analytics for IoT-Based Healthcare}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2025}}

The emerging concept of Internet of Things (IoT)-based Healthcare Industry 5.0 emphasizes the integration of human intelligence with cutting-edge technologies, such as artificial intelligence (AI), blockchain, IoT, big data analytics (BDA), and machine learning (ML) models to revolutionize healthcare delivery. However, alongside the immense potential and opportunities of Healthcare 5.0, the rapid expansion of sensitive medical data within the cloud-based healthcare systems also brings significant challenges related to data security, privacy, and resource requirements. Since most healthcare infrastructures depend on semi-trusted centralized cloud storage, it then becomes crucial to store medical records in encrypted form in order to ensure confidentiality and privacy of the data. At the same time, these systems must provide seamless and efficient search capabilities for authorized medical personnel in the healthcare system. To address these concerns and enable cost-effective, secure access and data management, we propose a novel authenticated certificateless verifiable searchable public key encryption scheme (ACLV-SPKE) that emerges as a robust and promising solution for securing healthcare data. The proposed framework not only resists diverse adversarial attacks but also ensures efficiency in terms of communication and computation costs while offering improved functionality over recent state-of-the-art solutions presented in the literature. The proposed scheme effectively resists both inside and outside keyword guessing attacks (KGAs), achieving strong security guarantees such as ciphertext indistinguishability (CT-IND) and trapdoor indistinguishability (TP-IND), which are proved in the random oracle models. In addition, we applied BDA on a real healthcare dataset to evaluate the performance metrics, and the outcomes are presented in this article.

@inproceedings{bib_Desi_2025, AUTHOR = {Bagchi, Prithwi and Bisht, Abhishek and Das, Ashok Kumar }, TITLE = {Designing Quantum-Safe Lattice-Based Multi-Authority CP-ABE Scheme for Blockchain-Enabled IoT-Based Consumer Healthcare Electronics}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2025}}

Despite edge computing reducing communication delays associated with cloud computing, privacy concerns remain a significant challenge when sharing data from edge-based consumer electronics (CE) or Internet-of-Things (IoT) devices. Ciphertext policy attribute-based encryption (CP-ABE) is a cryptographic tool that facilitates intricate and refined access control. It can deliver more flexible, secure, compact, and effective access control policies for the cloud data. In the case of a conventional CP-ABE scheme, the keys can only be issued and disseminated by a trusted central authority (CA). However, if the CA is compromised, the entire system becomes more susceptible to assaults or failures, which leads to a single-point failure. In this article, we propose a Ring-Learning with Errors (Ring-LWE)-based MA-CP-ABE scheme that is effectively resolved by the multi-authority CP-ABE (MA-CP-ABE), and it ensures the security against quantum attacks. The threshold secret sharing by Shamir and the Lagrange interpolation formula are applied in the key-generation and decryption procedures of the proposed scheme, which make it easier to segment and restore the private keys. The proposed scheme is implemented in the CE-enabled IoT-based smart healthcare applications using the blockchain technology as a secure storage. A detailed comparative study, security analysis and experimental results with the existing relevant schemes shows that the proposed scheme exhibits superior security and better efficiency as compared to other schemes, demonstrating its feasibility in practical IoT-based healthcare applications.

@inproceedings{bib_Quan_2025, AUTHOR = {Bagchi, Prithwi and Das, Ashok Kumar }, TITLE = {Quantum Safe Lattice-Based Single Round Online Collaborative Multi-Signature Scheme for Blockchain-Enabled IoT Applications}, BOOKTITLE = {ACM Transactions on Sensor Networks}. YEAR = {2025}}

Multi-signature protocols allow a group of signers to collectively generate a single signature for a shared message. In the context of a decentralized blockchain, multi-signature schemes play a pivotal role in reducing the signature size. Recently, several multi-signature methods have emerged in the literature, some operating in discrete-log settings and others in lattice settings. However, many of the existing lattice-based multi-signature schemes incur high computation costs and online round complexity. Traditional public key-based multi-signature schemes are susceptible to quantum threats, and they are computationally intensive as well. A lattice-based multi-signature can provide robust security, which often falls short in terms of efficiency when it comes to round complexity. In this article, we aim to introduce a single-round lattice-based multi-signature scheme specifically designed for decentralized public blockchains. What sets the proposed scheme apart is its ability to function without the need for trapdoor commitments or sample pre-images, which are common features in existing lattice-based signature methods. Furthermore, we explore some potential applications in a generic Internet of Things (IoT) environment and their integration of the proposed scheme with the blockchain technology. The security of the proposed scheme is based on lattice-hard problems, like Ring-SIS (Shortest Integer Solution) and Ring-LWE (Learning with Errors).

@inproceedings{bib_Secu_2025, AUTHOR = {Ghosh, Debnath and Roy, Soumit and Bagchi, Prithwi and Chakrabarty, Indranil and Das, Ashok Kumar }, TITLE = {Secure and efficient quantum signature scheme based on the controlled unitary operations encryption}, BOOKTITLE = {Quantum Information Processing}. YEAR = {2025}}

Quantum digital signatures ensure unforgeable message authenticity and integrity using quantum principles, offering unconditional security against both classical and quantum attacks. They are crucial for secure communication in high-stakes environments, ensuring trust and long-term protection in the quantum era. Nowadays, the majority of arbitrated quantum signature (AQS) protocols encrypt data qubit by qubit using the quantum one-time pad (QOTP). Despite providing robust data encryption, QOTP is not a good fit for AQS because of its susceptibility to many types of attacks. In this work, we present an efficient AQS protocol to encrypt quantum message ensembles using a distinct encryption technique, the chained controlled unitary operations. In contrast with existing protocols, our approach successfully prevents disavowal and forgery attacks. We hope this contributes to advancing future investigations into the development of AQS protocols .

@inproceedings{bib_Publ_2025, AUTHOR = {Mallick, Debjani and Das, Ashok Kumar and Varri, Uma Sankararao and PARK, YOUNGHO }, TITLE = {Public key-based search on encrypted data using blockchain and non-blockchain enabled cloud storage: a comprehensive survey, analysis and future research scopes}, BOOKTITLE = {Cluster Computing}. YEAR = {2025}}

Cloud-based storage service has emerged as a promising alternative to managing local storage, offering users additional features, such as storage, backup, and restoration of various resources, including software, applications, and sensitive private information, within a virtual database, while ensuring data confidentiality and security. However, the widespread use of cloud services by individuals and organisations raises concerns regarding user accessibility and data security due to increasing social threats and adversarial attacks. Searchable encryption (SE) has been introduced to address these issues, providing a secure environment for a convenient and effective way of data searching and sharing. SE models have been advanced by integrating blockchain functionalities to tackle certain existing vulnerabilities and enhance user accessibility, data privacy, and integrity. This survey work explores various research works on SE techniques leveraging cloud and blockchain functionalities, discussing and categorizing the diverse approaches based on different criteria. This study also discusses the different enhancements made to SE techniques over the years, including the underlying requirements that led to the inclusion of blockchain functionalities. Moreover, this study provides a comparative analysis of existing survey works done in this area, which highlights a lack of recent literature surveys that thoroughly explore blockchain-based public key encryption with keyword search (PEKS) schemes. Particularly, we delve into the technical aspects of PEKS by classifying, analyzing and comparing different functionalities based on various aspects. The survey concludes with a comparative analysis of existing PEKS solutions and a discussion on identified research gaps, aiming to improve future research on PEKS approaches in this emerging field.

@inproceedings{bib_Desi_2025, AUTHOR = {Agrawal , Saurabh and Das, Ashok Kumar and Anusha, Vangala and Kumar, Neeraj }, TITLE = {Designing Secure Location-based Authenticated Key Agreement Mechanism in Maritime Internet of Vessels for Big Data Analytics}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2025}}

Maritime communication, critical for global oceanic trade, faces challenges and opportunities with advancements in Information and Communication Technology (ICT). Traditional methods are susceptible to interception due to open channels, limited authentication, jamming, and other security risks. Securing vessel movements and locations in Internet of Vessels (IoV) is essential to prevent unauthorized data interception and tampering during transmission. We propose a ship authentication method using location-based secure keys to ensure the confidentiality of a vessel’s whereabouts. The proposed scheme’s robustness is validated through formal and informal security analyses, and formal verification using the Scyther automated verification tool, demonstrating its effectiveness against potential attacks in maritime networks. Comparative studies indicate that utilizing location-based keys maintains anonymity and untraceability without imposing significant computational or communication burdens. Experimental findings from comprehensive big data analytics and simulations using NS3 validate the scheme’s feasibility and performance.

@inproceedings{bib_Secu_2025, AUTHOR = {Das, Ashok Kumar }, TITLE = {Secure and Privacy-Preserving Quantum Authentication Scheme Using Blockchain Identifiers in Metaverse Environment}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2025}}

The metaverse, a collection of virtual worlds offering a variety of social activities mirroring real-life interactions, is garnering increasing attention. Consequently, the need to ensure security and privacy within these spaces has become paramount. Metaverse users can create multiple avatars, a feature that can be exploited to deceive or threaten others, leading to significant internal security concerns. Additionally, users in the metaverse are susceptible to several external security threats due to the public nature of their communications with service providers.To address these challenges, we propose a novel quantum authentication scheme leveraging blockchain technology, decentralized identifiers, and verifiable credentials. This scheme enables secure identity verification and authentication for metaverse users. By allowing users to independently prove their identity without relying on service providers, the proposed approach mitigates privacy concerns associated with the management of personal information. Furthermore, our scheme achieves mutual authentication between the user and the service provider, while also being resilient against a variety of attacks, including unconditional security breaches, replay attacks, eavesdropping, man-in-the-middle attacks, and impersonation attempts. With a computation time of 17.4608 ms and a communication cost of 872 bits, the suggested protocol outperforms current solutions and provides superior security for the metaverse environment during data transmission and storage. Furthermore, we examine the operational capabilities and security features using the latest technology and techniques.

@inproceedings{bib_BioK_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {BioKA-ASVN: Biometric-Based Key Agreement Scheme for Air-Smart Vehicular Networks Using Blockchain Service}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}

Air Smart Vehicular Networks (ASVNs) have become increasingly essentials in military and commercial industries in recent years, where drones are deployed to interact among each other via wireless medium in airspace due to their agility and versatility. ASVNs can form a closed loop from data perception to final execution by integrating communication devices, computation tools, and control modules. However, the used unencrypted and publicly available navigational signals like Global Positioning System (GPS) and communication over (public) insecure Internet connections, including wireless networks and WiFi, make ASVNs vulnerable to security breaches. Attackers can easily gain access to a drone's configuration and take control remotely, by launching various attacks such as GPS spoofing, false sensor data injection, maldrone malware injection, eavesdropping, man-in-the-middle, Denial-of-Service (DoS), replay, forgery, and Skyjack attacks. This paper proposes a robust and efficient multi-factor biometric-based security mechanism using blockchain as a service to address the security and privacy breaches in ASVNs. A comparative study demonstrates that the proposed scheme provides superior security and better functionality features with low communication and computation overheads as compared to the existing analogous schemes. The feasibility of the proposed scheme in real-life drone applications is also demonstrated through a real-time testbed and blockchain simulation. Furthermore, a detailed security analysis using the automated software validation tool, namely Scyther, verifies the proposed scheme's significant level of security

@inproceedings{bib_Prov_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Provably Secure Authentication Scheme for Fog Computing-Enabled Intelligent Social Internet of Vehicles}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}

Owing to the growth of the intelligent Internet of Vehicles (IoV), the notion of the Social Internet of Vehicles (SIoV) has emerged. SIoV is based on the intelligent IoV combined with social needs, and it uses existing vehicle self-organizing network technologies to enable in-vehicle social networking platforms. The rapid development of the Internet of Things (IoT) has led to an explosion in the number of in-vehicle electronic devices, external facilities, vehicles, and a massive amount of real-time data generated by these vehicles, devices, drivers, passengers, and other social relationships. This explosion has put tremendous load pressure on servers; hence, researchers have started to apply fog computing to SIoV to spread server overload. However, there are still a number of risks and challenges associated with SIoV. Therefore, we propose an authentication scheme for fog computing-enabled SIoV that guarantees user anonymity and security. Detailed security analysis proves that the proposed scheme can secure against known attacks. Finally, we evaluate the performance of our scheme, and the results show that it has excellent security, computation, and communication performances.

@inproceedings{bib_Secu_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Secure Lattice-Based Aggregate Signature Scheme for Vehicular Ad Hoc Networks}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}

The key factor accelerating the development of intelligent transportation and reduced traffic congestion is the vehicle ad hoc network (VANET). However, the swift upsurge in the diversity of vehicles puts the development of the vehicle network's safety system through plentiful glitches. To receive the messages promptly, attain the confidentiality of vehicle identity, and authentication swiftly in VANET, we present a new identity-based aggregate signature (IBAGS) system using the lattices. The proposed lattice-based method presented in this article combines the batch verification and aggregate signature scheme (ASS), which finishes the authentication of several vehicular units and aggregates multiple users' signatures into a single (compact) signature. This boosts the competence of the verification process. Furthermore, the vehicle pseudo-identities are also utilized to meet the goals of vehicle identity and privacy protection. Finally, dependable cloud storage technology efficiently enables the secure storing of message signatures. This article demonstrates the lower storage overhead and increases authentication efficiency while maintaining security compared to similar competing schemes.

@inproceedings{bib_A_Co_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {A Cost-efficient Anonymous Authenticated and Key Agreement Scheme for V2I-based Vehicular Ad-hoc Networks}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

The rise of smart cities is directly connected to the increasing use of vehicles. The growing vehicle utilization has driven the emergence of Vehicular Ad-hoc Networks (VANETs), facilitating instant information exchange among vehicles. The system provides essential information regarding road conditions, traffic patterns, and more relevant data. VANETs encompass two fundamental categories of communication exchanges, namely Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I). V2I technology facilitates the integration of cars and transportation infrastructure, enabling effective communication between vehicles and infrastructure. Nevertheless, the potential of V2I communication has various security concerns arising from prevalent security threats. Current authentication techniques encounter challenges regarding complexity, security, and privacy considerations. We designed a hash-based lightweight and anonymous authentication scheme to address the aforementioned restrictions and enhance the effectiveness of authentication in V2I architecture. This scheme effectively combines identity, password, and bio-metric to enhance resistance against impersonation, denial of service, and privileged insider attacks. The devised scheme distinguishes itself by a comparative analysis and security proofs, highlighting its superior capability in guaranteeing secure authentication in V2I communication. The comprehensive security analysis conducted formally and informally showcases the robustness of the proposed solution against several threats. The performance evaluation results show that our scheme demonstrates a decrease in the computational cost of 51.40% approximately and a reduction in communication overhead of around 22.57%. These results establish the efficiency and scalability of the proposed scheme as a viable solution for V2I architecture.

@inproceedings{bib_Quan_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Quantum Safe Lightweight Encryption Scheme for Secure Data Sharing in Internet of Nano Things}, BOOKTITLE = {Computers and Electrical Engineering}. YEAR = {2024}}

The Internet of Nano Things (IoNT) is increasingly recognized as a superior alternative to the Internet of Things (IoT) due to its inherent benefits. However, the security of IoNT remains an open challenge that needs to be addressed at various levels. Given the highly sensitive data shared in IoNT, the development of security protocols becomes imperative. Despite the emergence of some methodologies, many security aspects have been overlooked, and no concrete cryptosystems have been developed. In this paper, we propose an Identity-Based Encryption (IBE) scheme built on the Learning With Errors (LWE) assumption. We design a lightweight protocol with the consideration of resource-constrained devices involved in the IoNT network. The proposed scheme is resistant to various attacks, including side-channel analysis, replay attacks, man-in-the-middle attacks, plaintext and ciphertext attacks, ensuring unforgeability. Additionally, performance evaluation indicates that the proposed scheme outperforms existing ones in terms of computational and communication costs.

@inproceedings{bib_Smar_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Smart Contract-Based Access Control Scheme for Blockchain Assisted 6G-Enabled IoT-Based Big Data Driven Healthcare Cyber Physical Systems}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2024}}

6G (sixth-generation wireless), the successor to 5G cellular technology, operates at higher frequencies than its predecessor and supports significantly greater capacity and markedly reduced latency. Healthcare is treated as a complex system with various stakeholders, like doctors, patients, hospitals, pharmaceutical companies as well as healthcare decision-makers. The innovations in the Internet of Things (IoT) and incorporating emerging technology in the healthcare systems provide the quality of services to the people and save millions of lives. However, patient privacy and secure interchange of medical data from various healthcare providers need to be adequately addressed. Furthermore, incorporating blockchain in the healthcare system helps to make the system more transparent and secure due to inherent properties of the blockchain. In addition, Big Data analytics helps in analyzing large datasets from hundreds of patients, and then in identifying various clusters and correlation among datasets, and also in developing predictive models. In this paper, we aim to propose a new smart contract-based access control for 6G-enabled blockchain assisted in the healthcare system (in short, we call it as SACS). SACS provides a patient to communicate with its healthcare management authority securely and helps to interchange his/her medical information across healthcare providers. A detailed security analysis, experimental results and comparative study assure that the proposed SACS is secure by preventing possible active and passive attacks, andrequires less computational and communication costs as compared to those for other relevant competing schemes.

@inproceedings{bib_Secu_2024, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and Sikdar, Biplab }, TITLE = {Securing Next-Generation Quantum IoT Applications using Quantum Key Distribution}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2024}}

The next generation of Quantum Internet of Things (QIoT) has the potential to revolutionize various sectors, including smart homes, health-care, and smart cities, by enabling more sophisticated and interconnected systems. These applications incorporate advanced features, such as autonomous decision-making based on Quantum Artificial Intelligence and Machine Learning (QAI/ML) and context-aware functionality. The security of the data in these applications relies on traditional cryptographic techniques, which, however, face a growing threat due to the significant advancements in quantum computing, especially with the Shor's algorithm. This algorithm poses a substantial risk of breaking conventional cryptographic methods within a feasible timeframe. To address these emerging security challenges in the quantum realm, we propose a Quantum Key Distribution (QKD) based on the BB84 protocol. This approach aims to provide robust authentication using certificates through a classical channel and secure quantum key exchange via a quantum channel in a public environment. The proposed QKD scheme is implemented using a client-server model in Python and Qiskit, demonstrating its practicality in real-world applications. The obtained results showcase the successful establishment of a secure session key between IoT smart (sensor) devices and gateway nodes, effectively mitigating potential threats such as eavesdropping.

@inproceedings{bib_Bloc_2024, AUTHOR = {Gautam, Deepika and Das, Ashok Kumar }, TITLE = {Blockchain Assisted Intra-twin and Inter-twin Authentication Scheme for Vehicular Digital Twin System}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

The potency of digital twins to mitigate the shortcomings of traditional mobility systems, such as Vehicular Adhoc Network (VANET) can reconfigure it into an intelligent transportation domain with bolstered processing, storage capabilities and decision-making abilities. The vehicular digital network is emerging as the industrial revolution, where each real-mobile entity (i.e., vehicle) is connected in the virtual environment through their digital replica, known as a digital twin. The real-time data synchronization in the digital twin-centric approach is achieved via an open communication channel. Unfortunately, leveraging the virtual-reality synthesized security perils in the network which consequently obligates rigorous privacy and security countermeasures such as authentication, encryption and signature techniques. In this paper, we have suggested a blockchain-based authentication framework for intra-twin and inter-twin communication in vehicular digital twin networks, and the integrated blockchain in the system assures data compactness and verifiability. The security of the protocol is investigated under the real or random oracle model (ROR) and is confirmed secure with non-mathematical security analysis. Eventually, the operational competences and functionality features are inspected with relevant state-of-the-arts. The findings of study states excel computation and communication overhead of suggested system than others and is seemly for vehicular digital twin network.

@inproceedings{bib_Gene_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Generic Quantum Blockchain-Envisioned Security Framework for IoT Environment: Architecture, Security Benefits and Future Research}, BOOKTITLE = {IEEE Open Journal of the Computer Society}. YEAR = {2024}}

Quantum cryptography has the potential to secure the infrastructures that are vulnerable to various attacks, like classical attacks, including quantum-related attacks. Therefore, quantum cryptography seems to be a promising technology for the future secure online infrastructures and applications, like blockchain-based frameworks. In this article, we propose a generic quantum blockchain-envisioned security framework for an Internet of Things (IoT) environment. We then discuss some potential applications of the proposed framework. We also highlight the security advantages of quantum cryptography-based systems. We explain the working of blockchain, applications of blockchain, types of blockchain, the structure of blockchain, the structure of blockchain in a classical blockchain, and the structure of a block in a quantum blockchain context. Next, the adverse effects of quantum computing on the security of blockchain-based frameworks are highlighted. Furthermore, the comparisons of quantum cryptography-based security schemes, like quantum key distribution, quantum digital signature, and quantum hashing schemes, are provided. Finally, some future research directions related to the designed generic quantum blockchain-envisioned security framework for IoT are provided.

@inproceedings{bib_SAWP_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {SAWPS: Secure Access Control for Wearable Plant Sensors: Reinforcing Agriculture 4.0}, BOOKTITLE = {IEEE Sensors Journal}. YEAR = {2024}}

The deployment of Agriculture 4.0 depends heavily on the adoption of the Internet of Things (IoT) and wireless sensors for increasing productivity and reducing costs of cultivation. Wearable plant sensors (WPSs), an IoT variant, can greatly optimize agricultural yields, sense early indications of disease, reduce waste, and minimize environmental concerns. Nonetheless, the induction of WPS into the plant fields always remains precarious for its open nature. We can witness many authentication protocols for agriculture setting, yet inefficient or insecure due to their vulnerability to known attacks. Most of these protocols lack privacy and perfect forward secrecy (PFS)-based significant features and are not suited for agricultural fields due to the utilization of complex crypto-primitives. Thus, to realize Agriculture 4.0 objectives, novel security solutions based on ultralight crypto-primitives are required. We propose an authentication protocol (SAWPS) for WPSs using Chinese remainder theorem (CRT) that is not only lightweight but also ensures privacy and PFS features. Moreoever, SAWPS is resistant to known attacks, including denial of service (DoS), ephemeral secret leakage, man-in-the-middle, impersonation, and forgery threats. The theoretical evaluation along with formal analysis based on real-or-random (RoR) model is provided for correctness and security. The performance results demonstrate efficiency and effectiveness of SAWPS over the comparative studies.

@inproceedings{bib_A_se_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {A secure authentication protocol for remote patient monitoring in an internet-of-medical-things environment }, BOOKTITLE = {Security and Privacy}. YEAR = {2024}}

nternet of Medical Things (IoMT) enable users to avail healthcare services remotely. In IoMT, sensor nodes (SNs), like blood pressure sensors and temperature sensors, collect health data from patients and communicate it to Health Workers (HWs) such as doctors, nurses, and so on. The HWs cater to the patients remotely, known as remote patient monitoring (RPM), by using data obtained from SNs. The communicated health data between SNs and HWs are sensitive in nature. Leakage and modification of such data leads to huge consequences, particularly patient death during medical emergencies. Hence, ensuring mutual authentication along with data integrity and privacy is of utmost important in the healthcare domain. In the literature, many authentication protocols are presented for healthcare applications specific to IoMT-RPM. But, most of the existing approaches fail to provide adequate security against well-known attacks includes impersonation and man-in-the-middle attacks. In this paper, we propose a privacy preserving authentication protocol for IoMT-RPM which is secure against various known attacks. We present a rigorous formal security analysis of our protocol under the extended Canetti-Krawczyk (eCK) adversary model. In addition, we also perform formal verification using Tamarin Prover, a symbolic formal analysis tool. The results show that the proposed protocol is secure under eCK-adversary model. We then present the comparative performance analysis to show the efficiency of the proposed protocol over the existing protocols. As a result, the proposed protocol provides high security without compromising the performance over the existing protocols, and therefore, our protocol is very much suitable for real-time applications.

@inproceedings{bib_ECC-_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {ECC-PDGPP: ECC-Based Parallel Dependency RFID-Grouping-proof Protocol using Zero-Knowledge Property in Internet of Things Environment}, BOOKTITLE = {IEEE Open Journal of the Computer Society}. YEAR = {2024}}

Radio Frequency Identification (RFID) promotes the fundamental tracking procedure of the Internet of Things (IoT) network due to its autonomous data collection as well as transfer incurring low costs. To overcome the insecure exchange of tracking data and to prevent unauthorized access, parallel dependency RFID grouping-proof protocol is applied by the reader to authenticate tags simultaneously. However, conventional grouping-proof authentication schemes are not sufficient for the memory constraint RFID tags due to the recurrent utilization of a 128-bit PRNG (Pseudo Random Number Generator) function. Alternatively, the existing parallel-dependency grouping-proof schemes are not able to overcome numerous limitations regarding session establishment, efficient key management, and multicast message communication within the specified group. In this research, a lightweight, secure, and efficient communication protocol is proposed to overcome the aforementioned limitations using Elliptic Curve Cryptography (ECC) and Zero-Knowledge property to establish a session key among the participated tags, reader, and remote server. The proposed scheme can work in offline mode. The proposed ECC-based parallel dependency grouping-proof scheme is referred to as ECC-PDGPP which abides by the rules of the EPC class-1 gen-2 (C1 G2) standard of RFID tags. Finally, the proposed protocol is analyzed using a formal random oracle model and simulated using a well-known AVISPA simulation tool that shows the proposed scheme is well protected against all potential security threats.

@inproceedings{bib_Arch_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Architectures, Benefits, Security and Privacy Issues of Internet of Nano Things: A Comprehensive Survey, Opportunities and Research Challenges}, BOOKTITLE = {IEEE Communications Surveys and Tutorials}. YEAR = {2024}}

The Internet of Things (IoT) has profoundly impacted today’s world. Recent technological advancements in the Internet and Information Communication (ICT) have paved the way for revolutionary technologies, making life easier for humankind. IoT has found applications in almost every sector, enabling the connectivity of digital objects to the Internet. This technology has undergone significant advancements, leading to the emergence of a new paradigm called the Internet of Nano Things (IoNT). IoNT represents the latest evolution of IoT and has garnered attention from researchers and scientists. By combining nanotechnology with IoT, IoNT offers a more advanced paradigm than its generic counterpart, potentially reshaping the current IoT landscape. However, these limitless benefits come with challenges that persist in both IoT and the emerging IoNT ecosystem. Moreover, additional challenges need to be addressed due to the miniature nature and novelty of the IoNT ecosystem. The lack of research in the field of IoNT has motivated us to undertake this study. Our research aims to highlight the security and privacy challenges specific to IoNT and nano communication. Furthermore, we examine important architectures related to IoNT, nanoscale communication, real-life applications of IoNT, as well as simulators and testbeds useful for IoNT. We also address challenges associated with the incorporation of novel technologies, primarily Artificial Intelligence (AI), into IoNT. To achieve this, we provide a detailed review of existing works related to the IoNT ecosystem, emphasizing security and privacy concerns. Additionally, we explore the opportunities and future directions for IoNT, serving as a reference for further research.

@inproceedings{bib_Quan_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Quantum Secure Disease Surveillance Through Private Set Intersection}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2024}}

The healthcare pandemic (for instance, the recently ongoing Coronavirus disease (COVID-19) pandemic) presented a challenge for researchers to find novel techniques to limit the transmission of the virus. In this context, contact tracing has emerged as an important method to curb the spread of disease. Although it can help combat disease outbreaks, if the contact tracing is executed without careful consideration then it could jeopardize the users’ privacy. The cryptographic technique, private set intersection (PSI) appears to be a logical solution. However, many existing PSI protocols rely on the security of number theory based problems, which are vulnerable in the quantum domain. Therefore, to address this issue we present a PSI protocol (namely qPSI) based on quantum cryptography. The communication and computational costs of existing schemes depend on the universal set size N. In comparison, qPSI requires computational and communication costs, which are independent of the universal set size N. Moreover, the existing Bloom filter based quantum PSI does not provide the exact intersection due to high false positive rate of the Bloom filter of server’s private set, whereas qPSI is not affected by the false positive rate and provides the exact set intersection. In addition, quantum PSI protocols use multi-particle entangled state or N single photons, and complicated oracle operators in N-dimensional Hilbert space. On the other hand, qPSI only utilizes single-photon quantum resources and projective measurements operations over a 2-dimensional Hilbert space. Therefore, qPSI is simple and efficient when compared to other existing PSI protocols in the state-of-the-art.

@inproceedings{bib_Anon_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Anonymous and Reliable Ultralightweight RFID-enabled Authentication Scheme for IoT Systems in Cloud Computing}, BOOKTITLE = {Computer Networks}. YEAR = {2024}}

With the continuing growth in various research domains such as Artificial Intelligence (AI), Machine Learning (ML), Big Data Analytics (BDA), and Cloud Computing (CC), the Internet of Things (IoT) has become a popular technology nowadays. It provides a virtual interaction between physical objects and the cyber world over the Internet without human intervention. The IoT devices are embedded with sensors, software, or some other useful technologies for connecting, sharing, and exchanging data with other devices. Among recent technologies impacting human lives, Radio Frequency IDentification (RFID) has become a core identification technology that can be integrated into the IoT environments which connect billions of things or objects. However, an RFID system has two major issues: (i) an adversary can tamper or intercept the sensitive information of the RFID tags, which may cause forgery and privacy problems, and (ii) RFID tags have limited computational power capability which makes it challenging to use current security solutions. To deal with these issues, we propose an anonymous and reliable ultralightweight RFID-enabled authentication scheme (namely Anon AS) for IoT systems in a cloud computing environment. Anon AS integrates bitwise exclusive-OR, left–right rotations, and ultralightweight - operation, to reduce computational overheads on tag. The Anon AS provides stronger security (by preventing several attacks) and improves performance concerning low computational, communication, and storage costs. Also, it preserves information privacy and tags untraceability property by using Vaudenay privacy model. The Scyther simulation tool verification has been performed for its formal security analysis. The performance analysis ensures our Anon AS scheme is preferable for low-cost RFID systems.

@inproceedings{bib_Quan_2024, AUTHOR = {Babu, Ponnuru Raveendra and Kumar, Sathish A.P. and Reddy, Alavalapati Goutham and Das, Ashok Kumar }, TITLE = {Quantum secure authentication and key agreement protocols for IoT-enabled applications: A comprehensive survey and open challenges}, BOOKTITLE = {Computer Science Review}. YEAR = {2024}}

This study provides an in-depth survey of quantum secure authentication and key agreement protocols, investigating the dynamic landscape of cryptographic techniques within the realm of quantum computing. With the potential threat posed by quantum computing advancements to classical cryptographic protocols, the exploration of secure authentication and key agreement in the quantum era becomes imperative for safeguarding communication systems. The research scrutinizes evolving methodologies and innovations designed to enhance the security of authentication processes and key agreements in the context of quantum computing. A comprehensive examination of existing protocols is conducted, elucidating their strengths, limitations, and potential vulnerabilities. The research includes a comparative assessment of security features and computational burdens associated with various quantum secure authentication and key agreement protocols. The survey concludes by underscoring the urgent need for further research in the development of secure and efficient quantum cloud computing environments, as well as lightweight post-quantum cryptographic primitives, to ensure the viability of quantum secure authentication protocols on a universal scale. This comprehensive overview serves as a valuable resource for researchers, practitioners, and policymakers in the rapidly evolving field of quantum secure communication.

@inproceedings{bib_Prov_2024, AUTHOR = {Awais, Syed Muhammad and Yucheng, Wu and Mahmood, Khalid and Badar, Hafiz Muhammad Sanaullah and Kharel, Rupak and Das, Ashok Kumar }, TITLE = {Provably secure fog-based authentication protocol for VANETs}, BOOKTITLE = {Computer Networks}. YEAR = {2024}}

The integration of fog computing and vehicular ad-hoc networks (VANETs) has become increasingly important due to advancements in cloud computing, Internet of Things (IoT) technologies, and intelligent transportation systems. However, ensuring secure communication in fog-based VANETs poses a significant challenge. To address this challenge, we propose a novel authenticated key agreement protocol that achieves mutual authentication, generates a secure session key for confidential communication, and ensures privacy protection without relying on bilinear pairing. We provide rigorous security proofs for our protocol, specifically tailored for fog-based VANETs, demonstrating its ability to meet their stringent security requirements. Simulations using NS3 allow for a comprehensive performance evaluation, providing insights into the protocol’s efficiency and scalability. Additionally, our protocol is highly efficient, featuring low computation and communication costs, thereby offering a practical and scalable solution for secure communication in fog-based VANETs.

@inproceedings{bib_Ligh_2024, AUTHOR = {ZAHOOR, AMINA and MAHMOOD, KHALID and SALEEM, MUHAMMAD ASAD and BADAR, HAFIZ MUHAMMAD SANAULLAH and LE, TUAN-VINH and Das, Ashok Kumar }, TITLE = {Lightweight Authenticated Key Agreement Protocol for Smart Power Grid Systems Using PUF}, BOOKTITLE = {IEEE Open Journal of the Communications Society}. YEAR = {2024}}

The Smart Power Grid (SPG) is pivotal in orchestrating and managing demand response in contemporary smart cities, leveraging the prowess of Information and Communication Technologies (ICTs). Within the immersive SPG environment, the ubiquitous deployment of smart meters stands as a testament to their paramount importance in the realm of vigilant monitoring and oversight. These smart meters are installed on high-tension electricity lines and transmit information about electricity outages and other issues to the utility center. To access services from utility centers, smart meters need to communicate securely over a public channel, even though the network itself is insecure. However, potential attacks from adversaries (Ad) can exploit this communication. Therefore, protecting this communication is of utmost importance. Several privacy-preserving authentication protocols designed for SPG have been introduced in the literature. Nevertheless, a significant number of these protocols exhibit vulnerabilities to diverse security attacks. This article introduces a lightweight and anonymous authentication protocol specifically designed to address these concerns in the SPG environment. Our protocol ensures both security and efficiency, surpassing other comparable protocols in terms of its lightweight nature. By employing both formal and informal analysis, we showcase the robustness of our protocol against significant attacks while remaining lightweight. The proposed protocol provides added security features and incurs 23.8879% lower computation cost than related protocols. Consequently, our protocol is highly suitable for implementation in the SPG system.

@inproceedings{bib_Secu_2024, AUTHOR = {Thapliyal, Siddhant and Wazid, Mohammad and Singh, Devesh Pratap and Chauhan, Ramji and Mishra, Amit Kumar and Das, Ashok Kumar }, TITLE = {Secure Artificial Intelligence of Things (AIoT)-enabled authenticated key agreement technique for smart living environment}, BOOKTITLE = {Computers and Electrical Engineering}. YEAR = {2024}}

The use of Internet of Things (IoT) devices in Artificial Intelligence of Things (AIoT) applications has generated significant interest in recent years. AIoT security comes under cybersecurity, which focuses on protecting cloud-based, internet-connected hardware, also known as IoT devices and the networks they are connected to. As the waste of energy is one of the major issues in the world each day, we waste a lot of energy through various sources. A certain light-controlling mechanism can be implemented to reduce the unnecessary power consumption load over the sources. In this paper, a secure artificial Intelligence of Things (AIoT)-enabled authenticated key agreement technique for a smart living environment is proposed (in short, SAIoT-SL). The unique feature of the proposed SAIoT-SL is that it provides secure data transmissions throughout the communication of servers (i.e., cloud servers), users, and sensors. The conducted security analysis and formal security verification (through Scyther tool) prove the resilience of the proposed SAIoT-SL against various potential attacks. In the end, a practical implementation of the proposed SAIoT-SL is also provided to check its impact on real-world scenarios. In the conducted comparative study, it has been identified that the proposed SAIoT-SL outperformed the other existing techniques.

@inproceedings{bib_A_Se_2024, AUTHOR = {Mahmood, Khalid and Ghaffar, Zahid and Farooq, Muhammad and Yahya, Khalid and Das, Ashok Kumar and Chaudhry, Shehzad Ashraf }, TITLE = {A Security Enhanced Chaotic-Map based Authentication Protocol for Internet of Drones}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2024}}

The Internet of Drones (IoD) extends the capabilities of unmanned aerial vehicles, enabling them to participate in a connected network. In IoD infrastructure, drones communicate not only among themselves but also with users and a control center. This interconnected communication framework holds promise for various applications, from collaborative decision-making to real-time data exchange. However, the expansion of communication in IoD also introduces new challenges, particularly in terms of security, privacy and authentication. Unfortunately, the current authentication protocols are inadequate in offering robust security features against various attacks in the IoD environment. To address these security issues and limitations, we proposed a secure protocol for the IoD environment using chaotic maps and hash functions. In addition, we also employed a physically unclonable function in the development of the proposed protocol. We assess the security of the protocol through both informal and formal security analysis. The formal security analysis is conducted through a widely used random or real (RoR) model. The informal analysis shows the rigorous security features against various attacks, such as masquerading, anonymity violation, and physical cloning attacks. Moreover, we compare the performance of the devised protocol with similar existing protocols across important performance parameters, such as communication overhead, computation overhead, and security features. The devised protocol provides a 67.86% and 17.80% reduction in computation and communication overheads, respectively, as compared to related protocols. The analysis demonstrates the proposed protocol’s capacity to support secure communication in the IoD environment and satisfy desirable security attributes.

@inproceedings{bib_A_Se_2024, AUTHOR = {Chen, Chien-Ming and Chen, Zhaoting and Das, Ashok Kumar and Chaudhry, Shehzad Ashraf }, TITLE = {A Security-Enhanced and Ultralightweight Communication Protocol for Internet of Medical Things}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2024}}

With the emergence, development, and maturity of various Internet technologies, the healthcare industry is also trying to integrate with these technologies to provide more convenient healthcare services to patients by establishing telemedicine to develop and continuously improve the public healthcare system. Various protocols were proposed in the recent past to provide attack resistance in addition to computational efficiency; however, several such protocols were proved inefficient or prone to one or more attacks. Some of these protocols lack user anonymity and privacy. Keeping in consideration the flaws of existing protocols, in this article, we propose an efficient and secure protocol based on extremely lightweight symmetric key operations. In addition, we provide formal and informal analyses to demonstrate the protocol’s security. Moreover, to measure the efficiency of the proposed protocol, we conducted a real-time experiment, which confirms that the proposed protocol completes an authentication round in 117.1071 ms with an exchange of four messages and 2592 bits among the three participating entities. Finally, by comparing it with other protocols, we show that the proposed protocol has significant security advantages and performance benefits.

@inproceedings{bib_Priv_2024, AUTHOR = {Rao, Patruni Muralidhara and Vangala, Anusha and Pedada, Saraswathi and Das, Ashok Kumar and Vasilakos, Athanasios V. }, TITLE = {Privacy-Preserving Lightweight Authentication for Location-Aware Edge-Enabled eHealth Systems}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2024}}

With the rapid advancements in the Internet of Things (IoT), edge computing has a significant role in many eHealth applications. However, security and data privacy are major challenges due to the widespread popularity of the digital health domain. The network and data storage should withstand adversarial entities and allow access to only legitimate users. Medical users and servers must be registered with a trusted third-party authority to obtain permissions to authenticate remaining users. Millions of smart medical devices connect online to collect critical patient information, analyze reports, and perform meaningful decisions without human interaction. In this scenario, standard security is essential to safeguard eHealth applications. This research provides a secured, lightweight mobile edge computing framework to address these issues. The empirical results show that our framework mitigates computational overheads. The informal and formal analysis shows that our framework withstands potential attacks.

@inproceedings{bib_A_Se_2024, AUTHOR = {Wazid, Mohammad and Mishra, Amit Kumar and Mohd, Noor and Das, Ashok Kumar }, TITLE = {A Secure Deepfake Mitigation Framework: Architecture, Issues, Challenges, and Societal Impact}, BOOKTITLE = {Cyber Security and Applications}. YEAR = {2024}}

Deepfake refers to synthetic media generated through artificial intelligence (AI) techniques. It involves creating or altering video, audio, or images to make them appear as though they depict something or someone else. Deepfake technology advances just like the mechanisms that are used to detect them. There’s an ongoing cat-and-mouse game between creators of deepfakes and those developing detection methods. As the technology that underpins deepfakes continues to improve, we are obligated to confront the repercussions that it will have on society. The introduction of educational initiatives, regulatory frameworks, technical solutions, and ethical concerns are all potential avenues via which this matter can be addressed. Multiple approaches need to be combined to identify deepfakes effectively. Detecting deepfakes can be challenging due to their increasingly sophisticated nature, but several methods and techniques are being developed to identify them. Mitigating the negative impact of deepfakes involves a combination of technological advancements, awareness, and policy measures. In this paper, we propose a secure deepfake mitigation framework. We have also provided a security analysis of the proposed framework via the Scyhter tool-based formal security verification. It proves that the proposed framework is secure against various cyber attacks. We also discuss the societal impact of deepfake events along with its detection process. Then some AI models, which are used for creating and detecting the deepfake events, are highlighted. Ultimately, we provide the practical implementation of the proposed framework to observe its functioning in a real-world scenario.

@inproceedings{bib_AKM-_2024, AUTHOR = {Karnatak, Vijay and Mishra, Amit Kumar and Wazid, Mohammad and Das, Ashok Kumar and Guizan, Mohsen and Shetty, Sachin }, TITLE = {AKM-FCCI: Secure Authentication and Key Management Mechanism for Fog Computing-Based IoT-Driven Critical Infrastructure}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2024}}

Critical infrastructure refers to the key systems, assets, and facilities, whether they are physical or virtual, that are necessary for the overall functioning of a country. As our reliance on technology and networked systems continues to expand, so does the significance of taking precautions to protect critical infrastructure from being compromised by cyberattacks. We need some security schemes to secure the communication happening in the critical infrastructure devices. Therefore, in this paper, we focus on the design of an authentication and key establishment scheme, which is used in the critical infrastructure to secure its data transmissions. A secure authentication and key management mechanism for fog computing-based IoT-driven critical infrastructures (in short, AKM-FCCI) is proposed in the paper. We then provide the network model and threat model of the proposed AKM-FCCI to explain its deployment and organization of devices and servers. The threat model further explains the various threats of this communication environment. In addition, the security analysis of AKM-FCCI is presented to demonstrate that it is secure against the many different kinds of attacks that could be launched against it. The comparisons demonstrate that the performance of AKM-FCCI is superior to that of the other currently used schemes. In addition to that, it offers a high level of security and utility. Therefore, the proposed AKM-FCCI is appropriate for use in protecting critical infrastructure equipment against a wide variety of threats.

@inproceedings{bib_An_E_2024, AUTHOR = {Aakash, and Mittal, Saksham and Wazid, Mohammad and Mishra, Amit Kumar and Das, Ashok Kumar and Shetty, Sachin and Guizani, Mohsen }, TITLE = {An Effective Mechanism for Phishing Attack Detection}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2024}}

In the present era, the increasing number of network devices and ubiquitous computing leads to the flow of enormous amounts of data traffic, including sensitive and confidential information, on the internet and carrying out commercial and banking transactions online. This gives cybercriminals an opportunity to launch an attack like phishing to steal confidential information from the user and gain unauthorized access. This can be mitigated by the help of an intelligent machine learningbased phishing detection system, which can detect potential phishing attacks and take appropriate action. In this paper, we have addressed this major cyber issue and proposed a machine learning-based phishing detection scheme (in short, EM-PAD), which is trained on a benchmark dataset and evaluated on standard metrics: F1-score and Accuracy. The proposed model is compared with different existing schemes based on Accuracy, indicating that it has outperformed them with remarkable results.

@inproceedings{bib_Desi_2024, AUTHOR = {Saha, Sourav and Das, Ashok Kumar and Mittal, Saksham and Wazid, Mohammad }, TITLE = {Designing Secure Big Data Analytics Mechanism Using Authentication for Drones-Assisted Military Applications}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2024}}

@inproceedings{bib_Secu_2024, AUTHOR = {Agrawal , Saurabh and Vangala, Anusha and Das, Ashok Kumar and Kumar, Neeraj and Shetty, Sachin and Das, Sajal K. }, TITLE = {Secure Location-Based Authenticated Key Establishment Scheme for Maritime Communication}, BOOKTITLE = {International Conference on Communications}. YEAR = {2024}}

Maritime communication helps vessels and ports plan their movements, exchange environmental information, and communicate among themselves. The vessels' movement and changing location are critical to keep them secure from data interception and data tampering by unauthorized parties during transmission. To secure maritime communication, we propose a novel lightweight authentication scheme sensitive to the current ship location. We assess the effectiveness of the proposed protocol in defending against a range of security threats while keeping communication and computation costs low, and meeting the desired security and functional requirements of anonymity and untraceability. The detailed security analysis using the widely accepted Scyther tool demonstrates that location-based keys as proposed in our protocol are secure against location inference and spoofing attacks among others.

@inproceedings{bib_Desi_2024, AUTHOR = {PRAJAPAT, SUNIL and KUMAR, PANKAJ and KUMAR, SANDEEP and Das, Ashok Kumar and SHETTY, SACHIN and HOSSAIN, M. SHAMIM }, TITLE = {Designing High-Performance Identity-Based Quantum Signature Protocol With Strong Security}, BOOKTITLE = {IEEE Access}. YEAR = {2024}}

Due to the rapid advancement of quantum computers, there has been a furious race for quantum technologies in academia and industry. Quantum cryptography is an important tool for achieving security services during quantum communication. Designated verifier signature, a variant of quantum cryptography, is very useful in applications like the Internet of Things (IoT) and auctions. An identity-based quantum-designated verifier signature (QDVS) scheme is suggested in this work. Our protocol features security attributes like eavesdropping, non-repudiation, designated verification, and hiding sources attacks. Additionally, it is protected from attacks on forgery, inter-resending, and impersonation. The proposed scheme benefits from the traditional designated verifier signature schemes. In the proposed scheme, the signer encrypts a message with his or her private key, and the designated verifier validates the accompanying QDVS using the signer’s public key, which is the signer’s name or email address, which makes the quantum signature system’s key management simpler. It uses an entangled state while signing and verifying the signature; however, the verifier is not required to compare quantum states. A detailed comparison analysis with other similar schemes provides more security for the proposed scheme. Furthermore, the proposed scheme’s effectiveness and feasibility are validated using quantum simulations.

@inproceedings{bib_Priv_2024, AUTHOR = {Reddi, Sivaranjani and Rao, Patruni Muralidhara and Saraswathi, Pedada and Jangirala, Srinivas and Das, Ashok Kumar and Jama, Sajjad Shaukat and Park, Youngho }, TITLE = {Privacy-Preserving Electronic Medical Record Sharing for IoT-Enabled Healthcare System Using Fully Homomorphic Encryption, IOTA, and Masked Authenticated Messaging}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2024}}

A significant evolution in healthcare recently uses technological advancements to perform different activities, such as patient electronic medical records (EMRs) data gathering, preserving, processing, diagnosis, and handling. The adaptation of the Internet of Things (IoT) and cloud has further facilitated the enhancement of related healthcare systems, which can considerably improve data connectivity, accessibility, and exchange, which leads to a significant improvement in the quality of services to patients. Furthermore, scientific computations over data in transmission can be exposed to adversaries and may reveal private data for financial benefit. This article uses the Cheon-Kim-Kim-Song fully homomorphic encryption scheme and IOTA Tangle using masked authenticated messaging (MAM) protocol to provide secure communication between patient and doctor. CKKS-FHE-based data encryption provides data privacy, and secured EMRs sharing through IOTA Tangle guarantees data confidentiality. The performance of this work is analyzed in terms of encryption and decryption time, and payload sharing using MAM and NON-MAM protocols results in evidence of the effectiveness of the approach and improves overall security. The proposed scheme performs better overall computation time and performance than other relevant schemes. Further, the security analysis shows that the proposed system is resilient to data immutability and integrity, forward secrecy, and passive and active attacks.

@inproceedings{bib_A_Se_2024, AUTHOR = {KUMAR, PANKAJ and BHARMAIK, VIVEK and PRAJAPAT, SUNIL and THAKUR, GARIMA and Das, Ashok Kumar and SHETTY, SACHIN and RODRIGUES, JOEL J. P. C. }, TITLE = {A Secure and Privacy-Preserving Signature Protocol Using Quantum Teleportation in Metaverse Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2024}}

The burgeoning concept of the metaverse as an interconnected virtual space represents the forefront of the next-generation internet. Quantum teleportation, known for its prowess in ensuring secure and reliable communications, stands poised to revolutionize interactions within this immersive digital realm. In this context, we propose a comprehensive interaction protocol tailored for the metaverse environment. The designed protocol entails two fundamental components: first, the interaction between a user and their avatar, facilitated by a secure seven-qubit entangled state; and second, the interaction between two avatars, enabled through an efficient two-qubit entangled state. To fortify the protocol’s resilience, quantum key distribution (QKD) is employed for secure key sharing, while a trusted certificate authority serves as an essential entity for signature verification. Through rigorous safety and efficiency analysis, we demonstrate the protocol’s robustness and performance, ensuring adherence to fundamental security properties such as unforgeability, undeniability, verifiability and traceability. By seamlessly integrating quantum teleportation principles with the metaverse environment, our protocol not only enhances security but also unlocks novel avenues for interaction and exploration within this digital frontier.

@inproceedings{bib_Digi_2024, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and Sikdar, Biplab }, TITLE = {Digital Twins-Empowered Secure Network Slice Access and Isolation for Consumer Healthcare Applications}, BOOKTITLE = {IEEE Transactions Services Computing}. YEAR = {2024}}

Existing wireless infrastructure and networks are unable to meet the diverse Quality of Service (QoS) demands inherent in a wide range of consumer healthcare applications (CHAs). In this context, the adoption of fifth generation of wireless cellular technology (5G)/Beyond fifth-generation (B5G)-based network slicing technology has become pivotal for CHAs. It facilitates the creation of multiple virtual networks on a shared physical infrastructure by catering to distinct QoS requirements, where digital twins (DTs) are providing a virtual representation and management framework for healthcare smart devices, services, and applications within network slices. This allows different services and applications to coexist. However, network slicing has to address various security concerns, including securing slice access, enabling secure inter-slice communication, ensuring slice isolation within the shared physical network with DTs, and authenticating end users. To address these challenges, we propose a security mechanism that is specifically designed to safeguard network slice access and isolation in CHAs empowered by DTs, where only legitimate devices with corresponding digital twins and matching attributes are granted access. The proposed model incorporates the use of digital certificates for authenticating both slice access and devices by providing enhanced slice isolation to mitigate unauthorized access. Through a detailed comparative assessment, we demonstrate that the proposed scheme offers superior security and improved functionality attributes, while maintaining low communication costs as compared to those for other similar existing schemes. Furthermore, we validate the feasibility of our scheme through testbed

@inproceedings{bib_A_Se_2024, AUTHOR = {Kwon, Deokkyu and Son, Seunghwan and Kim, MyeongHyun and Lee, JoonYoung and Das, Ashok Kumar and Park, Youngho }, TITLE = {A Secure Self-Certified Broadcast Authentication Protocol for Intelligent Transportation Systems in UAV-assisted Mobile Edge Computing Environments}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

Unmanned Aerial Vehicle(UAV)-assisted mobile edge computing(MEC) ensures continuous MEC services by promptly restoring overloaded or disabled MEC infrastructure. Equipped with sufficient computing resources, UAVs deploy to areas needing MEC, such as task offloading and entertainment services. However, in areas with paralyzed edge nodes, vehicle users are unable to verify the legitimacy of UAVs as they cannot access to the trusted authority(TA). Furthermore, the integrity of UAV-assisted MEC environments can be compromised by malicious attackers, as all network participants rely on wireless communication for their interactions. Many authentication schemes have been proposed for UAV environments. However, these schemes encounter a problem of having to communicate through TA for authentication with vehicle users, which makes them difficult to apply to UAV-assisted MEC environments. Therefore, we propose a new broadcast authentication protocol, which can recover MEC services using MEC-equipped UAVs. The proposed protocol can provide UAVs and vehicle users with high reliability via a self-certified public-key cryptosystem, which can verify the legitimacy of the communication partner without the TA. Moreover, we guarantee the user privacy and preserve sensitive information using biohash technology. We verify the security robustness of the proposed protocol using various simulation tool, informal, and formal analyses. We also estimate the practical deployment of the proposed protocol using “Network Simulator-3”. Moreover, we estimate the computation and communication overheads and compare with other existing protocols. The results show that the proposed protocol is feasible and provides users with convenient and seamless intelligent transportation services in UAV-assisted MEC environments.

@inproceedings{bib_Quan_2024, AUTHOR = {Prajapat, Sunil and Kumar, Pankaj and Kumar, Dheeraj and Das, Ashok Kumar and Hossain, M Shamim and Rodrigues, Joel J. P. C. }, TITLE = {Quantum Secure Authentication Scheme for Internet of Medical Things Using Blockchain}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2024}}

The Internet of Medical Things (IoMT) is a compelling networking paradigm integrating wireless communications sensors, connected devices, and embedded computing technologies. The IoMT involves the collection of real-time health data using sophisticated medical sensors. In recent years, the IoMT has become increasingly significant within the broader context of the Internet of Things (IoT). It provides accessibility for health monitoring and poses security obstacles to safeguarding the confidentiality and privacy of patient data. Therefore, this article presents a blockchain-integrated quantum authentication scheme in sensor-assisted IoMT networks. The proposed concept utilizes blockchain technology to achieve efficient patient authentication without the need for third-party entities. In addition, a secure quantum authentication scheme is designed not to require patients to authenticate themselves when communicating with multiple doctors simultaneously. This protocol explicitly addresses how clinicians can misuse their professional roles toward patients in IoMT networks. An evaluation analysis assesses the proposed technique’s efficacy compared to existing authentication schemes. The performance analyses demonstrate that the proposed protocol is resilient against various security attacks. Also, the practical usability of the quantum authentication scheme proved its importance as a significant improvement in communication security for IoMT networks.

@inproceedings{bib_Prov_2024, AUTHOR = {Awais, Syed Muhammad and Yucheng, Wu and Mahmood, Khalid and Alenazi, Mohammed J. F. and Bashir, Ali Kashif and Das, Ashok Kumar }, TITLE = {Provably Secure and Lightweight Authentication and Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

The increase in popularity of vehicles encourages the development of smart cities. With this advancement, vehicular ad-hoc networks, or VANETs, are now frequently utilized for inter-vehicular communication to gather data regarding traffic congestion, vehicle location, speed, and road conditions. Such a public network is open to various security risks. Overall, protecting personal information on VANET is a vital responsibility. The integration of fog computing and VANETs has gained significant importance in recent years, driven by advancements in cloud computing, Internet of Things (IoT) technologies, and intelligent transportation systems. However, ensuring secure communication in fog-based VANETs remains a major challenge. To overcome this challenge, we introduce a novel authenticated key agreement protocol that achieves mutual authentication, generates a secure session key for secret communication, and provides privacy protection without the use of bilinear pairing. We rigorously prove the security of our proposed protocol, which is designed specifically for fog-based VANETs, and has been shown to meet their stringent security requirements. Moreover, we performed formal and informal analysis that shows our proposed protocol is highly efficient,our protocol’s computational and communication overhead are lower than those of other relevant protocols by 45.570% and 29.432%, respectively. Finally we use NS-3 simulation to prove that our proposed algorithm is a practical and scalable solution for secure communication in fog-based VANETs.

@inproceedings{bib_Robu_2024, AUTHOR = {Mahmood, Khalid and Saleem, Muhammad Asad and Ghaffar, Zahid and Shamshad, Salman and Das, Ashok Kumar and Alenazi, Mohammed J.F. }, TITLE = {Robust and efficient three-factor authentication solution for WSN-based industrial IoT deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2024}}

The relentless advancements in Cyber-Physical Systems (CPS) and Wireless Sensor Networks (WSN) have paved the way for various practical applications across networking, public safety, smart transportation, and industrial sectors. The Industrial Internet of Things (IIoT) integrates these technologies into complex, interconnected environments where vast amounts of data are transmitted between devices and systems. However, the inherent openness of communication channels in IIoT systems introduces distinctive security and privacy vulnerabilities, where malevolent entities can effortlessly intercept, forge, or delete communication messages. These vulnerabilities are exacerbated by the critical nature of industrial applications, where breaches can lead to significant operational disruptions or safety hazards To address these challenges, several authentication protocols have been proposed. Nevertheless, many of these protocols remain susceptible to various security attacks. To ensure privacy and security in IIoT environments, we introduce a robust and efficient authentication protocol for a WSN-based IIoT environment. This protocol preserves the privacy of information transmitted among all entities and provides an effective solution for securing this sensitive information. Additionally, we present a detailed security analysis of the proposed protocol to formally and informally demonstrate its security strength. The performance analysis is carried out to compare the proposed protocol against existing related protocols, with results unequivocally demonstrating that our protocol offers enhanced privacy and security with reduced costs.

@inproceedings{bib_Desi_2024, AUTHOR = {Kwon, DeokKyu and So, Seunghwan and Park, Kisung and Das, Ashok Kumar and Park, Youngho }, TITLE = {Design of Blockchain-based Multi-domain Authentication Protocol for Secure EV Charging Services in V2G Environments}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

— Multi-domain vehicle to grid (V2G) is a network environment in which numerous service providers offer charging and discharging services to EV users. This can enhance energy management and traffic flow for efficient intelligent transportation systems (ITS). However, the combination of multiple domains can suffer from various security vulnerabilities, highlighting the need for robust countermeasures. Moreover, existing multidomain V2G protocols utilized a central trusted authority (TA) which can create a single point of failure (SPOF), or required high computational resources. In this paper, we propose a multi-domain authentication protocol for secure and efficient V2G services using consortium blockchain. The proposed protocol provides lightweight intra-domain authentication using hash functions and XOR operators. Furthermore, the proposed protocol ensures secure cross-domain authentication by integrating elliptic curve cryptography (ECC) and physical unclonable function (PUF). Therefore, the proposed protocol can establish trust, enable efficient communications, and prevent congestion at charging stations. To validate security robustness, comprehensive evaluations are conducted using “Real-Or-Random (ROR) model”, “Scyther tool”, and informal analyses. Comparative computational overheads of the proposed and related protocols are measured using “Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL)” testbed experiments. Additionally, a simulation of the practical deployment is conducted using “Network Simulator-3 (NS-3)”. Results indicate that the proposed protocol can improve ITS by providing secure and efficient services for multi-domain V2G environments

@inproceedings{bib_RLBA_2024, AUTHOR = {Yu, Sungjin and Das, Ashok Kumar and Park, Youngho }, TITLE = {RLBA-UAV: A Robust and Lightweight Blockchain-based Authentication and Key Agreement Scheme for PUF-enabled UAVs}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

Unmanned aerial vehicles (UAVs) integrated with the internet of things (IoT) guarantee useful advantages such as facilitating ground communications in regions where the availability of connectivity is restricted owing to physical obstacles. However, the data transmitted by sensors and IoT embedded in UAVs are facing new security issues and privacy challenges with the known security attacks over time. To address these security attacks and threats and meet lightweight UAV communication requirements, a secure and lightweight authentication and key agreement (AKA) scheme is essential. Recently, researchers have designed a lightweight blockchain-enabled AKA scheme with privacy-preserving for UAVs to provide useful and reliable services. However, we prove that the existing scheme is fragile to various security attacks and does not ensure mutual authentication. Thus, we propose a robust and lightweight blockchain-based AKA scheme for PUF-enabled UAVs, called RLBA-UAV to enhance the security problems of the existing scheme. We demonstrate the security of RLBA-UAV by using informal/formal security analyses such as the ROR oracle model and AVISPA simulation. Moreover, we demonstrate the performance comparison analysis between RLBA-UAV and related schemes for UAVs. We demonstrate an implementation of a network simulator (NS) 3 compliant with IEEE 802.11p standards to show its validation and feasibility that RLBA-UAV is appropriate for practical UAVs. Thus, RLBA-UAV offers enhanced security and operational efficiency compared to related schemes and can be applied to practical blockchain-based AKA systems for UAVs.

@inproceedings{bib_EM-P_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {EM-PAD: An Effective Mechanism for Phishing Attack Detection}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2024}}

In the present era, the increasing number of network devices and ubiquitous computing leads to the flow of enormous amounts of data traffic, including sensitive and confidential information, on the internet and carrying out commercial and banking transactions online. This gives cybercriminals an opportunity to launch an attack like phishing to steal confidential information from the user and gain unauthorized access. This can be mitigated by the help of an intelligent machine learningbased phishing detection system, which can detect potential phishing attacks and take appropriate action. In this paper, we have addressed this major cyber issue and proposed a machine learning-based phishing detection scheme (in short, EM-PAD), which is trained on a benchmark dataset and evaluated on standard metrics: F1-score and Accuracy. The proposed model is compared with different existing schemes based on Accuracy, indicating that it has outperformed them with remarkable results

@inproceedings{bib_Cont_2024, AUTHOR = {Das, Ashok Kumar }, TITLE = {Continuous Authentication for Consumer Electronics in Smart City Surveillance}, BOOKTITLE = {IEEE Consumer Electronics Magazine}. YEAR = {2024}}

In the realm of smart city surveillance, consumer electronics (CE) devices communicate through vulnerable wireless channels, posing significant security risks. To ensure secure and uninterrupted services for residents, continuous monitoring is imperative. Existing authentication methods for CE in smart cities authenticate users/devices at the onset of a communication session, assuming they remain authenticated throughout. However, temporary access by an attacker to the user's or CE device can lead to impersonation. To mitigate this security threat, we propose a continuous authentication (CA) protocol utilizing vector similarity search (VSS), which has emerged as a novel approach to enhance security and privacy in CE deployed within smart city surveillance systems. Through the employment of VSS techniques and secure communication via session key establishment, the proposed scheme continuously monitors user behavior and verifies legitimacy, ensuring seamless operation and protection against a myriad of potential threats. This innovative framework enhances the resilience of smart city infrastructures against unauthorized access, data tampering, data poisoning attacks, and other malicious activities.

@inproceedings{bib_Secu_2024, AUTHOR = {Saleem, Muhammad Asad and Li, Xiong and Mahmood, Khalid and Tariq, Tayyaba and Alenazi, Mohammed J. F. and Das, Ashok Kumar }, TITLE = {Secure RFID-assisted Authentication Protocol for Vehicular Cloud Computing Environment}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2024}}

@inproceedings{bib_PAF-_2024, AUTHOR = {Tanveer, Muhammad and Aldosary, Abdallah and Khokhar, Salah-ud-din and Das, Ashok Kumar }, TITLE = {PAF-IoD: PUF-Enabled Authentication Framework for the Internet of Drones}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}

The rise of smart cities and the increasing demand for drones has sparked considerable interest in the Internet of Drones (IoD) within the realms of academia and industry. IoD presents a multitude of advantages in smart city settings, facilitating services like traffic monitoring, environmental surveillance, and disaster management by harnessing the potential of IoT and Flying Ad-Hoc Networks (FANET) infrastructures. However, the transmission of sensitive messages between drones in IoD-based smart cities is disseminated over insecure channels, leaving them exposed to security vulnerabilities. Furthermore, drones operating in IoD architectures are prone to physical capture attacks as they operate in unattended environments with minimal human intervention. Moreover, the limited resources of drones pose challenges to the practicality of employing computationally intensive cryptographic methods. In response to these challenges, we introduce PAF-IoD, an authentication framework that prioritizes security and efficiency. PAF-IoD leverages physical unclonable functions (PUFs) and the AEGIS authenticated encryption scheme to guarantee trustworthy and secure communication between users and drones in smart cities. In terms of security validation, we perform both random and real model-based formal analyses. Furthermore, we employ the Scyther tool to ensure the resilience of PAF-IoD against different security vulnerabilities. Additionally, an informal analysis is conducted to demonstrate the resilience of PAF-IoD against various attacks. By introducing PAF-IoD, we offer a secure solution that addresses vulnerabilities and resource limitations associated with drone communication. The proposed framework guarantees the integrity and confidentiality of data while optimizing computational and communication resources, thereby enabling reliable and effective IoD operations in smart cities.

@inproceedings{bib_Unde_2024, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Das, Sajal K. }, TITLE = {Undeniable Authentication of Digital Twin-managed Smart Microfactory}, BOOKTITLE = {Conference on Pervasive Computing and Communications Workshops}. YEAR = {2024}}

—Smart Microfactories use additive manufacturing to create products with mixed materials and variable sizes. Digital twin technology enhances control of the additive manufacturing equipment in these factories, increasing productivity and minimizing errors. The digital twins communicate with the machines to furnish sensitive data and instructions, which must be protected from tampering. Authentication rescues the digital and physical twins from menacing attacks such as privileged insider, impersonation, Ephemeral Secret Leakage (ESL) and Man-in-The-Middle (MiTM) attacks. To this end, we propose lightweight authentication among the digital and physical twins with the undeniability of issued commands and deniable key agreement. It achieves perfect forward secrecy, unforgeability and anonymity. Rigorous formal verification with AVISPA and informal security analysis show the robustness of this protocol to the aforesaid attacks.

@inproceedings{bib_Larg_2024, AUTHOR = {Tekchandani, Prakash and Das, Ashok Kumar and Kumar, Neeraj }, TITLE = {Large-Scale Secure Model Learning and Inference using Synthetic Data for IoT-Based Big Data Analytics}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2024}}

Big data analytics in the Internet of Things (IoT) realm demands a substantial volume of data for training models and making reliable inferences. In most cases, data availability is scarce, and synthetic data is generated from real-world data to meet the needs. Yet, there remains a risk of exposing private and sensitive information without proper data security measures. In this article, we aim to develop a secure collaborative model learning methodology trained on synthetic data, ensuring data availability, privacy and confidentiality through differential privacy and key management. Additionally, we propose a secured inference framework where user data, sent for inference to the deployed model is protected, preserving both the accuracy of the predicted data and the security of the input data. Our experimental evaluation, along with performance and security analysis, exhibits that our approach offers accuracy and scalability while maintaining privacy and security.

@inproceedings{bib_Bloc_2024, AUTHOR = {Tekchandani, Prakash and Bisht, Abhishek and Das, Ashok Kumar and Kumar, Neeraj and Karuppiah, Marimuthu and Vijayakumar, Pandi and Park, Youngho }, TITLE = {Blockchain-Enabled Secure Collaborative Model Learning Using Differential Privacy for IoT-Based Big Data Analytics}, BOOKTITLE = {IEEE Transactions on Big Data}. YEAR = {2024}}

—With the rise of Big data generated by Internet of Things (IoT) smart devices, there is an increasing need to leverage its potential while protecting privacy and maintaining confidentiality. Privacy and confidentiality in Big Data aims to enable data analysis and machine learning on large-scale datasets without compromising the dataset sensitive information. Usually current Big Data analytics models either efficiently achieves privacy or confidentiality. In this article, we aim to design a novel blockchain-enabled secured collaborative machine learning approach that provides privacy and confidentially on large scale datasets generated by IoT devices. Blockchain is used as secured platform to store and access data as well as to provide immutability and traceability. We also propose an efficient approach to obtain robust machine learning model through use of cryptographic techniques and differential privacy in which the data among involved parties is shared in a secured way while maintaining privacy and confidentiality of the data. The experimental evaluation along with security and performance analysis show that the proposed approach provides accuracy and scalability without compromising the privacy and security.

@inproceedings{bib_TL-A_2024, AUTHOR = {Varri, Uma Sankararao and Mallick, Debjani and Das, Ashok Kumar and Hossain, M. Shamim and PARK, YOUNGHO and Rodrigues, Joel J.P.C. }, TITLE = {TL-ABKS: Traceable and lightweight attribute-based keyword search in edge-cloud assisted IoT environment}, BOOKTITLE = {Alexandria Engineering Journal}. YEAR = {2024}}

Edge–cloud coordination offers the chance to mitigate the enormous storage and processing load brought on by a massive increase in traffic at the network’s edge. Though this paradigm has benefits on a large scale, outsourcing the sensitive data from the smart devices deployed in an Internet of Things (IoT) application may lead to privacy leakage. With an attribute-based keyword search (ABKS), the search over ciphertext can be achieved; this reduces the risk of sensitive data explosion. However, ABKS has several issues, like huge computational overhead to perform multi-keyword searches and tracing malicious users. To address these issues and enhance the performance of ABKS, we propose a novel traceable and lightweight attribute-based keyword search technique in an Edge–cloud-assisted IoT, named TL-ABKS, using edge–cloud coordination. With TL-ABKS, it is possible to do effective multi-keyword searches and implement fine-grained access control. Further, TL-ABKS outsources the encryption and decryption computation to edge nodes to enable its usage to resource-limited IoT smart devices. In addition, TL-ABKS achieves tracing user identity who misuse their secret keys. TL-ABKS is secure against modified secret keys, chosen plaintext, and chosen keyword attacks. By comparing the proposed TL-ABKS with the current state-of-the-art schemes, and conducting a theoretical and experimental evaluation of its performance and credibility, TL-ABKS is efficient.

@inproceedings{bib_Secu_2024, AUTHOR = {Pandey, Abhishek Kumar and Das, Ashok Kumar and Kumar, Rajeev and Rodrigues, Joel J. P. C. }, TITLE = {Secure Cyber Engineering for IoT-Enabled Smart Healthcare System}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2024}}

The implementation of Internet of Things (IoT) as Cyber-Physical Systems (CPS) is essential for the advancement of smart healthcare within a highly digital environment. However, the development of medical CPS (MCPS) poses various challenges, particularly in terms of dependability and security. The complex nature of medical IoT components encompasses both computational and physical aspects including secure reliability. To mitigate these issues, this article introduces a cyber engineering, an innovative approach, that combines principles from complex system design in order to establish a systematic framework for combining the cyber and physical layers of IoT and MCPS together. This integration aims to provide an unified system designing approach that can produce more secure and robust systems. By embracing the cyber engineering ideology, the healthcare industry can overcome reliability challenges and pave the way for the development of secure and dependable smart healthcare solutions, while ensuring security by design perspective. The approach also provides ideal future possibilities to the upcoming researchers.

@inproceedings{bib_Big__2024, AUTHOR = {Das, Ashok Kumar and Anusha, Vangala and Agrawal , Saurabh and Pal, Shantanu and Kumar, Neeraj and Lorenz, Pascal and Park, Youngho }, TITLE = {Big Data-Enabled Authentication Framework for Offshore Maritime Communication Using Drones}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2024}}

The maritime transportation industry is a prime target for cybersecurity attacks due to the inherent risks of transmitting sensitive information required for its smooth operation. The introduction of digital systems in maritime transport has made them susceptible to a range of cybersecurity threats. These attacks can lead to the unauthorized acquisition and misuse of vulnerable data, such as personal information of crew and passengers, vessel location, route, schedule, and other related information. To address this issue, a new lightweight authentication protocol has been proposed by utilizing drone technology in conjunction with the 5th generation mobile network (5G) communication. The effectiveness of the proposed protocol has been analyzed, which demonstrates its ability to withstand various security attacks while maintaining low communication and computation costs. Furthermore, it successfully meets the security and functionality requirements of anonymity and untraceability. A comprehensive simulation study and simulation using the network simulator (NS3) have been conducted to assess the impact on various network performance parameters for the proposed scheme. In addition, various experiments using machine-learning algorithms for Big data analytics show the efficiency of the proposed scheme in terms of accuracy, precision, recall and F1 score.

@inproceedings{bib_Priv_2023, AUTHOR = {Saha, Sourav and Bera, Basudeb and Das, Ashok Kumar and KUMAR, NEERAJ and ISLAM, HAFIZUL and PARk, YOUNGHO }, TITLE = {Private Blockchain Envisioned Access Control System for Securing Industrial IoT-Based Pervasive Edge Computing}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

The Industrial Internet of Things (IIoT) is able to connect machines, analytics and people with IoT smart devices, gateway nodes and edge devices to create powerful intuitivenesses to drive smarter, faster and effective business agreements. IIoT having interconnected machines along with devices can monitor, gather, exchange, and analyze information. Since the communication among the entities in IIoT environment takes place insecurely (for instance, wireless communications and Internet), an intruder can easily tamper with the data. Moreover, physical theft of IoT smart devices provides an intruder to mount impersonation and other attacks. To handle such critical issues, in this work, we design a new private blockchain-envisioned access control scheme for Pervasive Edge Computing (PEC) in IIoT environment, called PBACS-PECIIoT. We consider the private blockchain consisting of the transactions and registration credentials of the entities related to IIoT, because the information is strictly confidential and private. The security of PBACS-PECIIoT is significantly improved due to usage of blockchain as immutability, transparency and decentralization along with protection of various potential attacks. A meticulous comparative analysis exhibits that PBACS-PECIIoT achieves greater security and more functionality features, and requires low costs for communication and computational as compared to other pertinent schemes.

@inproceedings{bib_Pers_2023, AUTHOR = {Bisht, Abhishek and Das, Ashok Kumar and Giri, Debasis }, TITLE = {Personal health record storage and sharing using searchable encryption and blockchain: A comprehensive survey}, BOOKTITLE = {Security and Privacy}. YEAR = {2023}}

Personal Health Records (PHRs) allow patients to have full control over their health data. However, storage and sharing of PHRs still remains a difficult but necessary task, especially when health data is one of the major targets of cyber attacks worldwide. Searchable Encryption (SE) is a feasible solution for this problem and can be augmented by Blockchain to address some of its issues, such as verifiability. Therefore, SE using blockchain is a promising technologies to tackle the challenge of PHR storage and sharing. In this survey, we have explored the research works that use SE and blockchain technology for the same. The work starts with an introduction of cloud, searchable encryption and blockchain. Subsequently, we present a literature survey of the corresponding technologies. We then describe SE in detail and how it fits with blockchain. This is followed by description of noteworthy existing solutions for secure storage and sharing of PHRs. Even though there have been a number of surveys related to SE, none of them have surveyed the use of blockchain with SE or use of SE and blockchain in PHR sharing. The work concludes with a comparative study of these existing solutions and future scope in this direction. KEYWORDS: Searchable encryption, Blockchain, Cloud computing, Personal Health Records (PHRs), Storage, Security

@inproceedings{bib_Effi_2023, AUTHOR = {Bisht, Abhishek and Das, Ashok Kumar and NIYATO, DUSIT and Park, YoungHo }, TITLE = {Efficient Personal-Health-Records Sharing in Internet of Medical Things Using Searchable Symmetric Encryption, Blockchain, and IPFS}, BOOKTITLE = {IEEE Open Journal of the Communications Society}. YEAR = {2023}}

Secure storage and sharing of Personal Health Records (PHRs) in Internet of Medical Things (IoMT) is one of the significant challenges in the healthcare ecosystem. Due to the high value of personal health information, PHRs are one of the favourite targets of cyber attackers worldwide. Over the years, many solutions have been proposed; however, most solutions are inefficient for practical applications. For instance, several existing schemes rely on the bilinear pairings, which incur high computational costs. To mitigate these issues, we propose a novel PHR-sharing scheme that is dynamic, efficient, and practical. Specifically, we combine searchable symmetric encryption, blockchain technology and a decentralized storage system, known as Inter-Planetary File System (IPFS) to guarantee confidentiality of PHRs, verifiability of search results, and forward security. Moreover, we provide formal security proofs for the proposed scheme. Finally, we have conducted extensive test-bed experiments and the results demonstrate that the proposed scheme can be used in practical scenarios related to IoMT environment.

@inproceedings{bib_Bloc_2023, AUTHOR = {RAO, P. MURALIDHARA and JANGIRALA, SRINIVAS and PEDADA, SARASWATHI and Das, Ashok Kumar and PARK, YOUNGHO }, TITLE = {Blockchain Integration for IoT-Enabled V2X Communications: A Comprehensive Survey, Security Issues and Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

In V2X (vehicle-to-everything) communication, there is a two-way communication among the vehicle(s) and other Internet of Things (IoT)-enabled smart devices around it that may change how we need to drive. Due to the advancement of Information and Communications Technology (ICT) and the rapid development of IoT in transportation, traditional applications are converted to intelligent applications. In V2X communications, the collected information from the IoT smart devices and other sources passes through low-latency, high-bandwidth, high-reliability links. With the future adoption of the 5th generation mobile network (5G) and beyond networks, V2X continues to produce a huge volume of data. However, collecting and storing data securely in blockchain-based storage are extremely needed for immutability and transparency. In this survey article, the convergence of IoT, V2X and blockchain technologies, and various security challenges and their countermeasures are discussed. Next, we discuss various V2X applications and their respective services. Moreover, IoT-V2X architecture and its enabling technologies are discussed in this article. In addition, we also provide a comprehensive analysis of various security mechanisms. Finally, we provide some important challenges and issues of Blockchain for Intelligent Transportation System (BITS)

@inproceedings{bib_Quan_2023, AUTHOR = {Mohanty, Tapaswini and Srivastava, vikas and Debnath, Sumit Kumar and Das, Ashok Kumar }, TITLE = {Quantum Secure Threshold Private Set Intersection Protocol for IoT-Enabled Privacy Preserving Ride-Sharing Application}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}

The Internet of Things (IoT)-enabled ride sharing is one of the most transforming and innovative technologies in the transportation industry. It has myriads of advantages, but with increasing demands there are security concerns as well. Traditionally, cryptographic methods are used to address the security and privacy concerns in a ride sharing system. Unfortunately, due to the emergence of quantum algorithms, these cryptographic protocols may not remain secure. Hence, there is a necessity for privacy-preserving ride sharing protocols which can resist various attacks against quantum computers. In the domain of privacy preserving ride sharing, a threshold private set intersection (TPSI) can be adopted as a viable solution because it enables the users to determine the intersection of private data sets if the set intersection cardinality is greater than or equal to a threshold value. Although TPSI can help to alleviate privacy concerns, none of the existing TPSI is quantum secure. Furthermore, the existing TPSI faces the issue of long-term security. In contrast to classical and post quantum cryptography, quantum cryptography (QC) provides a more robust solution, where QC is based on the postulates of quantum physics (e.g., Heisenberg uncertainty principle, no cloning theorem, etc.) and it can handle the prevailing issues of quantum threat and long-term security. Herein, we propose the first QC based TPSI protocol which has a direct application in privacy preserving ride sharing. Due to the use of QC, our IoT-enabled ride sharing scheme remains quantum secure and achieves long-term security as well.

@inproceedings{bib_APT__2023, AUTHOR = {JAVED, SAFDAR HUSSAIN and AHMAD, MAAZ BIN and ASIF, MUHAMMAD and AKRAM, WASEEM and MAHMOOD, KHALID and Das, Ashok Kumar and SHETTY, SACHIN }, TITLE = {APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi- dimensional algorithm that captures behavioral features along with the relevant information that other methods do not deliver. This approach utilizes masked self-attentional layers to address the limitations of prior Deep Learning (DL) methods that rely on convolutions. Two datasets, the DAPT2020 malware, and Edge I-IoT datasets are used to evaluate the approach, and it attains the highest detection accuracy of 96.97% and 95.97%, with prediction time of 20.56 seconds and 21.65 seconds, respectively. The GAN approach is compared to conventional ML algorithms, and simulation results demonstrate a significant performance improvement over these algorithms in the I-IoT-enabled CPS realm.

@inproceedings{bib_A_hy_2023, AUTHOR = {Saini, Neeraj and Kasaragod, Vivekananda Bhat and Prakasha, Krishna and Das, Ashok Kumar }, TITLE = {A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection}, BOOKTITLE = {Concurrency and Computation: Practice and Experience}. YEAR = {2023}}

A persistent, targeted cyber attack is called an advanced persistent threat (APT) attack. The attack is mainly launched to gain sensitive information, take over the system, and for financial gain, which creates nowadays more hurdles and challenges for the organization in preventing, detecting, and recovering from such attacks. Due to the nature of APT attacks, it is difficult to detect them quickly. Therefore machine learning techniques come into these research areas. This study uses deep and machine learning models such as random forest, decision tree, convolutional neural network, multilayer perceptron and so forth to categorize and effectively detect APT attacks by utilizing publicly accessible datasets. The datasets used in this study are CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15. This study proposes the hybrid ensemble machine learning model, a mixed approach of random forest and XGBoost classifiers. It has obtained the maximum prediction accuracy of 98.92%, 99.91%, 99.24%, and 97.11% for datasets CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15, with a false positive rate of 0.52%, 0.12%, 0.62%, and 5.29% respectively. These results are compared to other closely related recent studies in the literature. Our experiment's findings show that our model has performed significantly better for all datasets.

@inproceedings{bib_ACKS_2023, AUTHOR = {Mishra, Amit Kumar and Wazid, Mohammad and , Devesh Pratap Singh and Das, Ashok Kumar }, TITLE = {ACKS-IA: An Access Control and Key Agreement Scheme for Securing Industry 4.0 Applications}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2023}}

The most significant and critical infrastructures, such as the electricity utilities, clean water facilities, nuclear plants and manufacturing industries are controlled and supervised by the industrial control systems. These systems undergo through a metamorphosis as a result of the Industry 4.0 revolution, which emphasises enhanced connectivity and flexibility with the Internet of Things (IoT) and cloud computing technologies. As the data is transferred across the Internet, Industry 4.0 communication can be easily attacked by launching different potential attacks. As a consequence, we attempt to propose a novel certificate-based access control and key establishment scheme for securing Industry 4.0 communication, called ACKS-IA. It offers access control and key establishment between smart industrial devices, as well as between a smart device and its associated cloud server. A formal security analysis of ACKS-IA through the broadly-accepted Burrows–Abadi– Needham (BAN) logic is provided. It confirms that ACKS-IA is secured and provides secure mutual authentication among the communication entities. The detailed informal security analysis and comparative study with the existing related schemes reveal that the proposed ACKS-IA is secured and efficient in terms of communication cost, computation cost, and security and functionality features including anonymity and untraceability as compared to other competing schemes. Finally, a real testbed implementation of ACKS-IA is provided to measure its effect on important performance attributes.

@inproceedings{bib_Desi_2023, AUTHOR = {Mahmood, Khalid and Shamshad, Salman and Ayub, Muhammad Faizan and Ghaffar, Zahid and Ghaffar, Zahid and Das, Ashok Kumar }, TITLE = {Design of Provably Secure Authentication Protocol for Edge-Centric Maritime Transportation System}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2023}}

The epidemic growth of the Internet of Things (IoT) objects have revolutionized Maritime Transportation Systems (MTS). Though, it becomes challenging for the centralized cloud-centric framework to fulfil the application requirements such as low latency and power utilization. The introduction of the distributed edge-centric framework has recently helped the IoT-enabled MTS to meet these requirements by manipulating the tasks at the edge of the networks. Despite the fact that MTS leverages mobile subscribers by overcoming inherent cloud computing limitations, data security and user privacy requirements in establishing the MTS setup are still non-trivial challenges. In this article, we develop a key agreement solution for mobile users to realize mutual authentication in a single round. Our protocol offers user anonymity to maintain user privacy, and it can prevent physical attacks by physically unclonable functions. Initially, the security analysis is conferred to substantiate our protocol’s security persistence or strength. Later, its performance correlation is observed under the assumption of diverse metrics in a predefined empirical setup. The meticulous performance correlation endorses the precedence of our protocol over specified related protocols.

@inproceedings{bib_Emba_2023, AUTHOR = {Singh, Darshan and Wazid, Mohammad and Singh, D. P. and Das, Ashok Kumar and C, Rodrigues Joel J. P. }, TITLE = {Embattle The Security of E-Health System Through A Secure Authentication and Key Agreement Protocol}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2023}}

In recent years there has been rampant growth in the field of ML, AI, Big Data, IoT, cyber security, and cloud computing. These technologies have also integrated into the field of smart healthcare. The Internet of Medical Things (IoMT)-driven e-health is one such domain, which utilizes these modern technologies to provide cost-effective and secure healthcare care services to the patients [1]. It contain sensors, devices, actuators, etc. All the raw data is collected from these devices, which is prepossessed and refined to give useful insights. The medical professional can analyze and visualize critical health parameters such as ‘‘blood pressure (BP), heart rate, temperature, etc Based on the current status of the patient, alerts can be generated to doctors or the nursing staff in case of any eventuality. The integration of IoMT with e-health can enhance live tracking, monitoring and health services of patients [2], [3]. This data is regularly shared by the integrated devices and stored over the cloud server, where the healthcare professional can get all the diagnostics of patients. With the benefits of the technology, there are some security challenges. It can be architectural design flaws, a software bug, or a hardware backdoor that can lead to the compromise of the security of the systems. The cyber threat actor can gain authorized access to the system and paralyze all the networks at once. Weak control access, authentication and authorization protocols in the network may compromise the systems to the cyber attackers [4]. Attacks such as ransomware, rootkit, malware, denial of service (DoS), etc., can cause harm to the devices and tamper the healthcare data. Attackers can remotely access the smart healthcare devices and can use them as the botnet devices. With remote access, the attackers can redirect the network somewhere else and can huge network flooding [5], [6]. There have been a lot of high-impact cyber attacks happening to the e-health infrastructure. For example, a patient with the smart pacemaker monitors heart rate, temperature, and blood flow rate that can be critical to a heart alignment patient. Imagine this device gets compromised by a threat actor, it can create panic even worse and can cause death to the patient [7]. For mitigation of the cyber-attacks on all the critical infrastructure (i.e., e-health), cyber security comes into action. With threat modeling and hunting, we can actively search for any threat in the network, its source, and the severity of the threats. Once threats are found in the network, all the mitigation techniques can be used to secure the network from any intrusion. Cyber security provides a strong mechanism (i.e., authentication and key agreement) with all the tools and techniques to safeguard the e-health system [5], [6], [8]. Therefore, proper registration, authentication, authorization and intrusion detection schemes can be used to mitigate the various cyber attacks, i.e., ‘‘replay attempts, man-in-themiddle (MiTM) attacks, replay attacks, illegal session key computation, stolen verifier, etc., [8]

@inproceedings{bib_Secu_2023, AUTHOR = {Mishra, Amit Kumar and Wazid, Mohammad and Singh, D. P. and Das, Ashok Kumar and Guizani, Mohsen }, TITLE = {Securing Fog Computing-based Industry 4.0 Communication Using Authenticated Key Agreement Scheme}, BOOKTITLE = {International Wireless Communications and Mobile Computing Conference}. YEAR = {2023}}

Internet of Things (IoT)-based smart factories offer the manufacturing sectors a great opportunity to embrace the fourth industrial revolution (Industry 4.0). The real-time monitoring of manufacturing operations in an Industry 4.0 needs to be ensured by the deployed technologies, like Artificial Intelligence (AI) and Big Data analytics. The overall purpose is to improve the outcomes of the production process. However, Industry 4.0 becomes vulnerable to different potential attacks as the communication takes place via public environments. In this article, an authentication and key agreement method has been suggested to secure the communication that can occur in a Fog-based Industry 4.0 environment. The security proposal provides secure mutual authentication along with key establishment between various smart industrial devices and fog servers, as well as between fog servers and cloud servers. The security analysis and comparative study reveal that the proposed method can mitigate various potential attacks, and it also offers important security and functionality attributes as compared to those for other competing schemes.

@inproceedings{bib_A_Su_2023, AUTHOR = {Rawat, Surabhi Gusain and Obaidat, Mohammad S. and Pundir, Sumit and , Mohammad Wazid and Das, Ashok Kumar }, TITLE = {A Survey of DDoS Attacks Detection Schemes in SDN Environment}, BOOKTITLE = {International Conference on Computer, Information and Telecommunication Systems}. YEAR = {2023}}

Denial-of-service (DoS) attacks are a major concern in the field of Internet technology, and they pose a difficult security challenge. Among the different types of DoS attacks, distributed denial-of-service (DDoS) attacks are especially concerning because they can quickly drain the resources of a target, disrupting their computational and communication capabilities without warning. In response to the severity of this problem, various defense strategies have been developed to defend against DDoS attacks. In this paper, a survey on the various DDoS attacks detection schemes is presented. An overview of the DDoS attack methodology is given. The information on different types of DDoS detection methods in SDN environment is also provided. Then a comparative study of different DDoS attack detection schemes is given, which contains the comparisons of different schemes in terms of their advantages, limitations, accuracy values, and time complexity.

@inproceedings{bib_Desi_2023, AUTHOR = {Thapliyal, Siddhant and Wazid, Mohammad and Singh, Devesh Pratap and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {Design of Robust Blockchain-Envisioned Authenticated Key Management Mechanism for Smart Healthcare Applications}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

The healthcare sector is a very crucial and important sector of any society, and with the evolution of the various deployed technologies, like the Internet of Things (IoT), machine learning and blockchain it has numerous advantages. However, in this section, the data is much more vulnerable than others, because the data is strictly private and confidential, and it requires a highly secured framework for the transmission of data between entities. In this article, we aim to design a blockchain-envisioned authentication and key management mechanism for the IoMT-based smart healthcare applications (in short, we call it SBAKM-HS). We compare the various attributes of the proposed SBAKM-HS and other existing schemes to demonstrate that SBAKM-HS outperforms other existing schemes. The conducted security analysis

@inproceedings{bib_An_E_2023, AUTHOR = {Singh, Jaskaran and Sharma, Keshav and WAZID, MOHAMMAD and Das, Ashok Kumar and Vasilakos, Athanasios V. }, TITLE = {An Ensemble-Based IoT-Enabled Drones Detection Scheme for a Safe Community}, BOOKTITLE = {IEEE Open Journal of the Communications Society}. YEAR = {2023}}

With the increasing use of Internet of Things (IoT)- enabled drones for various purposes, including photography, de- livery, and surveillance, concerns related to privacy and security have arisen. Drones have the potential to capture sensitive infor- mation, invade privacy, and cause security breaches. Therefore, the need for advanced technology for the automated detection of drones has become crucial. In this paper, we propose an ensemble-based IoT-enabled drones detection scheme (in short, EDDSBS). The presented model is part of a computer vision- based module and uses transfer learning for improved perfor- mance. Transfer learning allows the reuse of pre-trained models and their knowledge in a different but related domain, enabling better performance with less training data. To evaluate the performance of the proposed EDDSBS, we test it on benchmark datasets, including the Drone–vs–Bird Dataset and the UAVDT dataset. The proposed EDDSBS outperforms the existing schemes of drone detection (i.e., in terms of accuracy). The results of the presented scheme demonstrate the potential of deep learning- based technology for automated drone detection in critical areas, such as airports, military bases, and other high-security areas. Thus the paper introduces a comprehensive process methodology for drone detection that can be applied in real-world settings for a sustainable and secure environment, which is required for a safe community

@inproceedings{bib_Prov_2023, AUTHOR = {Ghosh, Sudeep and Islam, SK Hafizul and Bisht, Abhishek and Das, Ashok Kumar }, TITLE = {Provably secure public key encryption with keyword search for data outsourcing in cloud environments}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}

In recent days, the application of cloud computing has been gaining significant popularity among people. A considerable amount of data are being stored in the cloud server. However, data owners outsource their encrypted data to the cloud for various security reasons. Unfortunately, encrypted data cannot be searched, like plaintext data. So how to search encrypted data is an interesting problem in this era. Many public key encryption with keyword search (PEKS) schemes have been designed in the literature. However, most of them cannot prevent keyword-guessing attacks. In this paper, we develop a provably secure PEKS scheme in the random oracle model. This scheme may be used for secure email access from an email server containing a list of encrypted keywords. The proposed scheme can resist keyword-guessing attacks, and offer ciphertext and trapdoor indistinguishability properties. We use the data owner’s private key during encryption to prevent keyword-guessing attacks. Using the data owner’s public key in the verification phase ensures the resilience of keyword-guessing attacks. Finally, the proposed scheme has been tested on a real testbed, and the results show that it can be used in the cloud computing scenario to search for keywords on encrypted data

@inproceedings{bib_Prov_2023, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Lee, Jong-Hyouk }, TITLE = {Provably secure signature‐based anonymous user authentication protocol in an Internet of Things‐enabled intelligent precision agricultural environment}, BOOKTITLE = {Concurrency and Computation: Practice and Experience}. YEAR = {2023}}

User authentication is a promising security solution in which an external user hav- ing his/her mobile device can securely access the real-time information directly from the deployed smart devices in an Internet of Things-enabled intelligent precision agri- cultural environment. To achieve this goal, we present a new signature-based three factor user authentication scheme. The established session key between a user and the accessed smart device is then used to make secure communication among them to fetch the real-time data of the device. A detailed security analysis including the random-oracle based formal security, formal security verification using the broadly recognized automated validation of internet security protocols and applications tool and nonmathematical informal security analysis show the robustness of the proposed scheme against a number of potential attacks. In addition, testbed experiments are performed for measuring computational time of various cryptographic primitives that are used for comparative study among the proposed scheme and other related exist- ing competing schemes. The detailed comparative analysis shows that the proposed scheme has a better trade-off among its offered security and functionality features, and communication and computational overheads as compared with those for other competing schemes.

@inproceedings{bib_Secu_2023, AUTHOR = {Mishra, Amit Kumar and Wazid, Mohammad and Singh, Devesh Pratap and Das, Ashok Kumar and Singh, Jaskaran and Vasilakos, Athanasios V. }, TITLE = {Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications }, BOOKTITLE = {Drones}. YEAR = {2023}}

One of the most significant recent advances in technology is the advent of unmanned aerial vehicles (UAVs), i.e., drones. They have widened the scope of possible applications and provided a platform for a wide range of creative responses to a variety of challenges. The Internet of Drones (IoD) is a relatively new concept that has arisen as a consequence of the combination of drones and the Internet. The fifth-generation (5G) and beyond cellular networks (i.e., drones in networks beyond 5G) are promising solutions for achieving safe drone operations and applications. They may have many applications, like surveillance or urban areas, security, surveillance, retaliation, delivering items, smart farming, film production, capturing nature videos, and many more. Due to the fact that it is susceptible to a wide variety of cyber-attacks, there are certain concerns regarding the privacy and security of IoD communications. In this paper, a secure blockchain-enabled authentication key management framework with the big data analytics feature for drones in networks beyond 5G applications is proposed (in short, SBBDA-IoD). The security of SBBDA-IoD against multiple attacks is demonstrated through a detailed security analysis. The Scyther tool is used to perform a formal security verification test on the SBBDA-IoD’s security, confirming the system’s resistance to various potential attacks. A detailed comparative analysis has identified that SBBDA-IoD outperforms the other schemes by a significant margin. Finally, a real-world implementation of SBBDA-IoD is shown to evaluate its effect on several measures of performance.

@inproceedings{bib_Robu_2023, AUTHOR = {Thapliyal, Siddhant and Wazid, Mohammad and Singh, D.P. and Das, Ashok Kumar and Islam, SK Hafizul }, TITLE = {Robust authenticated key agreement protocol for internet of vehicles-envisioned intelligent transportation system}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}

Internet of Vehicles (IoV) is a wireless network, which employs well-established Internet protocols and networks to share information between vehicles, people, and infrastructure by utilising Vehicular Adhoc Networks (VANETs). IoV aims to increase road user safety and lower accident rates. It is one of the main components of an intelligent transportation system (ITS). ITS appears as the most crucial component since the cities in any country are evolving into digital civilisations as a result of the smart city concept, regardless of whether people are travelling within the city, to work, in school, or for other purposes. It can also be used to improve infrastructure utilisation and road safety (i.e., reduction in road accidents), in addition to enhancing traffic management and easing congestion. However, IoV-driven ITS is susceptible to several forms of attacks because of the insecure communication among the participating entities. We, therefore, propose a secure authentication protocol for IoV-driven ITS to stop these attacks from happening (in short, SAKP-ITS). Its resistance to a number of potential attacks is confirmed by the security analysis of the proposed SAKP-ITS. Additionally, SAKP-ITS is juxtaposed with other comparable competing methods put out in an IoV environment. Additionally, it has been found that SAKP-ITS outperforms competing schemes in terms of critical metrics like communication costs, computation costs, and security and functionality attributes. To test the effect of the proposed SAKP-ITS on the critical performance attributes, a practical implementation of SAKP-ITS

@inproceedings{bib_IIDS_2023, AUTHOR = {Narayan, KG Raghavendra and Mookherji, Srijanee and Odelu, Vanga and Prasath, Rajendra and Turlapaty, Anish Chand and Das, Ashok Kumar }, TITLE = {IIDS: Design of Intelligent Intrusion Detection System for Internet-of-Things Applications}, BOOKTITLE = {Technical Report}. YEAR = {2023}}

With rapid technological growth, security attacks are drastically increasing. In many crucial Internet-of-Things (IoT) applications such as healthcare and defense, the early detection of security attacks plays a significant role in protecting huge resources. An intrusion detection system is used to address this problem. The signature-based approaches fail to detect zero-day attacks. So anomaly-based detection particularly AI tools, are becoming popular. In addition, the imbalanced dataset leads to biased results. In Machine Learning (ML) models, F1 score is an important metric to measure the accuracy of class-level correct predictions. The model may fail to detect the target samples if the F1 is considerably low. It will lead to unrecoverable consequences in sensitive applications such as healthcare and defense. So, any improvement in the F1 score has significant impact on the resource protection. In this paper, we present a framework for ML-based intrusion detection system for an imbalanced dataset. In this study, the most recent dataset, namely CICIoT2023 is considered. The random forest (RF) algorithm is used in the proposed framework. The proposed approach improves 3.72%, 3.75% and 4.69% in precision, recall and F1 score, respectively, with the existing method. Additionally, for unsaturated classes (i.e., classes with F1 score < 0.99), F1 score improved significantly by 7.9%. As a result, the proposed approach is more suitable for IoT security applications for efficient detection of intrusion and is useful in further studies.

@inproceedings{bib_Desi_2023, AUTHOR = {Bera, Sourav and Prasad, Suryakant and Rao, Y.Sreenivasa and Das, Ashok Kumar and Park, YoungHo }, TITLE = {Designing Attribute-Based Verifiable Data Storage and Retrieval Scheme in Cloud Computing Environment}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2023}}

The cloud computing technology is a novel storage and computing paradigm that enables individuals and organizations to store data, share data with intended group of users and retrieve data when require. It greatly improves peoples’ data storage and sharing, and data retrieval capabilities by providing flexible, less expensive and quality services. For data security and privacy concerns, secure and authenticated data storage, fine-grained access control of encrypted data, secure search for the outsourced data and search results verification are of critical importance. However, achieving the aforementioned functionalities simultaneously is quite challenging. In this paper, for the first time, we propose a secure lightweight Attribute-Based verifiable Data Storage and data Retrieval Scheme (ABDSRS) for cloud environments that attains the following features: (i) lightweight design, (ii) provably secure, (iii) fine-grained …

@inproceedings{bib_Secu_2023, AUTHOR = {Badar, Hafiz Muhammad Sanaullah and Mahmood, Khalid and Akram, Waseem and Ghaffar, Zahid and Umer, Muhammad and Das, Ashok Kumar }, TITLE = {Secure Authentication Protocol for Home Area Network in Smart Grid-Based Smart Cities}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2023}}

The Internet of Things (IoT) allows better solutions for managing challenges such as reliability and power quality in a smart grid environment. It also assists in adopting smart grid measures in smart city development. A smart meter in the smart grid environment must securely access services from a service provider via public channels. An adversary can pose several security vulnerabilities as the communication occurs through a public channel. Various researchers recently conducted several research types to determine the most challenging problems with the smart grid. The security features like integrity, authentication, and confidentiality are indispensable requirements of the smart grid environment. On the other hand, different objects like smart meters in the smart grid environment are resource-constrained, posing in designing lightweight security protocols. Hence, we propose a lightweight mutual authentication

@inproceedings{bib_A_Pr_2023, AUTHOR = {Shamshad, Salman and Mahmood, Khalid and Shamshad, Usman and Hussain, Ibrar and Das, Ashok Kumar }, TITLE = {A Provably Secure and Lightweight Access Control Protocol for EI-based Vehicle to Grid Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}

The Energy Internet (EI) presents a novel paradigm for renewable energy distribution that utilizes communication and computing technologies to revolutionize the conventional Intelligent Transportation Systems (ITSs) and power grid into a structure that provides assistance to open innovation. The EI offers sustainable and bidirectional transmission for the improvement and analysis of energy convention among Electric Vehicles (EVs) and service providers. To ensure efficient, reliable, and secure operation, EI must be safe from security attacks. Therefore, efficient and secure key negotiation is a significant issue for the EI-based Vehicle-to-Grid (V2G) architecture. Thus, to ensure the system’s security, we have devised a robust scheme to facilitate a secure key agreement between the entities involved for the secure and efficient renewable energy distribution for the EI-based energy vehicles in V2G. The devised scheme’s robustness is solicited through the widely-accepted formal Random or Real (RoR) model. In addition, the informal security analysis is conducted on the devised scheme, which is evident that the designed scheme achieves all the required security features of EI-based ITS. Moreover, the performance evaluation results endorse that the designed scheme achieves the desired security and minimizes the communication, computation, and energy overhead by 29.33%, 27.94% and 28.08% in comparison to the existing competitive schemes.

@inproceedings{bib_Bloc_2023, AUTHOR = {Lee, JoonYoung and Kim, MyeongHyun and Park, KiSung and Noh, SungKee and Bisht, Abhishek and Das, Ashok Kumar and Park, Youngho }, TITLE = {Blockchain-Based Data Access Control and Key Agreement System in IoT Environment}, BOOKTITLE = {Sensors}. YEAR = {2023}}

Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.

@inproceedings{bib_Desi_2023, AUTHOR = {Son, Seunghwan and Kwon, Deokkyu and Park, Kisung and Das, Ashok Kumar and Park, Youngho }, TITLE = {Design of Secure and Lightweight Authentication Scheme for UAV-Enabled Intelligent Transportation Systems using Blockchain and PUF}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

Unmanned-aerial-vehicle (UAV)-enabled intelligent transportation system (ITS) is an advanced technology that can provide various services including autonomous driving, real-time creation of high-definition maps, and car sharing. In particular, a UAV-enabled ITS can be realized through the combination of traditional vehicular ad hoc networks (VANETs) and UAVs that can act as flying roadside units (RSUs) at the outskirts and monitor road conditions from predefined locations to spot car accidents and any law violations. Notably, to realize these services, real-time communication between UAVs and RSUs must be guaranteed. However, UAVs have limited computing powers, and if extensive computation is required during communication, the provision of real-time ITS services may be hindered. Furthermore, UAVs and RSUs communicate via public channels that are prone to various attacks, such as replay

@inproceedings{bib_Secu_2023, AUTHOR = {Panda, Suryakanta and Mondal, Samrat and Das, Ashok Kumar and , Willy Susilo }, TITLE = {Secure access privilege delegation using attribute-based encryption}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2023}}

Attribute-based encryption (ABE) is widely used for a secure and efficient data sharing. The predetermined access policy of ABE shares the data with intended data users. However, ABE is not preferable in many applications that require collaboration among data users. In such applications, an authorized data user may be interested to collaborate with another data user who does not adhere to the access policy. Fixed access policy of ABE does not allow an authorized data user (who satisfies the access policy) to collaborate or share the data with any unauthorized data user (who fails to satisfy the access policy). Thus, due to the static and predefined access policy, data collaboration in ABE is significantly challenging. In this work,

@inproceedings{bib_Publ_2023, AUTHOR = {Bagchi, Prithwi and Maheshwari, Raj and Bera, Basudeb and Das, Ashok Kumar and Park, Youngho and Lor, Pascal }, TITLE = {Public Blockchain-Envisioned Security Scheme Using Post Quantum Lattice-Based Aggregate Signature for Internet of Drones Applications}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2023}}

Due to high effectiveness and robust security proto- cols, lattice-based cryptography becomes a very broadly appli- cable optimistic post-quantum technique that is recently used in public key cryptosystem. An aggregate signature scheme enables a party to bundle a set of signatures together into a single short cryptographic signature, which can be verified by any verifier using the public information. In this paper, we provide a lattice- based aggregate signature scheme where the security depends on the difficulty of the Ring Learning-with-Error (Ring-LWE) problem. Next, we use the basic scheme in Internet of Drones (IoD) applications using the blockchain technology for secure and transparent data storage. The detailed security analysis and comparative study show that the proposed scheme provides superior security including resistance to quantum attacks and is efficient as compared to the existing state of art approaches. The testbed experimental results and the blockchain simulation demonstrate that the proposed scheme can be applied in real-life drones applications. Index Terms—Internet of Drones (IoD), unmanned aerial vehi- cles, lattice-based cryptography, aggregate signature, blockchain, security.

@inproceedings{bib_Expl_2023, AUTHOR = {Kumar, Pankaj and Wazid, Mohammad and Singh, D. P. and Singh, Jaskaran and Das, Ashok Kumar and Park, Youngho and Rodrigue, Joel J. P. C. }, TITLE = {Explainable Artificial Intelligence Envisioned Security Mechanism for Cyber Threat Hunting}, BOOKTITLE = {Security and Privacy}. YEAR = {2023}}

Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI-envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM-CTH). The network and threat models of XAISM-CTH are designed and discussed. The conducted security analysis proves the security of XAISM-CTH against various potential attacks. XAISM-CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM-CTH has been provided to observe its impact on the performance of the system. KEYWORDS cyber threat hunting, explainable artificial intelligence (XAI), intrusion detection, privacy, security

@inproceedings{bib_Fog-_2023, AUTHOR = {Mookherji, Srijanee and Odelu, Vanga and Prasath, Rajendra and Das, Ashok Kumar and Park, Youngho }, TITLE = {Fog-Based Single Sign-On Authentication Protocol for Electronic Healthcare Applications}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}

Increasing use of electronic healthcare (eHealth) services demands efficient and secure solutions. Such solutions need to ensure the prevention of unauthorised access to the patient data and provide faster response. Fog computing is a viable solution to provide faster responses in eHealth systems. Key distribution and authentication play a major role in providing security to patient data. Existing centralized architectures are susceptible to single-point-of-compromise, that is, the entire system is vulnerable when the centralized authority keys are unexpectedly revealed to an adversary. In this paper, we present a fog-based semi-centralised architecture for key distribution and authentication, in which the key distribution service is delegated to individual fog-servers. Thus, the fog-servers become responsible for key distribution to the users without the involvement of the centralised authority, which forms a paradigm of multiple client-server architecture. Thus, achieving centralized trust by designing a single sign-on authentication in such environments is a challenging problem. We design a single sign-on authentication protocol for semi-centralized architectures to achieve centralized trust by ensuring that the user keys are independent of the centralized authority’s keys. A rigorous security analysis under the random oracle model is performed to prove that the proposed protocol is secure against single-point-of-compromise. We also conduct extensive experiments to show the practical perspectives of the proposed scheme. The results show that the protocol is suitable for eHealth applications, including emergency services.

@inproceedings{bib_LAKA_2023, AUTHOR = {Yu, Sungjin and Lee, Joonyoung and Sutrala, Anil Kumar and Das, Ashok Kumar and Park, Youngho }, TITLE = {LAKA-UAV: Lightweight authentication and key agreement scheme for cloud-assisted Unmanned Aerial Vehicle using blockchain in flying ad-hoc networks}, BOOKTITLE = {Computer Networks}. YEAR = {2023}}

Unmanned Aerial Vehicle (UAV) can be employed in various applications, including traffic control, and delivery application. However, these services are susceptible to various security attacks because sensitive data are exchanged through an open channel. Thus, a secure authentication scheme is essential for UAV. UAV has limited storage resources and computing capabilities. To overcome these problems, cloud computing is considered as a promising solution. Cloud computing provides various properties such as storage availability and scalability. Unfortunately, the cloud server’s database can be a major target for an adversary because it is a centralized system. If an adversary intrudes on the cloud server’s database, he/she may attempt to intercept or learn the stored data. To mitigate these issues, we design a secure and lightweight authentication and key agreement scheme for cloud-assisted UAV using blockchain in flying ad-hoc networks, called LAKA-UAV. LAKA-UAV utilizes blockchain technology to ensure access control and data integrity using log transactions and the cloud server securely manages collected data from UAV. We prove the security of LAKA-UAV based on informal security analysis and formal security verification implementation. Based on testbed experiments using MIRACL, LAKA-UAV provides about 2.13 times more efficient performance on average compared with related schemes in terms of computation. We present the blockchain implementation using Hyperledger Sawtooth platform

@inproceedings{bib_Post_2023, AUTHOR = {Dharminder, Dharminder and Reddy, Challa Bhageeratha and Das, Ashok Kumar and Park, Youngho }, TITLE = {Post-Quantum Lattice-Based Secure Reconciliation Enabled Key Agreement Protocol for IoT}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2023}}

The authenticated key agreement is one of the major security services that can be used to secure an Internet of Things (IoT) environment, where the devices collect the data and the data is then aggregated at the cloud server, and then a user needs to access the data stored at the server(s) securely. For this purpose, after a mutual authentication performed between a user and the accessed server, a session key needs to be established among them for secure communication. In this article, we design an efficient lattice-based authenticated key exchange protocol using ring-based version of learning with errors assumption for the IoT-enabled smart devices. The proposed protocol is basically a key exchange that uses the reconciliation mechanism. The detailed security analysis under the standard model has been performed along with the informal security analysis to show that the proposed protocol is robust against different attacks. We then simulate the proposed protocol under the NS-3 simulator to measure the network performance parameters like network throughput and latency. A comparative analysis shows that the proposed protocol has superior security, less computational cost, and comparable communication cost when compered these parameters with the other competing schemes.

@inproceedings{bib_Impa_2023, AUTHOR = {Mitra, Ankush and Bera, Basudeb and Das, Ashok Kumar and Jamal, Sajjad Shaukat and You, Ilsun }, TITLE = {Impact on blockchain-based AI/ML-enabled big data analytics for Cognitive Internet of Things environment}, BOOKTITLE = {Computer Communications}. YEAR = {2023}}

Cognitive Internet of Things (CIoT) supports the organizations to learn from the information (data) arriving from various connected devices, sensors, machines and other sources, and at the same time it inspires intelligence into different business operations, products, customer experiences, and people. Data poising attacks are very serious concerns because they may play a significant factor for businesses and organizations for both financial terms and damaging their reputations, when the Big data analytics on the analyzed data is itself corrupted. To mitigate this issue, in this paper, we suggest a blockchain-based Artificial Intelligence(AI)/Machine Learning(ML)-enabled Big data analytics mechanism for CIoT environment. The comprehensive experimental results have been provided under two circumstances: (1) performance of the ML model under data poisoning attacks and (2) performance of the ML model without data poisoning attacks. In the first case, we show how the data poison attacks can effect the ML model when the data is on some cloud storage (i.e. not in the blockchains), whereas in the second case we show the effect when the data is in the blockchains (i.e., without data poisoning attacks). The experimental results demonstrate that we have significant gains in performance in terms of accuracy, recall, precision and F1 score when there are no data poisoning attacks on the data. Moreover, a detailed blockchain simulation has carried out to demonstrate the practical aspects of the proposed security framework.

@inproceedings{bib_An_E_2023, AUTHOR = {Thakur, Garima and Kumar, Pankaj and Deepika, and Jangirala, Srinivas and Das, Ashok Kumar and Park, YoungHo }, TITLE = {An Effective Privacy-Preserving Blockchain-Assisted Security Protocol for Cloud-Based Digital Twin Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2023}}

recently, the Digital Twin (DT) technology has procured a lot of attention because of its applicability in the manufacturing and space industries. The DT environment involves the formation of a clone of the tangible object to perform simulations in the virtual space. The combination of conceptual development, predictive maintenance, real-time monitoring, and simulation characteristics of DT has increased the utilization of DT in different scenarios, such as medical environments, healthcare, manufacturing industries, aerospace, etc. However, these utilizations have also brought serious security pitfalls in DT deployment. Towards this, several authentication protocols with different security and privacy features for DT environments have been proposed. In this article, we first review a recently proposed two-factor authentication protocol for DT environments that utilizes the blockchain technology. However, the analyzed scheme is unable to offer the desirable security and cannot withstand various security attacks like offline password-guessing attack, smart card stolen attack, anonymity property, and known session- specific temporary information attack. We also demonstrate that an attacker can impersonate the analyzed protocol’s legal user, owner, and cloud server. To mitigate these security loopholes, we devise an effective three-factor privacy-preserving authentication scheme for DT environments. The proposed work is demonstrated to be secure by performing the informal security analysis, the formal security analysis using the widely recognized Burrows-Abadi-Needham (BAN) logic, and the Real-or-Random (ROR) model. A detailed comparative study with the existing competing schemes including the analyzed scheme demonstrates that the devised framework furnishes better security features while also having lower computation costs and comparable communication costs than the existing schemes.

@inproceedings{bib_A_Ne_2023, AUTHOR = {N, Sivaselvan and K, Vivekananda Bhat and Rajarajan, Muttukrishnan and Das, Ashok Kumar }, TITLE = {A New Scalable and Secure Access Control Scheme using Blockchain Technology for IoT}, BOOKTITLE = {IEEE Transactions on Network and Service Management}. YEAR = {2023}}

The growth of IoT devices is so rapid that several billions of such devices would be in use in a span of four-year period. Essential security mechanisms need to be put in place to curb several security attacks prevalent in IoT. Access control is an important security mechanism that ensures legitimate and controlled access to critical and limited resources in IoT. The current access control schemes for IoT could not handle burgeoning number of IoT devices, while meeting the necessary level of security. Consequently, in this paper, we propose a new scalable and secure access control scheme for IoT. With blockchain as the root-of-trust, the proposed scheme performs access control for the IoT devices without having the resource-constrained IoT devices to be part of the blockchain network and to possess substantial amount of blockchain data. Blockchain’s tamper-proof property makes it an ideal candidate to be chosen as the root-of-trust. The scheme is secure against various security attacks prevalent in IoT. A proof-of-concept implementation for the scheme is developed and deployed in Ethereum Mainnet. The transaction costs of the different operations in the scheme are fairly below USD 3. Furthermore, scalability of the proposed scheme in different scenarios is investigated.

@inproceedings{bib_An_A_2023, AUTHOR = {Zahoor, Amina and Mohomood, khalid and Shamshad, Salman and Saleem, Muhammad Asad and Ayub, Muhammad Faizan and Conti, Mauro and Das, Ashok Kumar }, TITLE = {An Access Control Scheme in IoT-Enabled Smart-Grid Systems Using Blockchain and PUF}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2023}}

IoT-enabled Smart Grid (IoT-SG) is an emerging paradigm that enables the bi-direction communication of IoT devices and hardware to efficiently collect and transmit the consumer’s information over the Internet. However, the underlying open communication network and resource-constrained capabilities of devices invite manifold challenges and threats in terms of security and privacy. To alleviate such issues, we designed a private blockchain-based access control protocol for IoT-SG using Physically Unclonable Function (PUF). Our protocol allows the Service Provider (SP) and smart meters to transfer the data in an efficient and secure manner. The participating SPs form the Peer-to-Peer (P2P) network, and each peer node is responsible for securely creating the blocks from the gathered data. Thereafter, all the peer nodes employ a voting-based consensus mechanism to verify and add the recently created block …

@inproceedings{bib_A_Pr_2023, AUTHOR = {Chen, Chien-Ming and Liu, Shuangshuang and Li, Xuanang and Islam, SK Hafizul and Das, Ashok Kumar }, TITLE = {A Provably-Secure Authenticated Key Agreement Protocol for Remote Patient Monitoring IoMT}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2023}}

With the continuous improvement of the public medical system, the current medical service industry is more intelligent. Among them, the Internet of Medical Things (IoMT) plays a significant role in intelligent medicine. The emergence of remote wireless monitoring platforms in the IoMT systems has significantly reduced the risk of virus infection among medical staff. However, data is easy to be stolen by criminals in the transmission process. To mitigate these issues, we propose a three-factor enhanced protocol for monitoring patient body information. The proposed protocol can provide the confidentiality of transmitted data and the privacy of doctors and patients. The security of the protocol is demonstrated in the Random Oracle Model (ROM) for formal security. In addition, by comparing the proposed protocol with other related works, our design has efficient performance both in execution time and communication costs.

@inproceedings{bib_SINN_2023, AUTHOR = {Singh, Jaskaran and Sharma, Keshav and Wazid, Mohammad and Das, Ashok Kumar }, TITLE = {SINN-RD: Spline Interpolation-envisioned Neural Network-based Ransomware Detection Scheme}, BOOKTITLE = {Computers and Electrical Engineering}. YEAR = {2023}}

Multiple kinds of ransomware are currently posing a growing threat to the Internet users. Important user data is encrypted by the trendy ransomware, and its recovery requires payment of a ransom in terms of some amount of money. The trend of crypto-currencies may be a contributing factor to the rise of ransomware attacks. From time to time, different mechanisms for detection and mitigation of ransomware attacks have been proposed. However, the performance of the ransomware detection process can be improved through the deployment of Machine Learning/Deep Learning based mechanisms. In this article, we propose a novel Spline Interpolation envisioned Neural Network based Ransomware Detection Scheme (in short, we call it as SINN-RD). Additionally, we introduce the mechanisms for normalizing the data and generating the new features from the log files. The conducted security analysis of the

@inproceedings{bib_Mobi_2023, AUTHOR = {M, Indushree and Raj, Manish and Mishra, Vipul Kumar and R, Shashidhara and Das, Ashok Kumar and K, Vivekananda Bhat }, TITLE = {Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks}, BOOKTITLE = {Computer Communications}. YEAR = {2023}}

Designing a secure and efficient authentication protocol is crucial and challenging in the mobility network. Due to the seamless roaming of mobile users over multiple foreign agents and the broadcast nature of the communication channel, the mobile networks are often exposed to several network attacks. To achieve perfect authentication and secure communication among mobility entities like MU (Mobile User), FA (Foreign Agent) and HA (Home Agent), the researchers have proposed numerous authentication protocols in the past. However, the existing protocols for the mobility environments are insufficient to address the fundamental security concerns and an adversary can impersonate the mobile user at anytime. Thus, we propose Mobile-Chain, a secure blockchain-based authentication system for mobility environments. The proposed Mobile-Chain is designed to protect user privacy and guarantees provable

@inproceedings{bib_Bloc_2022, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Mitra, Ankush and Das, Sajal K. and Park, Youngho }, TITLE = {Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Networks}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}

Precision farming has a positive potential in the agricultural industry regarding water conservation, increased productivity, better development of rural areas, and increased income. Blockchain technology is a better alternative for storing and sharing farm data as it is reliable, transparent, immutable, and decentralized. Remote monitoring of an agricultural field requires security systems to ensure that any sensitive information is exchanged only among authenticated entities in the network. To this end, we design an efficient blockchain-enabled authenticated key agreement scheme for mobile vehicles-assisted precision agricultural Internet of Things (IoT) networks called AgroMobiBlock . The limited existing work on authentication in agricultural networks shows passive usage of blockchains with very high costs. AgroMobiBlock proposes a novel idea using the elliptic curve operations on an active hybrid blockchain over mobile farming vehicles with low computation and communication costs. Formal and informal security analysis along with the formal security verification using the Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool have shown the robustness of AgroMobiBlock against man-in-the-middle, impersonation, replay, physical capture, and ephemeral secret leakage attacks among other potential attacks. The blockchain-based simulation on large-scale nodes shows the computational time for an increase in the network and block sizes. Moreover, the real-time testbed experiments have been performed to show the practical usefulness of the proposed scheme.

@inproceedings{bib_KL-R_2022, AUTHOR = {Meher, Bimal Kumar and Amin, Ruhul and Das, Ashok Kumar and Khan, Muhammad Khurram }, TITLE = {KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}

Elliptic Curve Cryptography (ECC)-based authenti-cation schemes for the Radio-frequency identification (RFID) environment have emerged as a very safe, secure, and robust candidate of mutual authentication. However, the limited resource availability in a passive tag makes such schemes difficult to realize in practice. Public/private key pair generation, storage, and the computation using those keys are the major bottlenecks towards the faster and efficient design of such schemes. Therefore, we have designed our scheme without using public/private key pairs. We only utilize the Elliptic Curve Discrete Logarithm Problem (ECDLP) property for the realization of our key-less scheme on the secure elliptic curves. Our scheme is primarily aimed at efficient implementation of authentication schemes in Warehouse Management System (WMS), where the data is stored in local servers. This new idea helps to save the memory space in the tags and the server. Moreover, the computation cost also reduces to a great extent in comparison to other schemes. We have compared our scheme with several other schemes and found it efficient in terms of storage cost as well. The simulation result of our scheme with the popular aut

@inproceedings{bib_Bloc_2022, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar }, TITLE = {Blockchain-Based Fog Computing}, BOOKTITLE = {Security Issues in Fog Computing from 5G to 6G}. YEAR = {2022}}

The distributed nature of Internet of Things (IoT) and fog computing mandates that the security provided to the resources of networking and data on these applications is based on a distributed structure. The nodes in a fog computing environment should be working with equal capacities without any necessity of trust among them, in order to allow the layers and infrastructure that constitute the stack of a fog node to be owned and managed by different entities. This idea of security necessitates the need for distributed trust in fog computing that can be realized using the concept of blockchain technology. Blockchain is a distributed and

@inproceedings{bib_Bloc_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Park, Youngho }, TITLE = {Blockchain‐enabled secure communication mechanism for IoT‐driven personal health records}, BOOKTITLE = {Transactions on Emerging Telecommunications Technologies}. YEAR = {2022}}

The information system of healthcare operates through various frameworks, like wireless body area network, telecare medical information system, and mobile or electronic healthcare. All these systems need to maintain the personal health records (PHRs) for various users (ie, patients, doctors, and nurses). In such systems, we need to process and store the health related sensitive data (ie, PHRs). In this article, we aim to provide a robust security mechanism to secure exchange and storage of healthcare data, especially PHRs. We present a generic architecture of blockchain‐enabled secure communication mechanism for Internet of Things‐driven personal health records (BIPHRS). We then discuss various threats and security attacks of healthcare system along with different available security mechanisms. The conducted security analysis and detailed comparative study of the state of art blockchain enabled security schemes for PHR systems show that the proposed BIPHRS provides a better security and more functionality features as compared to other similar existing approaches. We propose a blockchain‐enabled secure communication framework for Internet of Things‐driven personal health records (BIPHRS). The proposed BIPHRS provides better security and more functionality features as compared to the other similar schemes. In addition, a practical

@inproceedings{bib_An_E_2022, AUTHOR = {Shamshad, Salman and Mahmood, Khalid and Hussain, Shafiq and Garg, Sahil and Das, Ashok Kumar }, TITLE = {An Efficient Privacy-Preserving Authenticated Key Establishment Protocol for Health Monitoring in Industrial Cyber–Physical Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

Industry 5.0 is the automation, digitization, and data communication of the industrial procedure that comprises industrial cyber–physical systems (I-CPSs), industrial Internet of Things (IIoT), and artificial intelligence (AI). In the I-CPS-enabled healthcare ecosystem, intelligent wearable devices have been extensively employed to sense body information and measure the health status of the patients. Besides other IIoT applications, the I-CPS-enabled healthcare ecosystem also bears various challenges. For instance, due to the communal communication mediums, the security of a patient’s physiological datum is becoming a significant challenge these days. In order to cope with this challenge, we presented a secure and lightweight key establishment protocol. To the best of our knowledge, this protocol is the first application of physically unclonable function (PUF) in the I-CPS-enabled healthcare. The security of the designed protocol is proved with the help of a widely recognized real-or-random (ROR) model. The practical demonstration of our protocol from the network perspective is also measured through broadly recognized NS3 simulator tool.

@inproceedings{bib_AI-E_2022, AUTHOR = {Das, Ashok Kumar and Bera, Basudeb and Saha, Sourav and Kumar, Neeraj and You, Ilsun and Chao, Han-Chieh and Chao, Han-Chieh }, TITLE = {AI-Envisioned Blockchain-Enabled Signature-Based Key Management Scheme for Industrial Cyber-Physical Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

This article proposes a new blockchain-envisioned key management protocol for artificial intelligence (AI)-enabled industrial cyber–physical systems (ICPSs). The designed key management protocol enables key establishment among the Internet of Things (IoT)-enabled smart devices and their respective gateway nodes. The blocks partially constructed with secure data from smart devices by fog servers are provided to cloud servers that are responsible for completing blocks, and then mining those blocks for verification and addition in the blockchain. The most important application of the private blockchain construction is to apply AI algorithms for accurate predictions in Big data analytics. A detailed security analysis along with formal security verification show that the proposed scheme resists various potential attacks in an ICPS environment. Moreover, practical testbed experiments have been conducted using the multiprecision integer and rational arithmetic cryptographic library (MIRACL). Furthermore, a detailed comparative analysis shows superiority of the proposed scheme over recent relevant schemes. In addition, the practical implementation using the blockchain for the proposed scheme demonstrates the total computational costs when the number of transactions per block and also the number of blocks mined in the blockchain are varied.

@inproceedings{bib_SCS-_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Choo, Kim-Kwang Raymond and Park, Youngho }, TITLE = {SCS-WoT: Secure Communication Scheme for Web of Things Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

Web of Things (WoT) extends the Internet of Things (IoT) paradigm to facilitate communications among smart things/devices and Web-based applications. In other words, WoT systems generally provide a Web interface for the monitoring and controlling of smart devices over the Web, for example, in applications, such as home automation, intelligent transportation system, smart healthcare, smart cities, and smart agriculture. However, this results in the generation of significant volume of data (i.e., big data) and, hence, the importance of big data analytics. There are also associated security and privacy implications. Therefore, in this article, we present a signature-based authentication and key agreement scheme for the WoT environment and prove its security. We also evaluate the performance of SCS-WoT and compare it against four other competing schemes. The findings show that SCS-WoT achieves better performance in terms of communication cost, computational cost, and security and functionality.

@inproceedings{bib_BAKP_2022, AUTHOR = {Sripesh, Amarjit and Wazid, Mohammad and Singh, D. P. and Das, Ashok Kumar and Verma, Bharat }, TITLE = {BAKP-IoDA: blockchain driven authentication and key agreement protocol for internet of drones based applications}, BOOKTITLE = {Workshop On Mobile Computing And Networking}. YEAR = {2022}}

Recently, Internet of Drones (IoD) has emerged as an important topic to research in academy and industry due to its generic ser- vices for various drone applications. In an IoD environment, the deployed drones and the ground station server (GSS) communicate over an open network which leads to security and privacy breaches. To mitigate these issues, a blockchain driven authentication and key establishment protocol for secure communication in IoD has been designed (in short, it is called as BAKP-IoDA). The security analysis of BAKP-IoDA shows its robustness against different at- tacks. During the performance comparison, it has been observed that BAKP-IoDA maintains superior security along with extra func- tionality features with the competing schemes. Additionally, the blockchain based practical demonstration of BAKP-IoDA shows its impact on various important network performance parameters, like computation time and transactions per second

@inproceedings{bib_Unit_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Chamola, Vinay and Park, Youngho }, TITLE = {Uniting cyber security and machine learning: Advantages, challenges and future research}, BOOKTITLE = {Information and Communications Technology}. YEAR = {2022}}

Machine learning (ML) is a subset of Artificial Intelligence (AI), which focuses on the implementation of some systems that can learn from the historical data, identify patterns and make logical decisions with little to no human interventions. Cyber security is the practice of protecting digital systems, such as computers, servers, mobile devices, networks and associated data from malicious attacks. Uniting cyber security and ML has two major aspects, namely accounting for cyber security where the machine learning is applied, and the use of machine learning for enabling cyber security. This uniting can help us in various ways, like it provides enhanced security to the machine learning models, improves the performance of the cyber security methods, and supports effective detection of zero day attacks with less human intervention. In this survey paper, we discuss about two different concepts by uniting cyber security and ML. We also discuss the advantages, issues and challenges of uniting cyber security and ML. Furthermore, we discuss the various attacks and provide a comprehensive comparative study of various techniques in two different considered categories. Finally, we provide some future research directions. © 2022 The Author(s). Published by Elsevier B.V. on behalf of The Korean Institute of Communications and Information Sciences. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Keywords: Cyber security; Machine learning; Internet of Things (ioT); Privacy; Security; Intrusion detection

@inproceedings{bib_TACA_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {TACAS-IoT: Trust Aggregation Certificate-Based Authentication Scheme for Edge-Enabled IoT Systems}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

The Internet of Things (IoT) is a network of interconnected, Internet-connected items (i.e., smart devices) that can collect and transmit data across a wireless network with- out the need for human intervention. IoT enables the systems to have higher efficiency and dependability in their day-to-day operations due to its strong focus on machine-to-machine (M2M) connectivity, big data, and machine learning. While IoT has many advantages over traditional techniques, it also has a number of security and privacy concerns. Trust is a belief in the competence of a device (computing machine) to act dependably, securely and reliably in some specific context. In an M2M (one IoT device to other IoT device) communication, trust is accomplished by making the use of cryptographic operations (i.e., digital signa- tures and electronic certificates). Various security threats and attacks have been launched on IoT connectivity in recent years. A trust mechanism is necessary to ensure the quality of collab- orative service behaviors and to build confidence between IoT devices. As a result, how to create an effective trust computing mechanism has become an emerging topic in IoT. Therefore, we provide the design of a novel trust-aggregation-based authen- tication scheme for secure communication of edge-enabled IoT (in short, TACAS-IoT). The security analysis shows that TACAS- IoT is secured against a variety of attacks. Moreover, TACAS-IoT delivers greater security and capabilities with less communica- tion and computation overheads, according to the performance comparison. Finally, a practical implementation of TACAS-IoT is provided in order to assess its impact on the key performance parameters. Index Terms—Authentication and key management, Internet of Things (IoT), security, simulation, trust.

@inproceedings{bib_SLAP_2022, AUTHOR = {Yu, Sungjin and Das, Ashok Kumar and Park, Youngho and Lorenz, Pascal }, TITLE = {SLAP-IoD: Secure and Lightweight Authentication Protocol Using Physical Unclonable Functions for Internet of Drones in Smart City Environments}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}

With the emergence of the concept of smart city and the increasing demands for a range of drones, Internet of Drones (IoD) has achieved a variety of attention by providing multiple benefits in academia and industry. IoD offers numerous services, such as traffic monitoring, environmental monitoring, and disas- ter management by combining infrastructure, Internet of Things (IoT), and Flying Ad-Hoc Networks (FANET) in smart city envi- ronments. However, communication among drones is vulnerable to potential security threats because the sensitive messages in various applications are exchanged via an insecure channel in IoD-based smart city environments. Since IoDs can be operated in unat- tended environment with minimum human interventions, smart devices (e.g., drones and sensors) deployed in IoD architectures are vulnerable to physical capture attacks. In addition, drones are resource-constrained in terms of computation and communication overheads, and it is not much viable to apply public key cryptog- raphy (PKC) that requires high computation and communication overheads. Thus, we design a secure and lightweight authentication protocol using a physical unclonable function (PUF) for IoD to guarantee reliable and useful services in smart city environments, called SLAP-IoD. We prove the security of the SLAP-IoD using informal and formal security analyses using the broadly recog- nized Real-Or-Random (ROR) random oracle model, and also through the formal security verification using the widely-accepted Automated Validation of Internet Security-sensitive Protocols and Applications (AVISPA) security verification. Furthermore, we com- pare the performance of the SLAP-IoD with related schemes. Consequently, we show that SLAP-IoD offers better security and efficiency than other related schemes and is suitable for IoD-based smart city environments

@inproceedings{bib_Secu_2022, AUTHOR = {Garg, Neha and Wazid, Mohammad and Singh, Jaskaran and Singh, D. P. and Das, Ashok Kumar }, TITLE = {Security in IoMT-Driven Smart Healthcare: A Comprehensive Review and Open Challenges}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}

The Internet of Medical Things (IoMT) is a kind of communication environment, which deals with communication that occurs through the Internet of Things (IoT)-enabled smart medical (healthcare) devices. The potential security threats of IoMT affect the confidentiality, integrity, authenticity and availability of its data and the associated resources. In this review article, we explain various architectures of IoMT communication along with their applications. We highlight the security requirements of IoMT communication environment along with some potential security attacks and threats of IoMT. Furthermore, the network model and adversary model of IoMT communication are provided. A taxonomy of security protocols of IoMT communication environment is additionally added, which contains various security protocols, such as key management, user/device authentication, access control and intrusion detection protocols. Moreover, we provide a detailed comprehensive comparative analysis of several security protocols with respect to various parameters, like computation cost, communication cost, security features and functionality features, accuracy and F1-score. Additionally, we also provide some future research directions.

@inproceedings{bib_Secu_2022, AUTHOR = {Chattaraj, Durbadal and Das, Ashok Kumar }, TITLE = {Security and Privacy Issues in 5G/6G-Assisted Software-Defined Networks}, BOOKTITLE = {Software Defined Networks: Architecture and Applications}. YEAR = {2022}}

Emerging 5G/6G communication and next-generation Internet (NGI) technologies demand proper administration and control of an ultra large-scale dynamic network to provide high-speed ubiquitous networked-resource accessing while assisting higher channel bandwidth. The conventional static network infrastructure-based solutions provide only manual supervision and third-party provisioning of the networked assets. In addition, such settings mostly forefront to unsuitable resource usage, and sometimes lead to several security and privacy concerns. The de facto Software-Defined Networking (SDN) has come up with several new promises to solve such limitations. Since its inception, SDN decouples the traditional data layer from the control plane of a third-party network equipment, which is claimed to be ensured higher security, dynamicity, scalability, efficiency, and faster reconfiguration capability of a ultra large-scale dynamic network as compared with the conventional network. However, a thorough inspection of the literature presently shows that most of the vulnerabilities are originated from the two specific layers, namely, control and data plane of the underlying SDN framework. Also, due to the absence of proper authentication and access control mechanisms ensuring inevitable protection of the SDN controller node and the network assets is a very challenging task. Though secure socket layer (SSL) or transport layer security (TLS)-based solutions are predominantly advocated in this domain to assist security in SDN framework but such mechanisms are also vulnerable to spoofing, sniffing, eavesdropping, replay, man-in-the-middle, privileged-insider, denial-of-service, distributed-denial-of-service, impersonation attacks. Therefore, this work qualitatively countermeasures all the recently attended (or unattended) state-of-the-art security and privacy concerns related to the recently reported access control, authentication, key management, secure data aggregation, privacy-aware secure auditing, and layer-wise functional inconvenience policies with respect to each and every layers of SDN platform. This study hence will be helpful to the academicians and researchers for the future development of new policies and protocols in the SDN platform.

@inproceedings{bib_Secu_2022, AUTHOR = {Das, Ashok Kumar and Roy, Sandip and Bandara, Eranga and Shetty, Sachin }, TITLE = {Securing Age-of-Information (AoI)-Enabled 5G Smart Warehouse Using Access Control Scheme}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

Low-power wireless sensor networks (WSNs) and Internet of Things (IoT) have great impact for the real-time applications in future 5th generation (5G) mobile networks due to the wireless-powered communication technologies. The Age of Information (AoI) plays a crucial performance metric in an IoT-enabled real-time smart warehouse application, where the freshness of the aggregated data is very important. However, wireless medium communication among the beacon nodes and the user equipments (tracking nodes) gives an opportunity to an adversary not only to eavesdrop the data but also to corrupt the data by means of deleting, modifying or inserting malicious information during communication among the entities involved in the smart warehouse environment. To mitigate these issues, we design a security scheme for AoI-enabled 5G smart ware- house through an access control mechanism, where the secure communication among the beacon nodes and the tracking nodes will take place by mutual device authentication and key agree- ment process. The fresh data collected at the enterprise cloud is then used for big data analytics for better predictions and anal- ysis, such as optimal device scheduling so that the data becomes very fresh. The rigorous security analysis and comparative study show that the proposed mechanism has significantly better secu- rity and comparable communication and computational costs as compared to the relevant schemes. In addition, through the real- time testbed experiments, we show that the proposed scheme is practical in 5G smart warehouse context. Index Terms—Access control and key agreement (ACKA), Age of Information (AoI), bi

@inproceedings{bib_Secu_2022, AUTHOR = {Dharminder, Dharminder and Kumar, Uddeshaya and Das, Ashok Kumar and Bera, Basudeb and Giri, Debasis and Jamal, Sajjad Shaukat and Rodrigues, Joel J. P. C. }, TITLE = {Secure cloud-based data storage scheme using postquantum integer lattices-based signcryption for IoT applications}, BOOKTITLE = {Transactions on Emerging Telecommunications Technologies}. YEAR = {2022}}

The primary objective of postquantum cryptography (also known as quantum-resistant cryptography) is to develop the cryptographic systems that need to be robust against both quantum and classical computers, and can also interoperate with the existing communications protocols and networks. In an Internet of Things (IoT) environment, the communicated messages contain sensitive information that are transmitted over an open channel, where message integrity and data privacy become challenging tasks. Although several traditional cryptographic security protocols can be applied for IoT security and data privacy, such as authentication, access control, key agreement, and digital signature, but they are not resilient against quantum attacks. To overcome these issues, in this article, we first present an advanced and efficient construction of postquantum lattice-based signcryption scheme, and then apply the constructed lattice-based signcryption in IoT applications, where data sensed by the deployed IoT smart devices is securely stored at the cloud, via the gateway nodes (aggregators). The data stored at the cloud servers cannot be even modified by them due to the involved signatures generated by the aggregators. The formal security analysis shows the robustness of our designed lattice-based signcryption scheme. Other detailed information security analysis and a performance analysis with the traditional number-theoretical based public key cryptosystems show the efficacy, and significantly better security and functionality features of the proposed scheme under the lattice-based postquantum context.

@inproceedings{bib_Secu_2022, AUTHOR = {Bagga, Palak and Mitra, Ankush and Das, Ashok Kumar and Vijayakumar, Pandi and Park, YoungHo and Karuppiah, Marimuthu }, TITLE = {Secure biometric-based access control scheme for future IoT-enabled cloud-assisted video surveillance system}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}

We propose a new access control mechanism for video surveillance system based on user’s biometrics, which allows to access real-time video surveillance data from deployed Internet of Things (IoT) smart devices. For this purpose, mutual authentication is performed between a user and accessed smart devices via the cloud server(s) and the session keys are then established to make secure communication. The proposed scheme allows accessing real time video and older videos that are in cloud servers, and also user’s credential update phase. Through the security analysis, it has been shown that the proposed scheme is robust against a variety of potential passive/active attacks. A detailed comparative study shows the efficacy of the proposed scheme as compared to other existing solutions. Finally, the real testbed experiments have been carried out for secure surveillance system using Raspberry PI devices as IoT devices, user’s devices and servers to show its practical application.

@inproceedings{bib_Robu_2022, AUTHOR = {Palaniswamy, Basker and Ansari, Keyvan and Reddy, Alavalapati Goutham and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {Robust Certificateless Authentication Protocol for the SAE J1939 Commercial Vehicles Bus}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}

Authentication for controller area network (CAN) buses in an intra-vehicular network involving electronic control units (ECUs) is a challenging factor. The Society of Automotive Engineers standard (SAE J1939) incorporating the ISO 11898- 1 specification for the data link and physical layers of the standard CAN and CAN-flexible data rate (CAN-FD) handles communication among ECUs. The SAE J1939 is vulnerable to attacks, namely replay, masquerading and machine-in-the-middle (MITM) attacks. To prevent such attacks, there exist protocol suites for resource-constrained and resource-unconstrained nodes proposed in the literature which are not formally analysed. We formally analyse one of the comprehensive protocol suites using the state-of-the-art Tamarin automated software validation tool. The analysis reveals that the protocols have a vulnerability that can be exploited by replay attack. The identified replay attack prevents further frame authentication. To mitigate the identified attacks, we propose two new authentication protocols. At first, we propose one pass authentication protocol for computationally re- stricted nodes. For nodes that are not restricted computationally, we present a certificateless signature-based authentication proto- col. Additionally, we present a new certificateless key insulated manageable signature (CL-KIMS) scheme for the signature-based authentication protocol. CL-KIMS ensures key insulation and random access key update properties. CL-KIMS scheme assures a novel property, known as self-healing property. The security of the proposed protocol suite and the signature scheme is formally analysed using the random oracle model (ROM). Especially, CL- KIMS scheme is shown to be provably secure in the ROM against Type-I and Type-II adversaries. We use the Tamarin tool to verify mutual authentication, session key security, known key secrecy and forward security. A detailed performance comparison shows that compared with the existing protocol suites, the proposed protocol suite has lesser communication overhead and ensures

@inproceedings{bib_Post_2022, AUTHOR = {Dharminder, Dharminder and Das, Ashok Kumar and Saha, Sourav and Bera, Basudeb and Vasilakos, Athanasios V. }, TITLE = {Post-Quantum Secure Identity-Based Encryption Scheme Using Random Integer Lattices for IoT-Enabled AI Applications}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2022}}

Identity-based encryption is an important cryptographic system that is employed to ensure confidentiality of a message in communication. &is article presents a provably secure identity based encryption based on post quantum security assumption. &e security of the proposed encryption is based on the hard problem, namely Learning with Errors on integer lattices. &is construction is anonymous and produces pseudo random ciphers. Both public-key size and ciphertext-size have been reduced in the proposed encryption as compared to those for other relevant schemes without compromising the security. Next, we incorporate the constructed identity based encryption (IBE) for Internet of &ings (IoT) applications, where the IoT smart devices send securely the sensing data to their nearby gateway nodes(s) with the help of IBE and the gateway node(s) secure aggregate the data from the smart devices by decrypting the messages using the proposed IBE decryption. Later, the gateway nodes will securely send the aggregated data to the cloud server(s) and the Big data analytics is performed on the authenticated data using the Artificial Intelligence (AI)/Machine Learning (ML) algorithms for accurate and better predictions.

@inproceedings{bib_On_t_2022, AUTHOR = {Garg, Neha and Petwal, Rajat and Wazid, Mohammad and Das, Ashok Kumar and Rodrigues, Joel J.P.C. }, TITLE = {On the design of an AI-driven secure communication scheme for internet of medical things environment}, BOOKTITLE = {Digital Communications and Networks}. YEAR = {2022}}

The Internet of Medical Things (IoMT) is a collection of smart healthcare devices, hardware infrastructure, and related software applications, facilitating to connect healthcare information technology system via the Internet. It is also called IoT in healthcare, facilitating secure communication of remote healthcare devices over the Internet for quick and flexible analysis of healthcare data. In other words, IoMT is an amalgam of medical devices and applications, which improves overall healthcare outcomes. However, this system is prone to security- and privacy-related attacks on healthcare data. Therefore, providing a robust security mechanism to prevent the attacks and vulnerability of IoMT is essential. To mitigate this, we proposed a new Artificial-Intelligence envisioned secure communication scheme for IoMT. The discussed network and threat models provide details of the associated network arrangement of the IoMT devices and attacks relevant to IoMT. Furthermore, we provide the security analysis of the proposed scheme to show its security against different possible attacks. Moreover, a comparative study of the proposed scheme with other similar schemes is presented. Our results show that the proposed scheme outperforms other similar schemes in terms of communication and computation costs, and security and functionality attributes. Finally, we provide a pragmatic study of the proposed scheme to observe its impact on various network performance parameters.

@inproceedings{bib_Mach_2022, AUTHOR = {Singh, Jaskaran and Wazid, Mohammad and Das, Ashok Kumar and Chamola, Vinay and Guizani, Mohsen }, TITLE = {Machine learning security attacks and defense approaches for emerging cyber physical applications: A comprehensive survey}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}

The cyber physical systems integrate the sensing, computation, control and networking processes into physical objects and infrastructure, which are connected through the Internet to execute a common task. Cyber physical systems can be applied in various applications, like healthcare, transportation, industrial production, environment and sustainability, and security and surveillance. However, the tight coupling of cyber systems with physical systems introduce challenges in addressing stability, security, efficiency and reliability. The machine learning (ML) security is the inclusion of cyber security mechanism to provide protection to the machine learning models against various cyber attacks. The ML models work through the traditional training and testing approaches. However, execution of such kind of approaches may not function effectively in case if a system is connected to the Internet. As online hackers can exploit deployed security mechanisms and poison the data. This data is then taken as the input by the ML models. In this article, we provide the details of various machine learning security attacks in cyber physical systems. We then discuss some defense mechanisms to protect against these attacks. We also present a threat model of ML security mechanisms deployed in cyber systems. Furthermore, we discuss various issues and challenges of ML security mechanisms deployed in cyber systems. Finally, we provide a detailed comparative study on performance of the ML models under the influence of various ML attacks in cyber physical systems.

@inproceedings{bib_KL-R_2022, AUTHOR = {Meher, Bimal Kumar and Amin, Ruhul and Das, Ashok Kumar and Khan, Muhammad Khurram }, TITLE = {KL-RAP: An Efficient Key-Less RFID Authentication Protocol Based on ECDLP for Consumer Warehouse Management System}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}

Elliptic Curve Cryptography (ECC)-based authenti-cation schemes for the Radio-frequency identification (RFID) environment have emerged as a very safe, secure, and robust candidate of mutual authentication. However, the limited resource availability in a passive tag makes such schemes difficult to realize in practice. Public/private key pair generation, storage, and the computation using those keys are the major bottlenecks towards the faster and efficient design of such schemes. Therefore, we have designed our scheme without using public/private key pairs. We only utilize the Elliptic Curve Discrete Logarithm Problem (ECDLP) property for the realization of our key-less scheme on the secure elliptic curves. Our scheme is primarily aimed at efficient implementation of authentication schemes in Warehouse Management System (WMS), where the data is stored in local servers. This new idea helps to save the memory space in the tags and the server. Moreover, the computation cost also reduces to a great extent in comparison to other schemes. We have compared our scheme with several other schemes and found it efficient in terms of storage cost as well. The simulation result of our scheme with the popular automated software validation tool, Scyther, shows that it is safe from different possible attacks.

@inproceedings{bib_Heal_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Mohd, Noor and Park, Youngho }, TITLE = {Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions}, BOOKTITLE = {IEEE Access}. YEAR = {2022}}

Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust framework in order to secure the data of healthcare 5.0, which can facilitate different security related procedures like authentication, access control, key management and intrusion detection. Therefore, in this review article, we propose the design of a secure generalized healthcare 5.0 framework. The details of various applications of healthcare 5.0 along with the security requirements and threat model of healthcare 5.0 are provided. Next, we discuss about the existing security mechanisms in healthcare 5.0 along with their performance comparison. Some future research directions are finally discussed for the researchers working in healthcare 5.0 domain.

@inproceedings{bib_EV-P_2022, AUTHOR = {Babu, Ponnuru Raveendra and Reddy, Alavalapati Goutham and Palaniswamy, Basker and Das, Ashok Kumar }, TITLE = {EV-PUF: Lightweight Security Protocol for Dynamic Charging System of Electric Vehicles Using Physical Unclonable Functions}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}

Dynamic charging is a potential technology that would enable electric vehicles to be charged while they are in motion. Significant security and privacy concerns, on the other hand, arise as a result of communications between electric vehicles and a variety of dynamic charging system entities occurring over a public channel. Numerous authentication protocols have been presented recently to address security concerns associated with dynamic charging system. Nonetheless, we provide a lightweight authentication protocol suite that enables mutual authentication and session key agreement between the electric vehicle and the charging system while safeguarding against numerous attacks. The EV-PUF is based on physical unclonability, which is gaining popularity as a substitute for ultra-lightweight authentication and resistance to machine learning based attacks. Additionally, the security of the EV-PUF suite has been demonstrated using the random oracle model and state-of-the-art tool, Tamarin. According to the performance analysis, it is apparent that the EV-PUF suite improves efficiency in terms of consumption of less communication and computing overhead.

@inproceedings{bib_Desi_2022, AUTHOR = {Wazid, Mohammad and Thapliyal, Siddhant and Singh, Devesh Pratap and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {Design and Testbed Experiments of User Authentication and Key Establishment Mechanism for Smart Healthcare Cyber Physical Systems}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}

Smart healthcare technologies transform the tradi- tional healthcare system in all possible ways. Smart healthcare has enormous number of benefits over the traditional system. However, at the same time, it also suffers from some healthcare data security and privacy related issues as the potential Internet attackers may get access to the sensitive healthcare through the deployment of various kinds of attacks. To mitigate these issues, in this paper, a new lightweight remote user authentica- tion and key establishment scheme (in short, UAKM-SH) has been proposed by making the use of lightweight cryptographic operations. The security analysis of UAKM-SH is conducted to prove its robustness against various possible attacks. A detailed comparative study among the proposed UAKM-SH and other ex- isting schemes shows that UAKM-SH performs better in terms of computation cost, communication cost, and the offerered security and functionality features. Finally, the testbed implementation of UAKM-SH is given to observe its behaviour in the real time scenario. Index Terms—Smart healthcare, authentication, key agree- ment, security, testbed implementation.

@inproceedings{bib_Chao_2022, AUTHOR = {Belal, Mohamad Mulham and Maitra, Tanmoy and Giri, Debasis and Das, Ashok Kumar }, TITLE = {Chaotic neural networks and farfalle construction based parallel keyed secure hash function}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}

Parallel computing of hash functions along with the security requirements have great advantage in order to reduce the time consumption and overhead of the CPU. In this article, a keyed hash function based on farfalle construction and chaotic neural networks (CNNs) is proposed, which generates a hash value with arbitrary (defined by user) length (eg, 256 and 512 bits). The proposed hash function has parallelism merit because it is built over farfalle construction which avoids the dependency between the blocks of a given message. Moreover, the proposed hash function is chaos based (ie, it relies on chaotic maps and CNNs which have non-periodic behavior). The security analysis shows that the proposed hash function is robust and satisfies the properties of hash algorithms, such as random-like (non-periodic) behavior, ideal sensitivity to original message and secret key, one-way property and optimal diffusion effect. The speed performance of the hash function is also analyzed and compared with a hash function which was built based on sponge construction and CNN, and compared with secure hash algorithm (SHA) variants like SHA-2 and SHA-3. The results have shown that the proposed hash function has lower time complexity and higher throughput especially with large size messages. Additionally, the proposed hash function has enough resistance to multiple attacks, such as collision attack, birthday attack, exhaustive key search attack, preimage and second preimage attacks, and meet-in-the-middle attack. These advantages make it ideal to be used as a good collision-resistant hash function.

@inproceedings{bib_BPPS_2022, AUTHOR = {Park, KiSung and Lee, JoonYoung and Das, Ashok Kumar and Park, Youngho }, TITLE = {BPPS:Blockchain-Enabled Privacy-Preserving Scheme for Demand-Response Management in Smart Grid Environments}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2022}}

With the ongoing revolutionary growth of the industrial Internet of Things and smart grid networks, smart grid (SG) communication has been acknowledged as a next-generation network for intelligent and efficient electric power transmission. In SG networks, smart meters (SMs) generally send requests for electricity demand to service providers (SPs), which deal with the requests for efficient energy distribution. However, SGs experience many security issues with the deployed SMs and untrusted wireless communication. To tackle these security issues, we propose a privacy-preserving authentication scheme for demand response management in SGs, called BPPS. It can resist various attacks and achieve secure mutual authentication with key agreement; moreover, it provides integrity of demand-response data using blockchain. Moreover, we perform the informal and formal (mathematical) security analysis to confirm that BPPS is secure against various attacks and achieves session key security, respectively. Furthermore, we conduct the performance and simulation analysis for SGs

@inproceedings{bib_Bloc_2022, AUTHOR = {Srivastava, Vikas and Debnath, Sumit Kumar and Bera, Basudeb and Das, Ashok Kumar and Park, Youngho }, TITLE = {Blockchain-Envisioned Provably Secure Multivariate Identity-Based Multi-Signature Scheme for Internet of Vehicles Environment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2022}}

The deployed vehicles in an Internet of Vehicles (IoV) can take intelligent decisions by means of exchanging the real- time traffic-related information between the vehicles and IoV in- frastructures. This further reduces the probability of the traffic jams and accidents. However, the insecure (public) communication among the various entities in IoV makes various security threats and attacks that can be launched by passive/active adversaries present in the network. In view of this context, there is a need of an efficient cryptographic primitive which can produce single compact signature. A multi-signature scheme (MSS) empowers a collection of signers to conjointly sign a given message using a single compact signature that can be verified by any verifier. Herein, we put forward a new identity-based multivariate MSS, namely MV-MSS, which is built on top of the intractability of multivariate-quadratic (MQ) problem. The fact is that multivariate public key cryptosystem provides fast, post-quantum safe and effi- cient primitives, which makes it the front runner candidate among the post-quantum cryptographic candidates. MV-MSS is proven to be secure in the existential unforgeability under chosen-message and chosen identity attack model if solving the MQ problem is NP-hard. We then incorporate the designed MV-MSS in IoV ap- plication where the leader (cluster head) selected from a group of vehicles in a dynamic cluster forms the multi-signatures on the messages securely received from its member vehicles. Later, the messages along with their multi-signatures are forwarded to the nearby road-side unit (RSU) of the cluster head, which are then for- warded to a cloud server in the blockchain center maintained by a Peer-to-Peer (P2P) cloud servers network. In this way, the messages

@inproceedings{bib_Bloc_2022, AUTHOR = {Bagga, Palak and Das, Ashok Kumar and Chamola, Vinay and Guizani, Mohsen }, TITLE = {Blockchain-envisioned access control for internet of things applications: a comprehensive survey and future directions}, BOOKTITLE = {Telecommunication Systems}. YEAR = {2022}}

With rapid advancements in the technology, almost all the devices around are becoming smart and contribute to the Internet of Things (IoT) network. When a new IoT device is added to the network, it is important to verify the authenticity of the device before allowing it to communicate with the network. Hence, access control is a crucial security mechanism that allows only the authenticated node to become the part of the network. An access control

@inproceedings{bib_Bloc_2022, AUTHOR = {Tekchandani, Prakash and Pradhan, Indranil and Das, Ashok Kumar and Kumar, Neeraj and Park, Youngho }, TITLE = {Blockchain-Enabled Secure Big Data Analytics for Internet of Things Smart Applications}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

Smart devices in an Internet of Things (IoT) gen- erate a massive amount of big data through sensors. The data is used to build intelligent applications through machine learn- ing (ML). To build these applications, the data is collected from devices into data centers for training ML models. Usually, the training of models is performed on central server, but this approach requires the transfer of data from devices to central server. This centralized training approach is not efficient because the users are much less likely to share data to the centralized data centers due to privacy issues and bandwidth limitations. To mitigate these issues, we propose an efficient hybrid secure fed- erated learning approach with the blockchain to securely train the model locally on devices and then to store the model and its parameters into the blockchain for traceability and immutabil- ity. A detailed security and performance analysis is presented to show the efficacy of the proposed approach in terms of security, resilience against many security attacks, and cost effectiveness in computation and communication as compared to other existing competing schemes. Index Terms—Authentication, big data analytics, blockchain, Internet of Things (IoT), key agreement, security.

@inproceedings{bib_Bloc_2022, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Mitra, Ankush and Das, Sajal K. and Park, Youngho }, TITLE = {Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Network}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}

Precision farming has a positive potential in the agricultural industry regarding water conservation, increased productivity, better development of rural areas, and increased income. Blockchain technology is a better alternative for storing and sharing farm data as it is reliable, transparent, immutable, and decentralized. Remote monitoring of an agricultural field requires security systems to ensure that any sensitive infor- mation is exchanged only among authenticated entities in the network. To this end, we design an efficient blockchain-enabled authenticated key agreement scheme for mobile vehicles-assisted precision agricultural Internet of Things (IoT) networks called Agr oM obi Bl ock. The limited existing work on authentication in agricultural networks shows passive usage of blockchains with very high costs. Agr oM obi Bl ock proposes a novel idea using the elliptic curve operations on an active hybrid blockchain over mobile farming vehicles with low computation and communica- tion costs. Formal and informal security analysis along with the formal security verification using the Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool have shown the robustness of Agr oM obi Bl ock against man-in-the-middle, impersonation, replay, physical capture, and ephemeral secret leakage attacks among other potential attacks. The blockchain-based simulation on large-scale nodes shows the computational time for an increase in the network and block size

@inproceedings{bib_Bloc_2022, AUTHOR = {Dwivedi, Sanjeev Kumar and Amin, Ruhul and Das, Ashok Kumar and Leung, Mark T. and Choo, Kim-Kwang Raymond and Vollala, Satyanarayana }, TITLE = {Blockchain-based vehicular ad-hoc networks: A comprehensive survey}, BOOKTITLE = {Ad Hoc Networks}. YEAR = {2022}}

Vehicular ad-hoc networks (VANETs) are increasingly commonplace, partly due to the popularity of electric vehicles and the digitalization of cities. Data collected and shared in VANETs include traffic-related information, such as those relating to real-time traffic situations and road works. In recent times, there has been a trend of moving away from a centralized approach to a decentralized approach, for example, using Blockchain to facilitate secure data sharing and traceability of critical information. Hence, in this paper, we comprehensively survey the existing literature on blockchain-based VANET systems, focusing on the application of different blockchain technologies in different contexts, as well as the associated challenges and research opportunities.

@inproceedings{bib_Bloc_2022, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Park, YoungHo and Jamal, Sajjad Shaukat }, TITLE = {Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home}, BOOKTITLE = {Computers, Materials & Continua}. YEAR = {2022}}

The recent surge in development of smart homes and smart cities can be observed in many developed countries. While the idea to control devices that are in home (embedded with the Internet of Things (IoT) smart devices) by the user who is outside the home might sound fancy, but it comes with a lot of potential threats. There can be many attackers who will be trying to take advantage of this. So, there is a need for designing a secure scheme which will be able to distinguish among genuine/authorized users of the system and attackers. And knowing about the details of when and what IoT devices are used by the user, the attacker can trace the daily activities of user and can plan an attack accordingly. Thus, the designed security scheme should guarantee confidentiality, anonymity and un-traceability. Most of the schemes proposed in the literature are either non-blockchain based which involves inherent problems of storing data in a single-server or assuming weaker attack models. In this work, we propose a novel scheme based on blockchain technology, assuming a stronger Canetti and Krawczyk (CK)-threat model. Through the formal and informal security, and comparative analysis, we show that the proposed scheme provides a superior security and more functionality features, with less communication cost and comparable computational cost as compared to other competent schemes. Moreover, the blockchain based simulation study on the proposed scheme has been conducted to show its feasibility in real-life application. Keywords: Internet of things (IoT); smart home; ubiquitous computing; blockchain; security

@inproceedings{bib_Bloc_2022, AUTHOR = {Anusha, Vangala and Roy, Sandip and Das, Ashok Kumar }, TITLE = {Blockchain-Based Lightweight Authentication Protocol for IoT-Enabled Smart Agriculture}, BOOKTITLE = {international conerence on Cyber - Physical Social Intelligence}. YEAR = {2022}}

Blockchain technology has a significant application in smart farming due to its immutability, decentralization and transparency properties. Data exchanged in an Internet of Things (IoT)-based smart agriculture can be used to remotely monitor the fields and regulate the crop needs for optimal productivity. However, such data is sensitive to several attacks, such as man-in- the-middle attack, replay attack, ephemeral secret leakage attack, impersonation attack and denial of service (DoS) attack. The existing solutions to counter these attacks are either costly or lack significant security features. To mitigate these issues, we design a novel lightweight blockchain based authentication scheme based on a fully decentralized and distributed architecture. The designed scheme is subjected to a rigorous security analysis and also a formal security verification using the widely-used Auto- mated Validation of Internet Security Protocols and Applications (AVISPA) tool, and it is shown that the scheme is robust and secure against various passive and active attacks. A detailed comparative analysis shows that the proposed scheme has the low communication cost and significantly lower computation cost while satisfying all the security and functionality features as compared to those for other existing relevant schemes. Index Terms—Smart agriculture, authentication, blockchain technology, Internet of Things (IoT), security.

@inproceedings{bib_Bloc_2022, AUTHOR = {Bagga, Palak and Das, Ashok Kumar }, TITLE = {Blockchain for Smart Transport Applications}, BOOKTITLE = {Advances in Blockchain Technology for Cyber Physical Systems}. YEAR = {2022}}

Smart transportation or Internet of Vehicles (IoV)-enabled transportation extends the vehicle-to-vehicle (V2V) communication network. Smart transportation is a real-time application that helps enhance driving aids with the help of vehicle’s Artificial Intelligence (AI), awareness of other vehicles, and their actions giving out the best on-road experience. Smart transportation also protects life and saves cost by avoiding life-threatening instances like collisions, accidents, and thefts on the road. Since the communication among various entities involved in the IoV environment is via an open channel (e.g., vehicles, pedestrians, fleet management systems, and roadside infrastructure), it allows a passive/active adversary to intercept, modify, delete, or even insert fake information during communication. It is then a severe concern for the vehicles

@inproceedings{bib_ASPA_2022, AUTHOR = {Bhattacharya, Munmun and Roy, Sandip and Chattopadhyay, Samiran and Das, Ashok Kumar and Shauk, Sajjad }, TITLE = {ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks}, BOOKTITLE = {IEEE Systems Journal}. YEAR = {2022}}

Over the last few years, with the massive growth of smartphone technology and mobile Internet, the use of vari- ous online social networks (OSNs) have increased rapidly. This ever-growing use of social networks leverages cyber-attackers to exploit various phishing schemes, spoofed accounts, and other threats to steal users’ credentials. Phishing is an online crime that employs both technical subterfuge and social engineering to steal consumers’ personal identity, financial account credentials, and other sensitive information. In general, a phishing attack is carried out by the exercise of sending fraudulent communications (like a fake email with harmful uniform resource locators), that pretends to come from a reputable source. The problem of designing user authentication protocol for mitigating phishing attacks in OSNs is a challenging research problem. In this article, we propose a secure and lightweight cryptography-based authentication scheme, called authentication scheme for phishing attack (ASPA)-mobile online social network (mOSN), that provides resistance to phishing and other related attacks in OSNs. The security of the proposed scheme is explained using both informal security analysis and formal security analysis through the widely recognized real-or- random model and ProVerif simulation tool. Finally, we compare the security, functionality, computation, and communication costs of the proposed ASPA-mOSN with related schemes. The compar- ison results show that ASPA-mOSN outperforms other existing competing schemes. Index Terms—Authentication, mobile online social networks (mOSN), phishing attacks, random oracle, security

@inproceedings{bib_ASCP_2022, AUTHOR = {WAZID, MOHAMMAD and SINGH, ASKARAN and Das, Ashok Kumar and SHETTY, SACHIN and KHAN, MUHAMMAD KHURRAM and RODRIGUES, JOEL J. P. C. }, TITLE = {ASCP-IoMT: AI-Enabled Lightweight Secure Communication Protocol for Internet of Medical Things}, BOOKTITLE = {IEEE Access}. YEAR = {2022}}

The Internet of Medical Things (IoMT) is a unification of smart healthcare devices, tools, and software, which connect various patients and other users to the healthcare information system through the networking technology. It further reduces unnecessary hospital visits and the burden on healthcare systems by connecting the patients to their healthcare experts (i.e., doctors) and allows secure transmission of healthcare data over an insecure channel (e.g., the Internet). Since Artificial Intelligence (AI) has a great impact on the performance and usability of an information system, it is important to include its modules in a healthcare information system, which will be very helpful for the prediction of some phenomena, such as chances of getting a heart attack and possibility of a tumor, from the collected and analysed healthcare data. To mitigate these issues, in this paper, a new AI-enabled lightweight, secure communication scheme for an IoMT environment has been designed and named as ASCP-IoMT, in short. The security analysis of ASCP-IoMT is performed in different ways, such as an informal way and a formal way (through the random oracle model). ASCP-IoMT performs better than other similar schemes and provides superior security with extra functionality features as compared those for the existing state of art solutions. A practical implementation of ASCP-IoMT is also performed in order to measure its impact on various network performance parameters. The end to end delay values of ASCP-IoMT are 0.01587, 0.07440 and 0.17097 seconds and the throughput values of ASCP-IoMT are 5.05, 10.88 and 16.41 bits per second (bps) under the different considered cases, respectively. For AI-based Big data analytics phase, the values of computation time (seconds) for decision tree, support vector machine (SVM), and logistic regression are measured as 0.19, 0.23, and 0.27, respectively. Moreover, the different values of accuracy for decision tree, SVM and logistic regression are 84.24%, 87.57%, and 85.20%, respectively. From these values, it is clear that decision tree method requires less time than the other considered techniques, whereas accuracy is high in case of SVM.

@inproceedings{bib_AISC_2022, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Shetty, Sachin and Rodrigues, Joel J. P. C. and Guizani, Mohsen }, TITLE = {AISCM-FH: AI-Enabled Secure Communication Mechanism in Fog Computing-Based Healthcare}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2022}}

Fog computing-based Internet of Things (IoT) architecture is useful for various types of delay efficient net- work communications and services, like digital healthcare. However, there are privacy and security issues with the fog computing-based healthcare systems, which can further increase the risk of leakage of sensitive healthcare data. Therefore, a secu- rity mechanism, such as access control for fog computing-based healthcare systems, is needed to protect its data against various potential attacks. Moreover, the blockchain technology can be used to solve the digital healthcare’s data integrity related problems. The use of Artificial Intelligence (AI) further makes the system more effective in case of prediction of health related diseases. In this paper, an AI-enabled secure communication mechanism in fog computing-based healthcare system (in short, AISCM-FH) has been proposed. The security analysis of the proposed AISCM-FH is provided using the standard random oracle model and also with the heuristic (non-mathematical) security analysis. A pragmatic study determines the impact of the proposed AISCM-FH on key performance indicators. Moreover, we include a detailed performance comparison of AISCM-FH with other relevant existing schemes to show that it has low communication and computation costs, and provides superior security and extra functionality attributes as compared to those for other competing existing approaches.

@inproceedings{bib_ACM-_2022, AUTHOR = {Thapliyal, Siddhant and Wazid, Mohammad and Singh, Devesh Pratap and Das, Ashok Kumar and Alhomoud, Ahmed and Alharbi, Adel R. and Kumar, Harish }, TITLE = {ACM-SH: An Efficient Access Control and Key Establishment Mechanism for Sustainable Smart Healthcare}, BOOKTITLE = {Sustainability}. YEAR = {2022}}

Sustainable smart healthcare applications are those in which health services can be provided to remotely located patients through the Internet without placing extra burden on environmental resources. They should be operated with minimum power consumption using biodegradable, recyclable, and environmentally friendly healthcare equipment and products. In an Internet of Medical Things (IoMT)-enabled sustainable smart healthcare environment, all the health services are capable of producing informative data whenever some raw information is provided as the input or are capable of performing work on their own with less intervention from humans. As a result, they provide great advantages over the traditional healthcare system. As sustainable smart healthcare devices are operated through the Internet, it is possible that they could be attacked by various hackers. To mitigate these issues, in this paper, we propose a new access control along with a key-establishment mechanism for a sustainable smart healthcare system. The results of the security analysis showed that the proposed scheme was highly robust against a variety of passive and active attacks. In comparison to existing competing schemes, the proposed scheme is lightweight, as well as delivers high security and additional functionality. Finally, a practical demonstration of the proposed scheme is provided to show its impact on the key network performance parameters. Keywords: sustainability; smart healthcare; Internet of Medical Things (IoMT); authentication; security

@inproceedings{bib_A_Pr_2022, AUTHOR = {Mahmood, Khalid and Ferzund, Javed and Saleem, Muhammad Asad and Shamshad, Salman and Das, Ashok Kumar }, TITLE = {A Provably Secure Mobile User Authentication Scheme for Big Data Collection in IoT-Enabled Maritime Intelligent Transportation System}, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2022}}

The emergence of contemporary technologies like cloud computing and the Internet of Things (IoT) has revolutionized the trends in the cyber world to serve humanity. There are plenty of applications in which they are being used, especially in smart cities and their constituents, Maritime Transportation System (MTS) is one of them. The IoT-enabled MTS has the potential to entertain the growing challenges of modern-day ship transportation. Secure real-time data access from numerous smart IoT devices is the most critical and crucial exercise for Big Data acquisition in IoT-enabled MTS. Therefore, we have developed a Physically Unclonable Function (PUF) based authenticated key agreement solution to deal with this challenge. This solution enables the mobile user and IoT node to mutually authenticate each other via Cloud-Gateway before real-time data exchange and transmission in IoT-enabled MTS. The use of PUF in our solution brings invincibility against physical security threats. An inclusive security analysis under the assumption of the specified threat model is carried out to substantiate the security resilience of our solution. The conduct of our solution is realized through security features, communication, and computation cost and It has been observed that our solution achieves efficiency of 37.3% and 9.7% in communication and computation overhead, respectively. Moreover, the network performance effectiveness of our solution is demonstrated

@inproceedings{bib_A_ne_2022, AUTHOR = {De, Supriyo and Bhaumik, Jaydeb and Giri, Debasis and Das, Ashok Kumar }, TITLE = {A new robust and fragile scheme based on chaotic maps and dwt for medical image security}, BOOKTITLE = {Multimedia Tools and Applications}. YEAR = {2022}}

Medical image security includes copyright protection, authentication, data integrity and confidentiality simultaneously. In this article, a new robust and fragile medical image security scheme has been introduced. The Beddington, Free and Lawton (BFL) map and the Hénon map based image encryption scheme is brought out for confidentiality. Further, a Discrete Wavelet Transform (DWT)-based image watermarking scheme is developed for copyright protection, authentication and data integrity. The proposed scheme is essentially robust and retrievable in terms of the watermark; however, it is highly sensitive and irretrievable with reference to the host image. The scheme separates the host image in Region of Interest (ROI) and Region of Non-Interest (RONI) parts, and it embeds the encoded message inside the RONI part. In addituon, the proposed scheme does not need any side information for message

@inproceedings{bib_A_co_2022, AUTHOR = {Bhattacharya, Munmun and Roy, Sandip and Chattopadhyay, Samiran and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {A comprehensive survey on online social networks security and privacy issues: Threats, machine learning-based solutions, and open challenges}, BOOKTITLE = {Security and Privacy}. YEAR = {2022}}

Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)-based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML-based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road-map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.

@inproceedings{bib_BDES_2022, AUTHOR = {Lath, Naivedya and Thapliyal, Kaustubh and Kandpal, Kartik and Wazid, Mohammad and Das, Ashok Kumar and SINGH, DP }, TITLE = {BDESF-ITS: Blockchain-Based Secure Data Exchange and Storage Framework for Intelligent Transportation System}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2022}}

The communication in Intelligent Transportation Systems (ITS) suffers from various security and privacy related issues as several attacks, like replay, man-in-the-middle (MiTM), impersonation, data leakage and unauthorised data update attacks can be mounted by an adversary. Therefore, we need a robust security mechanism to sort out such issues, which can be further enhanced through the use of mechanism of blockchain technology. In this paper, we propose a blockchain-based secure data exchange and storage framework for the ITS (in short, we call it as BDESF-ITS). We conduct the security analysis of the BDESF-ITS to prove its robustness against various possible attacks. The practical implementation of the BDESF-ITS is also carried out to observe its behaviour with the real world settings.

@inproceedings{bib_SUAC_2022, AUTHOR = {Sivaselvan, N and Bhat, K Vivekananda and Rajarajan, Muttukrishnan and Das, Ashok Kumar and Rodrigues, Joel JPC }, TITLE = {SUACC-IoT: secure unified authentication and access control system based on capability for IoT}, BOOKTITLE = {Cluster Computing}. YEAR = {2022}}

With the widespread use of Internet of Things (IoT) in various applications and several security vulnerabilities reported in them, the security requirements have become an integral part of an IoT system. Authentication and access control are the two principal security requirements for ensuring authorized and restricted accesses to limited and essential resources in IoT. The built-in authentication mechanism in IoT devices is not reliable, because several security vulnerabilities are revealed in the firmware implementation of authentication protocols in IoT. On the other hand, the current authentication approaches for IoT that are not firmware are vulnerable to some security attacks prevalent in IoT. Moreover, the recent access control approaches for IoT have limitations in context-awareness, scalability, interoperability, and security. To mitigate these limitations, there is a need for a robust authentication and access control …

@inproceedings{bib_BSFR_2022, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Shetty, Sachin }, TITLE = {BSFR-SH: Blockchain-Enabled Security Framework Against Ransomware Attacks for Smart Healthcare}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2022}}

Ransomware is a type of malicious program or soft- ware that encrypts the contents on a hard disc and prevents the users from accessing them unless they pay an amount (called a ransom). Most of the organizations, such as financial institutes and healthcare sectors (i.e., smart healthcare) are targeted by ransomware attacks. Ransomware assaults are among the most frightening types of cyber-attacks, and they are not confined to a specific sector or the countries. Blockchain is a tamper-proof tech- nology, which is more secure, robust and decentralized in nature. Features of blockchain can add more security for detection and mitigation of ransomware more effectively. In this paper, we pro- pose a new blockchain-enabled security framework to detect and defend the ransomware attacks for smart healthcare (in short, BSFR-SH). The conducted security analysis proves the security of the proposed BSFR-SH against the ransomware attacks. The performance of BSFR-SH is significantly better than the other similar existing mechanisms as it achieves better accuracy and F1-score than other compared mechanisms. Furthermore, the practical demonstration of BSFR-SH is provided to estimate the impact on important performance parameters. Index Terms—Ransomware, smart healthcare, intrusion detec- tion, machine learning, blockchain

@inproceedings{bib_Priv_2022, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar }, TITLE = {Privacy-Preserving Blockchain-Based Authentication in Smart Energy Systems}, BOOKTITLE = {ACM Conference on Embedded Networked Sensor Systems}. YEAR = {2022}}

Smart Energy Systems (SES) are the need of the hour, given the looming dangers of power crises amid changing climatic conditions. However, sensitive data play a critical role in such systems deserving high privacy and security protection. This paper proposes a novel blockchain-based authentication scheme that preserves privacy using the zero-knowledge protocol. During informal analysis, the proposed scheme shows resistance to various attacks such as man-in-the-middle attacks, replay attacks, impersonation attacks, privileged insider attacks, and ephemeral secret leakage attacks. The formal security verification using AVISPA regards the scheme as safe. In addition, the scheme supports critical features such as anonymity and untraceability within limited computational and communicational costs. A simulation of blockchain using Node.js shows only a linear increase in computation time with an increase in the number of blocks, and transactions, and an exponential increase with the number of nodes.

@inproceedings{bib_Secu_2022, AUTHOR = {Vangala, Anusha and Das, Ashok Kumar and Chamola, Vinay and Korotaev, Valery }, TITLE = {Security in IoT-enabled smart agriculture: architecture, security solutions and challenges}, BOOKTITLE = {International Conference on Cluster Computing (CLUSTER)}. YEAR = {2022}}

Agricultural industry is one of the most vital industries that has a major contribution to the economy due to its share in the Gross Domestic Product (GDP) and as a source of employment. The past few decades have seen immense change in the operation of agricultural sector with the introduction of precision farming in conjunction with Internet of Things (IoT). The application of such advancements is highly based on exchange of messages between various devices in the farming. This paper aims to study the security scenarios applicable in husbandry through the analysis of possible attacks and threats. The testbeds available for agriculture based on IoT have been studied. An architecture for smart farming is proposed which is independent of the underlying technologies that may be used and the requirements of security have been laid out based on the proposed architecture. A literature survey of security protocols …

@inproceedings{bib_Priv_2022, AUTHOR = {Bera, Basudeb and Vangala, Anusha and Das, Ashok Kumar and Lorenz, Pascal and Khan, Muhammad Khurram }, TITLE = {Private blockchain-envisioned drones-assisted authentication scheme in IoT-enabled agricultural environment}, BOOKTITLE = {Computer Standards & Interfaces}. YEAR = {2022}}

In an Intelligent Precision Agriculture (IPA), several Internet of Things (IoT) smart devices and drones can be deployed to monitor an agricultural environment. The drones can be further utilized to collect the data from smart devices and send to the Ground Station Server (GSS). However, insecure communication among the smart devices, drones and the GSS make the IoT agriculture environment vulnerable to various potential attacks. For this goal, a new authentication and key management scheme for IoT-enabled IPA, called AKMS-AgriIoT, has been put forward with the private blockchain-based solution. The blocks formed with the encrypted transactions and their respective signatures by the GSS are mined by the cloud servers to verify and add the blocks in the private blockchain center. A detailed security analysis and comparative study reveal that the proposed AKMS-AgriIoT supports better security, and provides more functionality features, less communication costs and comparable computation costs as compared to other relevant schemes. In addition, the blockchain-based implementation on the proposed AKMS-AgriIoT has been also carried out.

@inproceedings{bib_PUF-_2022, AUTHOR = {Mall, Priyanka and Amin, Ruhul and Das, Ashok Kumar and Leung, Mark T. and Choo, Kim-Kwang Raymond }, TITLE = {PUF-based Authentication and Key Agreement Protocols for IoT, WSNs and Smart Grids: A Comprehensive Survey}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

—Effective design of autopilots for fixed-wing unmanned aerial vehicles (UAVs) is still a great challenge, due to unmodeled effects and uncertainties that these vehicles exhibit during flight. Unmodeled effects and uncertainties comprise longitudinal/lateral cross-couplings, as well as poor knowledge of equilibrium points (trimming points) of the UAV dynamics. The main contribution of this article is a new adaptive autopilot design, based on uncertain Euler–Lagrange dynamics of the UAV and where the control can explicitly take into account under-actuation in the dynamics, reduced structural knowledge of cross-couplings and trimming points. This system uncertainty is handled via appropriately designed adaptive laws: stability of the controlled UAV is analyzed. Hardware-in-the-loop tests, comparisons with an Ardupilot autopilot and with a robustified autopilot validate the effectiveness of the control design, even in the presence of strong saturation of the UAV actuators.

@inproceedings{bib_Desi_2022, AUTHOR = {Lee, JoonYoung and Son, SeungHwan and Park, YoHan and Park, YoungHo and Das, Ashok Kumar }, TITLE = {Design of Blockchain-Based Lightweight V2I Handover Authentication Protocol for VANET}, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2022}}

—Connected vehicle means providing different services, such as advanced driver-assistance systems (ADAS) from vehicles connected to the network. Vehicular ad-hoc networks (VANETs) can support vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications to realize connected vehicle. In VANETs, secure communication must be ensured, as otherwise it can lead to traffic accidents and human injuries. Recently, many studies on V2I authentication have been conducted to guarantee the security of V2I communications. However, recent V2I authentication protocols do not consider the handover situation, and it causes unnecessary computations. As vehicles have limited computing resources, unnecessary computation can lead to overload to the vehicles. In recent years, blockchain-based VANET is an active field of research because it can provide decentralization, data integrity and transparency. Using the strength of the blockchain technology, we design a blockchain-based handover authentication protocol for VANETs. In the proposed protocol, vehicles only perform lightweight computations in handover situations for efficiency of the network. We also conduct the formal analysis such as Burrows–Abadi–Needham (BAN) logic, Real-Or-Random (ROR) oracle model, and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation to the proposed protocol. We simulate the proposed protocol using network simulator 3 (NS-3) to verify that the proposed protocol is practical. Finally, we compare the computational cost and security features of the proposed protocol with existing protocols to show that the proposed protocol is more secure and efficient.

@inproceedings{bib_Fort_2022, AUTHOR = {Wazid, Mohammad and Bera, Basudeb and Das, Ashok Kumar and P, Saraju and Mohanty, and Jo, Minho }, TITLE = {Fortifying Smart Transportation Security through Public Blockchain}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2022}}

—Smart vehicles-enabled intelligent transportation system (ITS) supports a wide range of applications, such as, but not limited to, traffic planning and management, collision avoidance alert system, automated road speed enforcement, electronic toll collection, and real-time parking management, to name a few. However, it suffers from various types of security and privacy issues due to insecure communication among the entities over public channels. Therefore, an efficient and lightweight security mechanism is essential to protect the data that is both at rest as well as in transit. To this direction, we propose a public blockchain-envisioned secure communication framework for ITS (in short, called PBSCF-ITS). The proposed PBSCFITS guarantees access control and key management among the vehicle to vehicle, vehicle to road side unit, and road side unit to cloud server. We analyze the security of PBSCF-ITS to prove its resilience against various types of possible attacks. Furthermore, the performance of PBSCF-ITS with other related competing schemes has been compared. The obtained results illustrate that PBSCF-ITS outperforms the existing ones. Additionally, the pragmatic study of PBSCF-ITS is conducted to check its influence on various network related performance parameters, like number of mined blocks and transactions per block.

@inproceedings{bib_Towa_2022, AUTHOR = {Panda, Suryakanta and Mondal, Samrat and D, Rinku and Das, Ashok Kumar }, TITLE = {Towards achieving efficient access control of medical data with both forward and backward secrecy}, BOOKTITLE = {Computer Communications}. YEAR = {2022}}

Healthcare service providers store the patients’ electronic medical records in the cloud in order to provide high quality healthcare services. Patients’ sensitive data is typically encrypted before storing in the cloud. However, it gives rise to a new challenge, namely access control over encrypted data. Attribute-Based Encryption (ABE) is a promising cryptographic technique to achieve the fine grained access control on outsourced encrypted data. Traditional ABE schemes assume a fixed access policy that is not suitable for the present dynamic environment. Although some ABE schemes with a dynamic access control policy have been proposed in the literature, these schemes have not addressed forward security, backward security, and user revocation after a policy update. In this paper, we propose an ABE scheme that supports access policy updates, and also provides forward security, backward security and user revocation at the same time. We have formally shown that the proposed scheme is Chosen Plaintext Attack (CPA)-secure under the Decisional Bilinear Diffie–Hellman (DBDH) assumption. Finally, the performance analysis exhibits that the proposed scheme is efficient in communication and computation, and is also suitable for resource constrained devices.

@inproceedings{bib_DDoS_2022, AUTHOR = {Bhattacharya, Munmun and Roy, Sandip and Das, Ashok Kumar and Chattopadhyay, Samiran and Banerjee, Soumya and Mitra, Ankush }, TITLE = {DDoS attack resisting authentication protocol for mobile based online social network applications}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2022}}

The rapid development of smartphone technology and the Internet services in mobile devices facilitates easy access to online social networking (OSN) sites anytime, anywhere. At the same time, this allures the adversaries to exploit the OSNs as a soft target for easy execution of various attacks that can quickly spread to a large number of users. In distributed denial-of-service (DDoS) attacks, an adversary aims to overwhelm the normal traffic of a targeted server with a flood of fake login messages so that the associated Internet service or website turns inoperable. In this paper, we propose a secure and lightweight authentication scheme (𝑃 𝑅𝐷𝑜𝑆) that resists DDoS and other security attacks in mobile OSN environments. We provide a multi-faceted solution towards the remedy of DDoS attacks in the OSN environment. After a certain threshold, the scheme discards further user login attempts and blocks an adversary who intends to overload the network server. We use the pre-loaded shadow identity and emergency key pairs, and a key-refilling strategy that rebuilds the essential synchronization between a blocked naive user and the OSN server. This technique restores the intended unlinkability property of the protocol. Using NS3 simulation, we study the impact of DDoS attackers on network throughput and network delay. Moreover, we validate and compare the proposed scheme against state-ofthe-art solutions using the real attacks and benign datasets. We use the Canadian Institute for Cybersecurity (CIC) DoS dataset 2017, which is generated by capturing the normal and DoS attack packets separately with subsequent pre-processed for testing. We also use the machine learning (ML) algorithms, such as K-Nearest Neighbor (KNN), Gaussian Naive Bayes, and Multilayer Perceptron (MLP) to demonstrate the performance of the proposed solution in a practical attack detection scenario. We observe that these algorithms provide 97.05%, 95.48%, and 96.6% DDoS attack detection accuracy, respectively.

@inproceedings{bib_Secu_2021, AUTHOR = {Maurya, Anup Kumar and Das, Ashok Kumar and Jamal, Sajjad Shaukat and Giri, Debasis }, TITLE = {Secure user authentication mechanism for IoT-enabled Wireless Sensor Networks based on multiple Bloom filters}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2021}}

In this article, we propose an efficient Bloom filter and fuzzy extractor based user authentication technique, which is significant for an Internet of Things (IoT)-enabled multi-hop Wireless Sensor Networks (IoT-WSNs). The novelty of the proposed authentication technique is that it prevents fraudulent querying data delivery at the starting phase (i.e., at the querying sensor node itself) to stop false or counterfeit data flooding (which can exhaust the resources of IoT-WSNs) from the resource-constrained IoT-enabled sensor nodes to the nearby gateway node. The proposed authentication technique has the ability to significantly reduce the Bloom filter based false positive for user authentication in IoT-WSNs, while also preserving the constraint resources of WSNs. To estimate the security robustness of the proposed protocol based on the security goals of IoT-WSNs, we perform the formal security analysis using the random oracle and Real-Or-Random (ROR) models, informal security analysis and also the formal security verification using a widely-recognized automated software validation tool, known as Automated Validation of Internet Security Protocols and Applications (AVISPA). Next, communication and computational overheads analysis reveal that the proposed protocol is appropriate for resource-constrained sensor nodes. Furthermore, a correlative security feature and complexity analysis outcomes validate that the proposed protocol is reliable, secure, and efficient in comparison with other existing state of art related user authentication protocols.

@inproceedings{bib_Robu_2021, AUTHOR = {Babu, Ponnuru Raveendra and Amin, Ruhul and Reddy, Alavalapati Goutham and Das, Ashok Kumar }, TITLE = {Robust Authentication Protocol for Dynamic Charging System of Electric Vehicles}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}

Electric vehicles have emerged as the future of transport worldwide with the rising need for greener and energy-efficient transportation solutions. This remarkable shift delegated a wide variety of protocols for reliable, scalable and secure communications in the electric vehicle transportation system. With this vision in mind, security researchers have proposed diverse authentication protocols vital for the electric vehicle charging system to protect the information exchanged between the various principals involved. Several existing authentication techniques, on the other hand, are either vulnerable to significant security threats or are limited to static charging. This article proposes a robust authentication mechanism for charging electric vehicles while driving, a scenario that is rapidly approaching in the future. The proposed protocol makes use of secure and lightweight primitives such as elliptic curves and hash functions. The proposed protocol's security is being analyzed to demonstrate that it is capable of withstanding relevant attacks. Additionally, the protocol achieves its objectives at a cost that is practically conceivable in terms of transmission and computing.

@inproceedings{bib_IoT__2021, AUTHOR = {Wazid, Mohammad and Bera, Basudeb and Das, Ashok Kumar and Singh, Devesh Pratap }, TITLE = {IoT & Blockchain Technology-Based Healthcare Monitoring}, BOOKTITLE = {Blockchain in Digital Healthcare}. YEAR = {2021}}

An Internet of Things (IoT)-based healthcare monitoring system is an amalgamation of smart healthcare devices and applications which connect to the healthcare information system through the internet. It has opened up a world of possibilities in the medical field. Connected smart healthcare devices can collect important healthcare data and provide extra details about the symptoms. That further enables remote care as the patient can consult the appropriate healthcare expert. It generally provides patients more control over their lives and treatment. Moreover, a blockchain-enabled IoT-based healthcare monitoring system (BIoT-HMS) is one step ahead as it can reduce unnecessary hospital visits and the burden on healthcare systems by connecting patients to their healthcare experts and allowing the secure transfer and storage of healthcare data by making use of the blockchain mechanism. Some of the possible applications of BIoT-HMS are “remote health monitoring,” “management of healthcare operations,” “detection and prevention of diseases” and many more. However, IoT-based healthcare monitoring systems have issues related to security breaches and privacy of healthcare data. Therefore, it is essential to design some security protocols for IoT-based healthcare monitoring systems. From time to time researchers propose different protocols to secure the data of IoT-based healthcare monitoring systems. However, most of them are vulnerable to various types of attack like, replay, MiTM, impersonation, secret credentials leakage, unauthorized data update, etc., Therefore, researchers came up with the idea of inclusion of blockchain-enabled security in the IoT-based healthcare monitoring system, which further can be considered as a blockchain-enabled IoT-based healthcare monitoring system (BIoT-HMS). In this chapter, we provide the details of various possible architectures of BIoT-HMS. We also provide the details of various threats and attacks along with the threat model in BIoT-HMS. The security requirements and applications of BIoT-HMS are also discussed. We then provide the summary of various existing security protocols related to BIoT-HMS. The comparison of “security and functionality features” of security protocols related to BIoT-HMS is also provided.

@inproceedings{bib_Bloc_2021, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Park, Youngho }, TITLE = {Blockchain-Envisioned Secure Authentication Approach in AIoT: Applications, Challenges, and Future Research}, BOOKTITLE = {Wireless Communications and Mobile Computing}. YEAR = {2021}}

The Artificial Intelligence of Things (AIoT) is the amalgamation of Artificial Intelligence (AI) methods and the Internet of Things (IoT) infrastructure, which are deployed there to improve the overall performance of the system. AIoT can be deployed to achieve more efficient IoT operations; thereby can improve human-machine interactions and provide better data analysis. AI methods can be used to transform IoT data into useful information for the better decision-making processes, and it further increases the overall usability of the system. AIoT frameworks are very useful and applicable in a variety of applications, like security and surveillance system, smart home, intelligent transportation system, smart farming, secure and safe healthcare monitoring, industrial automation and control, eCommerce, logistics operations and control, and many more. However, AIoT frameworks may have issues related to data security and privacy as they are vulnerable to various types of information security-related attacks. These issues further cause the serious consequences, like the unauthorized data leakage and data update. Blockchain is a specific type of database. It is a digital ledger of transactions, which is duplicated and distributed across the entire network of computer systems. It stores data in the form of some blocks, which are then chained together. Blockchain is tamper proof and provides more security as compared to the traditional security mechanisms. Hence, blockchain can be integrated in various AIoT applications to provide more security. A generalized blockchain-envisioned secure authentication framework for AIoT has been proposed. The adversary model of blockchain-envisioned secure authentication framework for AIoT is also highlighted that covers most of the potential threats of a kind of communication environment. Various applications of the proposed framework are also discussed. Furthermore, different issues and challenges of the proposed framework are highlighted. In the end, we also provide some future research directions relevant to the proposed framework.

@inproceedings{bib_BUAK_2021, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Hussain, Rasheed and D, Neeraj Kumar and Roy, Sandip }, TITLE = {BUAKA-CS: Blockchain-enabled user authentication and key agreement scheme for crowdsourcing system}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2021}}

Crowdsourcing is a practice of using collective intelligence of a group in order to achieve a common goal to solve complex problems in an innovative way. It involves obtaining information and opinions from a group of participants who submit their data (i.e., solutions) via the Internet using some applications. The application domains, where crowdsourcing can be used, include, but not limited to, healthcare, environment, public safety, disaster management, and transportation. Despite the unprecedented advantages of crowdsourcing, security and privacy are rising concerns that need to be addressed. Therefore, it is crucially important to provide effective solutions that address the security and privacy issues in crowdsourcing systems. To this end, the salient features of blockchain technology such as immutability, decentralization, transparency and resiliency can play a pivotal role to address the afore-mentioned security challenges. To fill these gaps, in this paper, we propose a new blockchain-based user authentication and key agreement scheme for crowdsourcing (BUAKA-CS) through lightweight cryptographic techniques. The security of the BUAKA-CS is proved through the formal method and also through other mathematical methods that depict the resilience of BUAKA-CS against various types of possible attacks. Moreover, the robustness of BUAKA-CS against possible attacks is proved through widelyrecognized automated software validation tools. We also compare BUAKA-CS with other existing schemes and prove its out performance in terms of security, functionality, computation and communication costs. Finally, we conduct the extensive blockchain-based simulations to measure the impact of BUAKA-CS on the performance of the system.

@inproceedings{bib_AI_a_2021, AUTHOR = {Das, Ashok Kumar and Bera, Basudeb and Giri, Debasis }, TITLE = {AI and Blockchain-Based Cloud-Assisted Secure Vaccine Distribution and Tracking in IoMT-Enabled COVID-19 Environment}, BOOKTITLE = {IEEE Internet of Things Magazine}. YEAR = {2021}}

Coronavirus 2019, called COVID-19, is a transmissible disease caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). It earlier impacted the citizens of China alone. However, it has rapidly spread all over the world. The COVID-19 supply chain system aims to facilitate access to several critical items, such as personal protective equipment (PPE), biomedical equipment, diagnostics supplies, and vaccines. In this article, we discuss a robust security framework for vaccine distribution and tracking in an Internet of Medical Things (IoMT)-based cloud-assisted COVID-19 environment by considering both intra-country and inter-country scenarios. Various transactions related to vaccine requests, orders, distribution, and tracking are put into the blockchain in the form of blocks. Since blockchain technology offers immutability, transparency, and decentralization, the security of the proposed framework has been improved significantly. The proposed framework also supports artificial intelligence(AI)-based big data analytics on the information stored into the blocks in the blockchain. Furthermore, a practical demonstration of the proposed framework has been done through a blockchain simulation study.

@inproceedings{bib_SPCS_2021, AUTHOR = {Garg, Neha and Obaidat, Mohammad S. and WAZID, MOHAMMAD and Das, Ashok Kumar and Singh, Devesh Pratap }, TITLE = {SPCS-IoTEH: Secure Privacy-Preserving Communication Scheme for IoT-Enabled e-Health Applications}, BOOKTITLE = {International Conference on Communications}. YEAR = {2021}}

—In an Internet of Things (IoT) enabled e-health system, smart health devices sense the health data continuously and share the collected data with the neighboring controller device (i.e., personal server) via some wireless communication mechanism (i.e., bluetooth and zigbee), and finally the data is stored on some health server (i.e., a server over the cloud). The health data is then accessible to healthcare service providers (for example, doctors, nursing staff, relatives of patient) for tracking and monitoring of health conditions of the patients for their better treatment at the earliest. In an IoT enabled health system, the smart healthcare devices communicate over public channel, which causes various types of threats and attacks on the ongoing communication. Therefore, we need a powerful privacypreserving security mechanism to secure the communication happens in an IoT enabled e-health system as the health data is strictly private and confidential. In this paper, we propose a new privacy-preserving access control and key management scheme for the secure communication of IoT enabled e-health system (SPCS-IoTEH). We also conduct informal security analysis of the proposed SPCS-IoTEH to show its robustness against various types of active and passive attacks. The performance of SPCSIoTEH is also shown to be better than other existing competing schemes.

@inproceedings{bib_Desi_2021, AUTHOR = {Mitra, Ankush and Bera, Basudeb and Das, Ashok Kumar }, TITLE = {Design and Testbed Experiments of Public Blockchain-Based Security Framework for IoT-Enabled Drone-Assisted Wildlife Monitoring}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2021}}

In recent years, the Internet of Things (IoT) enabled drones, also called as unmanned aerial vehicles (UAVs), are widely used in many applications ranging from military to civilian applications, such as wildlife monitoring. Since the drones provide a risk-free as well as low-cost facility in order to quickly and persistently monitor natural circumstances at high spacial temporal resolution, they help in wildlife monitoring research. Due to wireless communication nature, the communication among the deployed drones in their respective flying zones and the IoT smart devices installed in animal bodies, and also among the drones and their respective ground station server (GSS), is susceptible to various passive and active attacks. To mitigate these issues, we propose a public blockchain based access control implementation for wild-life monitoring purpose. The application of both access control and blockchain at the same time not only protects various attacks, but also maintains immutability, transparency as well as decentralization properties. Next, we simulate the proposed security framework for the blockchain part to measure the total computational time needed to add a varied number of blocks in a blockchain and also a varied number of transactions per block. Finally, a practical testbed experiment has been implemented to show the feasibility of the proposed framework. Index Terms—Wildlife monitoring, blockchain, consensus, access control, security, testbed experiments.

@inproceedings{bib_SDN-_2021, AUTHOR = {Shashidhara, R and Ahuja, Nisha and Lajuvanthi, M and Das, Ashok Kumar and Rodrigues, Joel J. P. C. }, TITLE = {SDN-Chain: Privacy-preserving protocol for Software Defined Networks using Blockchain }, BOOKTITLE = {Security and Privacy}. YEAR = {2021}}

Software-defined networking (SDN) is a programmable architecture for networking domain in which the security is provided by devising the network policies with the help of the network administrator. This is very cumbersome for the administrator to handle different attacks at various planes in SDN architecture. Blockchain can be used to prevent various attacks in SDN by providing a decentralization authentication environment. In this article, a secure Blockchain-based privacy-preserving protocol is proposed to thwart various security vulnerabilities in the SDN architecture. The proposed approach uses Modified-Delegated Proof of Stake as the consensus protocol to ensure safety and reliability in the network. Besides, a security protocol is designed using cryptographic primitives and analyzed using a detailed security analysis. Initially, the consensus protocols are implemented using solidity smart contracts and deployed to the public Blockchain using Ethereum. Consequently, the proposed approach is simulated on OMNet++ using INET framework. The experimental results show that the proposed SDN-Chain is secure, efficient, less incentive to centralize, and practically implementable in resource-limited wireless and mobile environments.

@inproceedings{bib_Desi_2021, AUTHOR = {Chattaraj, Durbadal and Bera, Basudeb and Das, Ashok Kumar and Rodrigues, Joel J. P. C. and Park, YoungHo }, TITLE = {Designing Fine-grained Access Control for Software Defined Networks using Private Blockchain}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}

Emerging next-generation Internet yields proper administration of a wide-ranging dynamic network to assist rapid ubiquitous resource accessibility, whilst providing higher channel bandwidth. Since its inception, the traditional static network infrastructure-based solutions involve manual configuration and proprietary controls of networked devices. It then leads to improper utilization of the overall resources, and hence experiences various security threats. Although transport layer security (TLS)-based solution is presently advocated in the said framework, it is vulnerable to many security threats like man-in-the-middle, replay, spoofing, privileged-insider, impersonation, and denial-of-service attacks. Moreover, the current settings of the said tool do not facilitate any secure and reliable mechanisms for data forwarding, application flow routing, new configuration deployment, and network event management. Also, it suffers from the single point of controller failure issue. In this paper, we propose a new private blockchain-enabled fine-grained access control mechanism for the SDN environment. In this regard, attribute-based encryption (ABE) and certificate-based access control protocol are incorporated. This proposed solution can resist several well-known security threats, and alleviate different system-level inconveniences. The formal and informal security inspections and performance-wise comparative study of the proposed scheme endorse better qualifying scores as compared to the other existing competing state-of-art schemes. Besides, the experimental testbed implementation and blockchain simulation show the implementation feasibility of the proposed mechanism.

@inproceedings{bib_Ligh_2021, AUTHOR = {Banerjee, Soumya and Das, Ashok Kumar and , Samiran Chattopadhyay and Jamal, Sajjad Shaukat and Rodrigues, Joel J. P. C. and Park, Youngho }, TITLE = {Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment }, BOOKTITLE = {Electronics}. YEAR = {2021}}

Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.

@inproceedings{bib_iGCA_2021, AUTHOR = {Das, Ashok Kumar and Bera, Basudeb and WAZID, MOHAMMAD and JAMAL, SAJJAD SHAUKAT and PARK, YOUNGHO }, TITLE = {iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}

Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key rCR of the trusted control room (CR), which is extremely unfortunate careless design flaw and it leads to compromise the entire network. Using the disclosed private key rCR , we further show that GCACS-IoD is completely insecure against other serious attacks, such as malicious drones deployment attack, drone/GSS impersonation attacks and Ephemeral Secret Leakage (ESL) attack, which lead to compromise the session key between any two drones communicating in a particular flying zone. We thus feel that there is a strong need to remedy such serious weaknesses found in Chaudhry et al. ’s GCACS-IoD. An improved certificate-enabled generic access control scheme for IoD deployment, called as i GCACS-IoD, has been suggested, which overcomes the weaknesses found in the previous GCACS-IoD. The practical demonstration of i GCACS-IoD has been done through formal security verification and also through NS2 simulation study.

@inproceedings{bib_An_E_2021, AUTHOR = {TarakNandy, and IdnaIdris, Mohd Yamani and MdNoor, Rafidah and Das, Ashok Kumar and Li, Xiang and Ghania, Norjihan Abdul and Bhattacharyyae, Sananda }, TITLE = {An Enhanced Lightweight and Secured Authentication Protocol for Vehicular Ad-hoc Network}, BOOKTITLE = {Computer Communications}. YEAR = {2021}}

A substantial number of authentication protocols are designed to safeguard vehicular ad-hoc network (VANET) communication from potential attacks; however, they experienced an inability to provide a balance between lightweight and security. Existing security and privacy-preserving based authentication protocols in vehicular networks mostly rely on the trusted authority and signatures to validate the communication on road. Accomplishing the quick validation and correspondence is difficult in such methodologies and further, they endure execution obliges from coming about overhead. To overcome these issues, we have developed an enhanced lightweight and secure authentication protocol (ELSAP) for V2V Communication in VANETs. Moreover, the scheme withheld with self-authentication prior to communication that enhances the network feasibilities, which in return needs less message transfer during authentication as well as communication, indicates lightweight features. Furthermore, two or more vehicles can securely perform mutual authentication, proven by Burrow–Abadi–Needham (BAN) logic. Additionally, the competency of the proposed protocol against the current updated threats is shown via security analysis and comparisons tools such as Automated Validation of Internet Security Protocols and Applications (AVISPA). The result of the performance analysis shows that the communication cost and computational cost outperformed the earlier authentication schemes alongside the security features of the proposed protocol.

@inproceedings{bib_Bloc_2021, AUTHOR = {Chattaraj, Durbadal and Bera, Basudeb and Das, Ashok Kumar and Saha, Sourav and Lorenz, Pascal and Park, YoungHo }, TITLE = {Block-CLAP: Blockchain-assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}

In the Internet of Vehicles (IoV), numerous potential applications have come up with the use of the Internet of Things (IoT)-empowered smart devices. In IoV, vehicles, roads, street signs and traffic lights can accordingly adjust to changing conditions in order to assist drivers, and also to improve safety, ease congestion and pollution reduction. Since various entities in an IoV environment make communications over public channels, there are potential security threats. To deal with such serious threats, we design a new blockchain-assisted certificateless key agreement protocol for IoV in smart transportation context, called Block-CLAP. To manage the dynamic vehicles efficiently, the vehicles are grouped into the dynamic clusters, and each cluster will have a cluster head (CH) with its members as other neighbor vehicles and an road-side unit (RSU). In Block-CLAP, through authentication key management, data reach to the CH and then to its nearby RSU securely using the established secret keys. The cloud server then securely collects the information from its attached RSUs and create the transactions. Later, the transactions are formed into blocks by the cloud server (CS) in a Peer-to-Peer (P2P) cloud servers network, and the blocks are verified and added through voting-based consensus algorithm in the blockchain. The detailed security analysis through formal, informal and formal security verification, and comparative study show that Block-CLAP provides superior security and has low communication and computational overheads as compared with other existing competing authentication schemes in the IoV environment. Finally, the blockchain-based implementation of Block-CLAP has been performed to measure computational time needed for a varied number of transactions per block and also for a varied number of blocks mined in the blockchain.

@inproceedings{bib_Acce_2021, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and Garg, Sahil and Piran, Md. Jalil and Hossain, M. Shamim }, TITLE = {Access Control Protocol for Battlefield Surveillance in Drone-Assisted IoT Environment }, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}

Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.

@inproceedings{bib_Smar_2021, AUTHOR = {Anusha, Vangala and , Anil Kumar Sutrala and Das, Ashok Kumar and Jo, Minho }, TITLE = {Smart Contract-Based Blockchain-Envisioned Authentication Scheme for Smart Farming}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}

A blockchain-based smart farming technology provides the agricultural data to the farmers and other users associated with smart farming on a single integrated platform. Moreover, persistence and auditability of stored data in blocks into the blockchain provide the confidence of using the correct data when needed later and adds transparency, anonymity, and traceability at the same time. To fulfill such a goal, in this article, we design a new smart contract-based blockchainenvisioned authenticated key agreement mechanism in a smart farming environment. The device-to-device (D2D) authentication phase and device-to-gateway (D2G) authentication phase support mutual authentication and key agreement between two Internetof-Things (IoT)-enabled devices and between an IoT device and the gateway node (GWN) in the network, respectively. The blocks are created by the edge servers on the authenticated data of IoT devices received from the GWNs and then sent to the cloud server (CS). The smart contract-based consensus mechanism allows verification and addition of the formed blocks by a peer-to-peer (P2P) CSs network. The security of the proposed scheme is done through formal and informal security analysis, and also using the formal security verification tool. A detailed comparative study reveals that the proposed scheme offers superior security and more functionality features as compared to existing competing authentication protocols. Finally, the blockchain-based simulation has been conducted to measure computational time for a varied number of mined blocks and also a varied number of transactions per block.

@inproceedings{bib_On_t_2021, AUTHOR = {Bagga, Palak and Das, Ashok Kumar and Wazid, Mohammad and Rodrigues, Joel J. P. C. and Choo, Kim-Kwang Raymond and , YoungHo Park }, TITLE = {On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2021}}

Internet of Vehicles (IoV), a distributed network involving connected vehicles and Vehicular Ad Hoc Networks (VANETs), allows connected vehicles to communicate with other Internet-connected entities in real time. The communications among these entities (e.g. vehicles, pedestrians, fleet management systems, and road-side infrastructure) generally take place via an open channel. In other words, such an open communication can be targeted by the adversary to eavesdrop, modify, insert fabricated (or malicious) messages, or delete any data-in-transit; thus, resulting in replay, impersonation, man-in-the-middle, privileged-insider, and other related attacks. In addition to security, anonymity and untraceability are two other important features that should be achieved in an authentication protocol. In this paper, we propose a new mutual authentication and key agreement protocol in an IoV-enabled Intelligent Transportation System (ITS). Using both formal and informal security analysis, as well as formal security verification using an automated verification tool, we show that the proposed scheme is secure against several known attacks in an IoV-enabled ITS environment. Furthermore, a detailed comparative analysis shows that the proposed scheme has low communication and computational overheads, and offers better security and functionality attributes in comparison to seven other competing schemes. We also evaluate the performance of the proposed scheme using NS2.

@inproceedings{bib_LAPT_2021, AUTHOR = {Far, Hossein Abdi Nasib and Bayat, Majid and Das, Ashok Kumar and Fotouhi, Mahdi and Pournaghi, Morteza and Doostar, M. A. }, TITLE = {LAPTAS: lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT}, BOOKTITLE = {Wireless Networks}. YEAR = {2021}}

Nowadays, wireless sensor networks (WSNs) are essential for monitoring and data collection in many industrial environments. Industrial environments are usually huge. The distances between the devices located in them can be vast; in this case, the Industrial Internet of Things (IIoT) leads to greater productivity and efficiency of industries. Furthermore, the sensor devices in IIoT have limited memory and constrained processing power, and using gateway nodes is inevitable to cover these vast areas and manage communications between industrial sensors. Security threats such as compromised devices, denial of service, and leakage of confidential information can incur hefty expenses and irreparable damage to industrial systems. Hence, in the IIoT hierarchical architecture, anonymous and mutual authentication between users, gateway nodes, and sensor nodes is essential to protect users and the system’s security and privacy. In this article, we propose a lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-Based IIoT (LAPTAS). In LAPTAS, registered users can use their security smartcard to communicate with sensors and access their data. Moreover, the proposed scheme supports sensor node dynamic registration, password and biometric change, and revocation phase. Additionally, we evaluate and verify our scheme’s security formally using the Real-or-Random model and informally with the automatic cryptographic Protocol Verifier tool(ProVerif). Finally, our scheme is simulated by the OPNET network simulator and compared with other similar schemes to ensure that the LAPTAS meets all security and performance requirements.

@inproceedings{bib_Auth_2021, AUTHOR = {Sutrala, Anil Kumar and Obaidat, Mohammad S. and Saha, Sourav and Das, Ashok Kumar and Alazab, Mamoun and Park, Youngho }, TITLE = {Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems }, BOOKTITLE = {IEEE Transactions on Intelligent Transportation Systems}. YEAR = {2021}}

With the tremendous growth of Information and Communications Technology (ICT), Cyber Physical Systems (CPS) have opened the door for many potential applications ranging from smart grids and smart cities to transportation, retail, public safety and networking, healthcare and industrial manufacturing. However, due to communication via public channel occurring among various entities in an industrial CPS (ICPS) with the help of the 5G technology and Software-Defined Networking (SDN), it poses several potential security threats and attacks. To mitigate these issues, we propose a new three-factor user authentication and key agreement scheme (UAKA-5GSICPS) for 5G-enabled SDN based ICPS environment. UAKA-5GSICPS allows an authorized user to access the real-time data directly from some designated Internet of Things (IoT)-based smart devices provided that a successful mutual authentication among them is executed via their controller node in the SDN network. It is shown to be robust against various potential attacks through detailed security analysis including the simulation-based formal security verification. A detailed comparative study with the help of experimental results shows that UAKA-5GSICPS achieves better trade-off among security and functionality features, communication and computation overheads as compared to other existing competing schemes.

@inproceedings{bib_Priv_2021, AUTHOR = {SoumyaBanerjee, and Bera, Basudeb and Das, Ashok Kumar and Chattopadhyaya, Samiran and KhurramKhan, Muhammad and J.P.C.Rodriguesde, Joel }, TITLE = {Private blockchain-envisioned multi-authority CP-ABE-based user access control scheme in IIoT}, BOOKTITLE = {Computer Communications}. YEAR = {2021}}

Recent advances in Low Power Wide Area Network (LPWAN) are expected to augment the already prodigious proliferation of Industrial Internet of Things (IIoT). However, this unrepresented growth is tinged by the uncertainty of possible challenges in security and privacy. In this work, we propose a novel blockchain-envisioned fine grained user access control scheme for data security and scalability in IIoT environment. The proposed scheme supports multiple attribute authorities and also a constant size key and ciphertext. The data gathered by the IoT smart devices are encrypted using the cipher-policy attribute based encryption (CP-ABE) and sent to their nearby gateway nodes. Later, the gateway nodes form the transactions from the encrypted data from the smart devices which are used to form partial blocks. The partial blocks are then forwarded to the cloud server(s) in the peer-to-peer (P2P) network to convert them into full blocks, which are verified, mined and added into the blockchain using the voting-based practical Byzantine fault tolerance (PBFT) consensus algorithm. The proposed scheme also allows a user to access the secure data stored in the blocks into the blockchain using the CP-ABE mechanism. The security analysis demonstrates the robustness of the proposed scheme against various attacks, and the comparative study with related relevant schemes also highlights the advantage of the proposed scheme over existing approaches. Finally, a blockchain implementation of the presented scheme summarizes the computational costs for a varied number of transactions per block, and also for a varied number of blocks mined in the blockchain.

@inproceedings{bib_Comm_2021, AUTHOR = {YU, SUNGJIN and Das, Ashok Kumar and Park, Youngho }, TITLE = {Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}

Smart home is intended to be able to enhance home automation systems and achieves goals such as reducing operational costs and increasing comfort while providing security to mobile users. However, an attacker may attempt security attacks in smart home environments because he/she can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2020, Iqbal et al. presented an anonymous lightweight authentication protocol for software-defined networking (SDN) enabled smart home, called ALAM. They claimed that ALAM protocol could resist security threats, and also provide secure mutual authentication and user anonymity. This comment demonstrates that ALAM protocol is fragile to various attacks, including session key disclosure, impersonation, and man-in-the-middle attacks, and also their scheme cannot provide user anonymity and mutual authentication. We propose the essential security guidelines to overcome the security flaws of ALAM protocol.

@inproceedings{bib_Prov_2021, AUTHOR = {Saleem, Muhammad Asad and Ghaffar, Zahid and Mahmood, Khalid and Das, Ashok Kumar and Rodrigues, Joel J. P. C and Khan, Muhammad Khurram }, TITLE = {Provably Secure Authentication Protocol for Mobile Clients in IoT Environment using Puncturable Pseudorandom Function}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2021}}

The Internet of things (IoT) is a framework of various services and smart technologies that mutually communicate information between mobile devices and users or just between devices with the help of Internet connectivity. The dramatic progression of IoT helps numerous network applications and communication technologies to introduce state-of-the-art communication models for enabling interaction among mobile server, clients and various other smart entities. Now-a-days, online mobile services have gained huge attention by providing ample convenience to the distant users. However, it is necessary to secure the information, being exchanged among mobile clients and server. Therefore, a large number of authentication protocols have been presented but majority of them are unsuitable to fulfill novel security requirements and standards. Moreover, they are incompatible for IoT Environment due to higher computation and communication complexity. Consequently, there is a dire need of developing an adequate, reliable and cost-effective authentication protocol. In this article, we introduce a novel identity-based key agreement protocol using the puncturable pseudorandom functions for mobile clients in IoT environment. The proposed PSK-MC protocol enable two mobile clients to accomplish mutual authentication via server. The proposed protocol is evaluated formally and informally to determine its security strength. The formal security analysis is presented using the widely used random oracle model. Moreover, all the cryptographic operations used at mobile client side are executed on a mobile device, while the operations used at server side are implemented on a desktop machine to get the experimental results to determine computation cost. The performance analysis reveals the fact that our protocol is comparatively better than related protocols by exhibiting least communication and computation overhead.

@inproceedings{bib_On_t_2021, AUTHOR = {Das, Ashok Kumar and Bera, Basudeb and WAZID, MOHAMMAD and Jamal, Sajjad Shaukat and Park, Youngho }, TITLE = {On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}

In recent years, the Internet of things (IoT) has become an encouraging communication paradigm that has numerous applications including smart city, smart home and intelligent transportation system. The information sensed by several IoT smart devices can be security stored at the (cloud) servers. An external user, being a client, can access the services from a server for the sensing information, provided that a mutual authentication happens among them. Using the established session key among the user and the server, encrypted information with the help of session key can be delivered to the user by the server securely. Recently, Rana et al. proposed a smart-card based remote user authentication scheme using user password. In this comment paper, we carefully analyzed the scheme of Rana et al. and tracked down that their scheme is insecure against serious attacks, including stolen smart card attack, privileged-insider attack, user impersonation attack, password change attack and Ephemeral Secret Leakage (ESL) attack. Furthermore, their scheme does not preserve untraceability feature. To remedy these security pitfalls, we also provide some remedies that can help in building more secure and effective user authentication scheme to apply in securing next generation IoT infrastructure.

@inproceedings{bib_Secu_2021, AUTHOR = {, Joonyoung Lee and Kim, Geonhwan and Das, Ashok Kumar and Park, Youngho }, TITLE = {Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks }, BOOKTITLE = {IEEE Transactions on Network Science and Engineering ( Early Access )}. YEAR = {2021}}

Vehicular Ad Hoc Network (VANET) and Internet of Vehicle (IoV) technologies are particularly attracting attention from industry communities because of the intelligent transportation systems of smart city technologies. This study proposes an authentication and key agreement protocol for vehicle-to-vehicle(V2V) communication of IoV. Through V2V communication, traffic system management and road safety can be guaranteed. However, V2V communication cannot manage many vehicles as a whole, so it needs to be segmented and communicated by region. Therefore, considering locality, key agreement is made for V2V communication of the same or different regions, and a lightweight protocol is proposed for dynamic properties of vehicles to achieve such a goal. In addition, since the vehicle information is transmitted through a public channel, the security against various attacks is guaranteed by using mutual authentication and honey_list technology. It provides verification of safety through a detailed security analysis using the formal analysis using the widely-accepted Real-Or-Random(ROR) model, formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) software validation tool and non-mathematical(informal) security analysis. In addition, a detailed comparative study that the proposed scheme can be applied in the communication environment between actual vehicles as compared to other existing competing schemes.

@inproceedings{bib_MADP_2021, AUTHOR = {Pundir, Sumit and Obaidat, Mohammad S. and Wazid, Mohammad and Das, Ashok Kumar and Singh, Devesh Pratap and Rodrigues, Joel J. P. C. }, TITLE = {MADP-IIME: Malware Attack Detection Protocol in IoT-Enabled Industrial Multimedia Environment using Machine Learning Approach}, BOOKTITLE = {Multimedia Systems}. YEAR = {2021}}

Internet of Things (IoT) is one of the fastest-growing technologies. With the deployment of massive and faster mobile networks, almost every daily-use item is connected to the Internet. IoT-enabled industrial multimedia environment is used for the collection and analysis of different types of multimedia data (i.e., images, videos, audios, etc.). This multimedia data is generated by various types of smart devices like drones, robots, smart controller, smart surveillance system which are deployed for the industrial monitoring and control. The multimedia data is generated in the enormous amount which can be considered as the big data. This data is further utilized in various types of business needs for example, chances of fire accidents in the industrial plant, overall machine health, etc., which can be predicted through the application of big data analytics. Therefore, IoT-enabled industrial multimedia environment is very helpful to the concerned authorities as they come to know the important information in advance. However, all the smart devices are connected and controlled through the Internet. It further causes severe threats to the communication happens in an IoT-enabled industrial multimedia environment. It is vulnerable to various types of attacks such as replay, man-in-the-middle, impersonation, secret information leakage, sensitive information modification, and malware injection (i.e., mirai). Therefore, it is important to prevent the communication of such an environment against the different types of possible attacks. These days, the attacks performed by botnets (i.e., malware attacks such as mirai and reaper) have drawn attention to the researchers. Under the influence of such attacks, the communication of IoT-enabled industrial multimedia environment is disrupted. Moreover, the attackers may also control the smart devices remotely and can change their functionalities. Hence, we need some robust mechanism to detect the presence of the malware attacks in such an environment. In this paper, we propose a malware detection mechanism in IoT-enabled industrial multimedia environment with the help of machine-learning approach, which is named as MADP-IIME. MADP-IIME uses four different types of machine learning methods (i.e., naive bayes, logistic regression, artificial neural networks (ANN) and random forest) to detect the presence of malware attacks successfully. Furthermore, MADP-IIME performs better than other related existing schemes and achieves 99.5% detection and 0.5% false positive rate. In addition, the conducted security analysis proves the resilience of the proposed MADP-IIME against different types of malware attacks.

@inproceedings{bib_On_t_2021, AUTHOR = {SHASHIDHARA, R. and NAYAK, SANJEET KUMAR and Das, Ashok Kumar and PARK, YOUNGHO }, TITLE = {On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-limited Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2021}}

A secure authentication protocol plays a crucial role in securing communications over wireless and mobile networks. Due to resource-limitations and the nature of the wireless channel, the global mobile networks are highly susceptible to various attacks. Recently, an efficient authentication system for global roaming has been proposed in the literature. In this article, we first show that the analyzed authentication system is vulnerable man-in-the-middle attack, replay attack and Denial-of-Service (DoS) attack, and it does not ensure untraceability and local password-verification process to identify wrong passwords. To fix these security flaws, we propose a more efficient and robust authentication system for roaming in mobility networks. We use the formal verification tools like ProVerif, Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) logic to check the regularity of the authentication protocol. Moreover, we prove the secrecy of a session key through the formal security using the random oracle model, known as Real-Or-Random (ROR) model. Finally, a detailed performance evaluation proves that the security protocol not only provides a security strength, but also preserves the low computational overhead. Thus, the proposed authentication protocol is secure and computationally efficient as compared to other relevant schemes.

@inproceedings{bib_A_ne_2020, AUTHOR = {Avancini, Danielly B. and Rodrigues, Joel J. P. C. and Rabêlo, Ricardo A. L. and Das, Ashok Kumar and Kozlov, Sergey and Solic, Petar }, TITLE = {A new IoT-based smart energy meter for smart grids}, BOOKTITLE = {International journal of Energy Research}. YEAR = {2020}}

resent Address Federal University of Piauí (UFPI)Campus Petrônio Portela - Bloco 8 Centro de Tecnologia, Ininga 64049-550 Teresina - PI, Brazil. Funding information: Companhia Energética de Minas Gerais, Grant/Award Number: Project No D0640; Conselho Nacional de Desenvolvimento Científico e Tecnológico, Grant/Award Numbers: Grant N. 309335/2017-5, Grant No. 431726/2018-3; FCT/MCTES, Grant/Award Number: Project UIDB/EEA/50008/2020; Brazilian National Council for Scientific and Technological Development, Grant/Award Numbers: 309335/2017-5, 431726/2018-3; FAPEMIG/CEMIG, Grant/Award Number: D0640; TSDA Comunicações Company

@inproceedings{bib_On_t_2020, AUTHOR = {Banerjee, Soumya and Odelu, Vanga and Das, Ashok Kumar and Chattopadhyay, Samiran and Giri, Debasis }, TITLE = {On the Design of a Secure Anonymous User Authentication Scheme for Multiple Base Stations Based Wireless Sensor Networks}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2020}}

In recent years, security and data privacy in Wireless Sensor Networks (WSNs) have gained great thrust. Several anonymity-preserving user authentication and key establishment mechanisms for WSNs with single base station have been suggested in the literature. However, sometimes a single base station may be insufficient to maintain the proper quality of services or it may be a single point of failure in WSNs. Very recently Amin et al. suggested a multiple base stations based anonymous user authentication and key establishment approach for WSNs to address the aforementioned problem. In this paper, we first demonstrate that Amin et al.’s scheme has several security pitfalls. To address the security issues in Amin et al.’s scheme, we design a more secure and anonymous user authentication and key establishment mechanism for WSNs that is also based on multiple base stations concept. An exhaustive comparative study demonstrates that the proposed mechanism gives significantly better security and more functionality attributes with comparable commutation as well as computation overheads while those are compared with Amin et al’s. approach.

@inproceedings{bib_Anon_2020, AUTHOR = {Banerjee, Soumya and Odelu, Vanga and Das, Ashok Kumar and Chattopadhyay, Samiran and Giri, Debasis }, TITLE = {Anonymous Fine-Grained User Access Control Scheme for Internet of Things Architecture}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2020}}

With the rapid growth of wireless technology, Internet of Things (IoT) became very popular in both industrial as well as consumer product domains. While there is a lot of available platforms and technologies for IoT, the access control issue is often overlooked in the IoT security research. An effective access control depends on the proper user authentication mechanism. Thus, access control in this scenario is an emerging and challenging problem in the IoT environment. In this paper, we design an anonymous fine-grained user access control mechanism for IoT architecture. In the proposed scheme, the user authentication is performed by the smart device node based on the user attributes, which enables fine-grained access control over the authorized data. We utilize the widely accepted formal verification tool, called the Automated Validation of Internet Security Protocols and Applications (AVISPA), to formally prove the security of the proposed scheme. Additionally, we also provide a detailed informal security analysis of the scheme. Finally, we perform a simulation study using the broadly used NS3 network simulator to show the practical impact on the proposed scheme on various network parameters.

@inproceedings{bib_Soft_2020, AUTHOR = {Abdelrahman, Abdallah Mustafa and Rodrigues, Joel J. P. C. and Mahmoud, Mukhtar M. E. and Saleem, Kashif and Das, Ashok Kumar and Korotaev, Valery and Kozlov, Sergei A. }, TITLE = {Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2020}}

Software-defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data-forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built-in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state-of-the-art SDN controllers and the available countermeasures. Furthermore, an in-depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

@inproceedings{bib_Cons_2020, AUTHOR = {Saha, Sourav and Chattaraj, Durbadal and Bera, Basudeb and Das, Ashok Kumar }, TITLE = {Consortium blockchain-enabled access control mechanism in edge computing based generic Internet of Things environment}, BOOKTITLE = {Emerging Telecommunications Technologies}. YEAR = {2020}}

This article introduces a new consortium blockchain-enabled access control scheme in edge computing based generic Internet of Things environment (called CBACS-EIoT), where the mutual authentication among the IoT smart devices and the gateway node(s), and also among the gateway node(s) and respective edge server(s) occur. In addition, key management phase is executed among the edge server(s) and associated cloud server(s). Using the established secret keys, the entities in the network communicate securely. The data gathered securely by the gateway nodes are then used to form various types of blocks (private, public, or consortium) at the edge server(s) based on application types in the generic IoT environment. The created blocks are mined by the edge servers in order to add them in the blockchain center. A detailed security analysis including the formal security has revealed that the proposed CBACS-EIoT is robust against various potential attacks needed in the IoT environment. To further strengthen the security, the simulation-based formal security verification on CBACS-EIoT has been carried out to exhibit that CBACS-EIoT is secure against passive and active attacks. Finally, a meticulous comparative performance analysis shows that CBACS-EIoT offers superior security and supports more functionality features, and also provides less communication and computational overheads compared with existing relevant schemes.

@inproceedings{bib_On_t_2020, AUTHOR = {Chattaraj, Durbadal and Saha, Sourav and Bera, Basudeb and Das, Ashok Kumar }, TITLE = {On the Design of Blockchain-Based Access Control Scheme for Software Defined Networks}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2020}}

Software Defined Networking (SDN) becomes a de facto standard for the future Internet. SDN decouples the control plane from the data plane of a proprietary network asset to ensure better programmability and security for designing more innovative future network applications. Presently, the SDN framework does not have proper access control mechanism among different entities, namely SDN applications, SDN controllers and switches. To achieve this goal, this paper proposes a blockchain-based access control scheme for the SDN framework. The proposed scheme has the capability to resist various wellknown attacks and alleviate the existing single point of controller failure issue in SDN. Index Terms—software-defined networking, blockchain, consensus, security, access control.

@inproceedings{bib_On_t_2020, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Shetty, Sachin and Rodrigues, Joel J. P. C. }, TITLE = {On the Design of Secure Communication Framework for Blockchain-Based Internet of Intelligent Battlefield Things Environment}, BOOKTITLE = {IEEE Conference on Computer Communications Workshops}. YEAR = {2020}}

On the basis of the Internet of Things (IoT) applications, several variants such as Internet of Energy (IoE), Internet of Vehicles (IoV), Internet of Drones (IoD), Internet of Medical Things (Internet of Health, IoMT) and Internet of Intelligent Battlefield Things (IoIBT) are developed. The smart devices involved in IoT can also utilize artificial intelligence algorithm (i.e., machine learning) to make the communication environment more effective and efficient. Intelligent Battlefield Things (IBT) communication environment is an example of that kind. It consists of smart and intelligent devices (i.e., drones), which monitor the activities of the enemies and retaliate accordingly. Hence, we need very less or negligible human involvement. IBT communication environment is very suitable for the purpose of battlefield communication (i.e., war zone, target tracking and hitting, border area surveillance and retaliation). However, IBT has certain drawbacks, because it may be vulnerable to different types of attacks, such as replay, man-in-the-middle, impersonation, data modification, data leakage attacks, etc. Therefore, it becomes essential to provide a security mechanism to secure the communication that happens in IBT environment. To achieve this purpose, we propose a secure communication framework for the blockchain of IBT environment. In addition, the benefits of applications of blockchain of IBT are discussed. The issues and challenges of blockchain of IBT environment are also highlighted. Finally, a security analysis of the proposed framework is conducted to depict its resilience against possible attacks.

@inproceedings{bib_Priv_2020, AUTHOR = {Wazid, Mohammad and Bera, Basudeb and Mitra, Ankush and Das, Ashok Kumar and Ali, Rashid }, TITLE = {Private blockchain-envisioned security framework for AI-enabled IoT-based drone-aided healthcare services}, BOOKTITLE = {International Conference on Wireless and Mobile Computing, Networking and Communications}. YEAR = {2020}}

Internet of Drones (IoD) architecture is designed to support a co-ordinated access for the airspace using the unmanned aerial vehicles (UAVs) known as drones. Recently, IoD communication environment is extremely useful for various applications in our daily activities. Artificial intelligence (AI)-enabled Internet of Things (IoT)-based drone-aided healthcare service is a specialized environment which can be used for different types of tasks, for instance, blood and urine samples collections, medicine delivery and for the delivery of other medical needs including the current pandemic of COVID-19. Due to wireless nature of communication among the deployed drones and their ground station server, several attacks (for example, replay, man-in-the-middle, impersonation and privileged-insider attacks) can be easily mounted by malicious attackers. To protect such attacks, the deployment of effective authentication, access control and key management schemes are extremely important in the IoD environment. Furthermore, combining the blockchain mechanism with deployed authentication make it more robust against various types of attacks. To mitigate such issues, we propose a private-blockchain based framework for secure communication in an IoT-enabled drone-aided healthcare environment. The blockchain-based simulation of the proposed framework has been carried out to measure its impact on various performance parameters.

@inproceedings{bib_SAC-_2020, AUTHOR = {Wazid, Mohammad and Obaidat, Mohammad S. and Das, Ashok Kumar and Vijayakumar, Pandi }, TITLE = {SAC-FIIoT: Secure Access Control Scheme for Fog-Based Industrial Internet of Things}, BOOKTITLE = {IEEE Global Communications Conference}. YEAR = {2020}}

Industrial Internet of Things (IIoT) is a communication environment that consists of various interconnected sensing devices, instruments, and other devices connected together with industrial software tools and applications. The important applications of IIoT include industrial automation, predictive maintenance, smart logistics management, power management, smart package management and smart robotics. However, IIoT may be vulnerable to different types of attacks as the IoT smart devices communicate among each other via insecure communication means. Thus, there is an essential requirement of deployment of secure access control scheme in IIoT environment, which is one of the important security services for securing IIoT. In this paper, we propose a novel access control scheme for fog based IIoT communication, called SAC-FIIoT. We provide the details of network model as well as threat model, which are required to design SAC-FIIoT. The security analysis of SAC-FIIoT shows its resilience against various types of possible attacks. SAC-FIIoT is also compared with other related competing existing schemes and it was found that its performance is better than these competing schemes. Therefore, SAC-FIIoT is suitable for access control in a fog-based IIoT environment.

@inproceedings{bib_On_t_2020, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and WalterBalzano, and Medaglia, Carlo Maria }, TITLE = {On the design of biometric-based user authentication protocol in smart city environment}, BOOKTITLE = {Pattern Recognition Letters}. YEAR = {2020}}

Among the security services, like authentication, access control, key management and intrusion detection, user authentication is very much needed for a smart city environment because an external authorized user may require the real time data to be accessed directly from the deployed Internet of Things (IoT) enabled smart devices. Using the established session key between the user and an access smart device though mutual authentication and key agreement process, the real time data can be securely accessed. To deal with this issue, we propose a new user authentication scheme in smart city environment using three factors of a legal registered user (mobile device, password and biometrics). The proposed scheme is shown to be robust against a number of potential attacks needed in an IoT-based smart city deployment. The simulation study for formal security verification using the widely-accepted “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool demonstrates that the proposed scheme is also secure. Furthermore, experiments on various cryptographic primitives have been carried out using “MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library” under both server and Raspberry PI 3 settings. Finally, a comprehensive comparative analysis shows the effectiveness and better security of the proposed scheme as compared with other state of art user authentication schemes.

@inproceedings{bib_Bloc_2020, AUTHOR = {Bagga, Palak and Sutrala, Anil Kumar and Das, Ashok Kumar and Vijayakumar, Pandi }, TITLE = {Blockchain-based batch authentication protocol for Internet of Vehicles}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2020}}

The vehicles in Internet of Vehicles (IoV) can be used to opportunistically gather and distribute the data in a smart city environment. However, at the same time, various security threats arise due to insecure communication happening among various entities in an IoV-based smart city deployment. To address this issue, we aim to design a novel blockchain-enabled batch authentication scheme in Artificial Intelligence (AI)-envisioned IoV-based smart city deployment. The latest trends and revolutions in technologies incorporate AI/Machine Learning (ML) in blockchaining to produce a secure, efficient and intelligent blockchain based system. The data stored in the blocks in the blockchain are authentic and genuine, which makes the AI/ML algorithms to work at their exceptions in order produce correct predictions on the blockchain data. Through the signing phase of the proposed scheme, each vehicle in a dynamically formed cluster broadcasts a message to its own member and respective road-side unit (RSU). In the proposed scheme, two types of authentication take place: vehicle to vehicle (V2V) authentication allows a vehicle to authenticate its neighbor vehicles in its cluster, while batch authentication permits a group of cluster vehicles to be authenticated by their . At the end, a group key is established among the vehicles and in their cluster. then gathers securely data from its vehicles and form several transactions including the information of vehicles and its own given information to the cluster member vehicles. The transactions are formed later by the nearby fog server associated with and then by the cloud server to form a complete block. The created blocks are mined by the cloud servers in a Peer-to-Peer (P2P) cloud server network through the voting-based Practical Byzantine Fault Tolerance (PBFT) consensus algorithm. The authentic and genuine data of the blockchain are utilized for Big data analytics through AI/ML algorithms. It is shown that the proposed scheme is highly robust against various attacks through formal and informal security analysis, and also through formal security verification tool. A detailed comparative analysis reveals that the proposed scheme achieves superior security and functionality features, and offers comparable storage, communication and computational costs as compared to other existing competing schemes. Finally, the blockchain implementation has been carried out on the proposed scheme to show its effectiveness.

@inproceedings{bib_Desi_2020, AUTHOR = {Bera, Basudeb and Saha, Sourav and Das, Ashok Kumar and Vasilakos, Athanasios V. }, TITLE = {Designing Blockchain-Based Access Control Protocol in IoT-Enabled Smart-Grid System}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}

We design a new blockchain-based access control protocol in IoT-enabled smart-grid system, called DBACP-IoTSG. Through the proposed DBACP-IoTSG, the data is securely brought to the service providers from their respectively smart meters. The Peer-to-Peer (P2P) network is formed by the participating services providers, where the peer nodes are responsible for creating the blocks from the gathered data securely from their corresponding smart meters and adding them into the blockchain after validation of the blocks using the voting-based consensus algorithm. In our work, the blockchain is considered as private because the data collected from the consumers of the smart meters are private and confidential. By the formal security analysis under the random oracle model, non-mathematical security analysis and software-based formal security verification, DBACP-IoTSG is shown to be resistant against various attacks. We carry out the experimental results of various cryptographic primitives that are needed for comparative analysis using the widely-used Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL). A detailed comparative study reveals that DBACP-IoTSG supports more functionality features and provides better security apart from its low communication and computation costs as compared to recently proposed relevant schemes. In addition, the blockchain implementation of DBACPIoTSG has been performed to measure computational time needed for the varied number of blocks addition and also the varied number of transactions per block in the blockchain.

@inproceedings{bib_Desi_2020, AUTHOR = {SON, SEUNGHWAN and LEE, JOONYOUNG and KIM, MYEONGHYUN and YU, SUNGJIN and Das, Ashok Kumar and PARK, YOUNGHO }, TITLE = {Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

Telecare medical information system (TMIS) implemented in wireless body area network (WBAN) is convenient and time-saving for patients and doctors. TMIS is realized using wearable devices worn by a patient, and wearable devices generate patient health data and transmit them to a server through a public channel. Unfortunately, a malicious attacker can attempt performing various attacks through such a channel. Therefore, establishing a secure authentication process between a patient and a server is essential. Moreover, wearable devices have limited storage power. Cloud computing can be considered to resolve this problem by providing a storage service in the TMIS environment. In this environment, access control of the patient health data is essential for the quality of healthcare. Furthermore, the database of the cloud server is a major target for an attacker. The attacker can try to modify, forge, or delete the stored data. To resolve these problems, we propose a secure authentication protocol for a cloud-assisted TMIS with access control using blockchain. We employ ciphertext-policy attribute-based encryption (CP-ABE) to establish access control for health data stored in the cloud server, and apply blockchain to guarantee data integrity. To prove robustness of the proposed protocol, we conduct informal analysis and Burrows-Adabi-Needham (BAN) logic analysis, and we formally validate the proposed protocol using automated validation of internet security protocols and applications (AVISPA). Consequently, we show that the proposed protocol provides more security and has better efficiency compared to related protocols. Therefore, the proposed protocol is proper for a practical TMIS environment.

@inproceedings{bib_AI-E_2020, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and Obaidat, Mohammad S. and Vijayakumar, Pandi and Hsiao, Kuei-Fang and Park, YoungHo }, TITLE = {AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE}, BOOKTITLE = {IEEE Consumer Electronics Magazine}. YEAR = {2020}}

In Internet of Everything (IoE), malicious attacks detection and mitigation are important issues. These issues can be resolved through an access control framework where two entities first authenticate each other prior to establish any secret key for their secure communication. The sensing data of various smart devices in an IoE environment are processed securely at the nearby fog servers and at the same time legitimate users can also access the real-time data directly from designated smart devices through access control mechanism. We first discuss various attack trends in IoE environment. After that we discuss evolution of the blockchain technology in the IoE. An Artificial Intelligence (AI)-based blockchain-envisioned access control framework for malicious attacks detection and mitigation has been suggested to secure the IoE environment. Finally, a blockchain based implementation has been conducted on the proposed blockchain-envisioned access control framework for measuring the computational time needed for varying number of blocks mined in the blockchain and also for varying number of transactions per block.

@inproceedings{bib_Soft_2020, AUTHOR = {Abdelrahman, Abdallah Mustafa and Rodrigues, Joel J. P. C. and Mahmoud, Mukhtar M. E. and Saleem, Kashif and Das, Ashok Kumar and Korotaev, Valery and Kozlov, Sergei A. }, TITLE = {Software Defined Networking Security for Private Data Center Networks and Clouds: Vulnerabilities, Attacks, Countermeasures, and Solutions}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2020}}

Software‐defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data‐forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built‐in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state‐of‐the‐art SDN controllers and the available countermeasures. Furthermore, an in‐depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

@inproceedings{bib_Desi_2020, AUTHOR = {Jangirala, Srinivas and Das, Ashok Kumar and Wazid, Mohammad and Vasilakos, Athanasios V. }, TITLE = {Designing Secure User Authentication Protocol for Big Data Collection in IoT-Based Intelligent Transportation System}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}

Secure access of the real-time data from the IoT smart devices (e.g., vehicles) by a legitimate external party (user) is an important security service for Big Data collection in Internet of Things (IoT)-based Intelligent Transportation System (ITS). To deal with this important issue, we design a new three-factor user authentication scheme, called UAP-BCIoT, which relies on Elliptic Curve Cryptography (ECC). The mutual authentication between the user and an IoT device happens via the semi-trusted Cloud-Gateway (CG) node in UAP-BCIoT. UAP-BCIoT supports several functionality features needed for IoT-based ITS environment including IoT smart device credential validation and Big Data analytics. A detailed security analysis is conducted based on the defined threat model to show that UAP-BCIoT is resilient against many known attacks. A thorough comparative study reveals that UAP-BCIoT supports better security, offers various functionality attributes, and also provides similar costs in communication as well computation as compared to other relevant schemes Finally, the practical demonstration of the proposed UAP-BCIoT is also provided to measure its impact on the network performance parameters.

@inproceedings{bib_Priv_2020, AUTHOR = {Bera, Basudeb and Das, Ashok Kumar and Sutrala, Anil Kumar }, TITLE = {Private blockchain-based access control mechanism for unauthorized UAV detection and mitigation in Internet of Drones environment}, BOOKTITLE = {Computer Communications}. YEAR = {2020}}

Drones, which are also known as Unmanned Aerial Vehicles (UAVs), are very useful in delivering the packages, and real-time object detection and tracking with minimal human interference. However, there may be several security threats in such an environment, for instance, a malicious user can spy unauthorized drones, transfer malicious packages, or even damage the network reliability that can have direct impact on drones control. This may lead to a potential threat for people, governments, and business sectors. To deal with these issues, in this paper, we propose a novel access control scheme for unauthorized UAV detection and mitigation in an Internet of Drones (IoD) environment, called ACSUD-IoD. With the help of the blockchain-based solution incorporated in ACSUD-IoD, the transactional data having both the normal secure data from a drone (UAV) to the Ground Station Server and the abnormal (suspected) data for detection of unauthorized UAVs by the are stored in private blockchain, that are authentic and genuine. As a result, the Big data analytics can be performed on the authenticated transactional data stored in the blockchain. Through the detailed security analysis including formal security under the broadly-accepted Real-Or-Random (ROR) model, formal security verification using the widely-applied Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and non-mathematical security analysis show the robustness of the proposed scheme against a number of potential attacks needed in an IoD environment. The testbed experiments for various cryptographic primitives using the broadly-accepted Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) have been performed under both server and Raspberry PI 3 configurations. Furthermore, a detailed comparative analysis among the proposed scheme and other existing competing schemes shows the efficacy and more robustness as compared to the existing schemes. Finally, the blockchain-based practical demonstration shows the effectiveness of the proposed scheme.

@inproceedings{bib_Secu_2020, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and SHETTY, SACHIN and GOPE, PROSANTA and RODRIGUES, JOEL J. P. C. }, TITLE = {Security in 5G-Enabled Internet of Things Communication: Issues, Challenges and Future Research Roadmap}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

5G mobile communication systems promote the mobile network to not only interconnect people, but also interconnect and control the machine and other devices. 5G-enabled Internet of Things (IoT) communication environment supports a wide-variety of applications, such as remote surgery, self-driving car, virtual reality, flying IoT drones, security and surveillance and many more. These applications help and assist the routine works of the community. In such communication environment, all the devices and users communicate through the Internet. Therefore, this communication agonizes from different types of security and privacy issues. It is also vulnerable to different types of possible attacks (for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, man-in-the-middle, malicious routing, and so on). It is then very crucial to protect the infrastructure of 5G-enabled IoT communication environment against these attacks. This necessitates the researchers working in this domain to propose various types of security protocols under different types of categories, like key management, user authentication/device authentication, access control/user access control and intrusion detection. In this survey paper, the details of various system models (i.e., network model and threat model) required for 5G-enabled IoT communication environment are provided. The details of security requirements and attacks possible in this communication environment are further added. The different types of security protocols are also provided. The analysis and comparison of the existing security protocols in 5G-enabled IoT communication environment are conducted. Some of the future research challenges and directions in the security of 5G-enabled IoT environment are displayed. The motivation of this work is to bring the details of different types of security protocols in 5G-enabled IoT under one roof so that the future researchers will be benefited with the conducted work.

@inproceedings{bib_On_t_2020, AUTHOR = {Saha, Sourav and Sutrala, Anil Kumar and Das, Ashok Kumar and Kumar, Neeraj and Rodrigues, Joel J. P. C. }, TITLE = {On the Design of Blockchain-Based Access Control Protocol for IoT-Enabled Healthcare Applications}, BOOKTITLE = {International Conference on Communications}. YEAR = {2020}}

Access control is one of the important security services that is essential for an Internet of Things (IoT)-enabled authorized user using his/her smart mobile device to authenticate with the trusted Hospital Authority (HA) in a hospital. After mutual authentication, a secret key is established among the user and HA for secure data transmission. The secure data (transactions) gathered by the HA from the users in the hospital is encrypted using a shared key among various trusted hospital authorities involved in the private blockchain network of hospitals. The HA of each hospital is responsible for constructing the blocks in the blockchain using the encrypted transactions because the data in healthcare application is treated as confidential and private. To deal with this important problem, we design a novel access control scheme using private blockchain technology. The proposed scheme is shown to be secure against various well-known attacks. Moreover, the proposed scheme provides better security and functionality features, and also requires low communication and computational costs as compared to relevant approaches.

@inproceedings{bib_Desi_2020, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Kumar, Neeraj and Alazab, Mamoun }, TITLE = {Designing Authenticated Key Management Scheme in 6G-enabled Network in a Box Deployed for Industrial Applications}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2020}}

6G-enabled network in a box (NIB) is a multi- generational, rapidly deployable hardware and software technology for the communication. 6G-enabled NIB provides high level of flexibility which makes it capable to provide connectivity services for different types of applications as it is effective for the communications of after disaster scenario battlefields scenario and industrial scenario. In 6G-enabled NIB deployed industrial applications, various passive and active attacks are possible because the involved entities communicate over insecure channel. In this paper, a new remote user authentication and key management scheme is proposed for securing 6G-enabled NIB deployed for industrial applications, which we call in short as UAKMS-NIB. The security analysis shows the resilience of the UAKMS-NIB against various types of possible attacks. The practical demonstration of UAKMS-NIB is also provided to measure its impact on the network performance parameters.

@inproceedings{bib_IoV-_2020, AUTHOR = {YU, SUNGJIN and LEE, JOONYOUNG and PARK, KISUNG and Das, Ashok Kumar and PARK, YOUNGHO }, TITLE = {IoV-SMAP: Secure and efficient message authentication protocol for IoV in smart city environment}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.

@inproceedings{bib_Bloc_2020, AUTHOR = {Anusha, Vangala and Bera, Basudeb and Saha, Sourav and Das, Ashok Kumar and Kumar, Neeraj and Park, YoungHo }, TITLE = {Blockchain-Enabled Certificate-Based Authentication for Vehicle Accident Detection and Notification in Intelligent Transportation Systems}, BOOKTITLE = {Sensors Journal}. YEAR = {2020}}

As the communications among the vehicles, theRoad-Side Units(RSU)and the Edge Servers(ES)take placevia wireless communication and the Internet, an adversary maytake the opportunity to tamper with the data communicatedamong various entities in an Internet of Vehicles (IoV) envi-ronment. Therefore, it demands secure communication amongthe involved entities in an IoV-based Intelligent TransportationSystem (ITS) deployment. In this work, we design a newblockchain-enabled certificate-based authentication scheme forvehicle accident detection and notification in ITS, called BCAS-VADN. In BCAS-VADN, through the authentication process, eachvehicle can securely notify accident related transactions to itsnearby Cluster Head(CH), if an accident is detected on roadseither by its own or neighbor vehicle(s). TheCHthen securelysends the transactions received from the vehicles to itsRSUand subsequently, these transactions are also received secretlyby theESs. TheESis responsible for preparing partial blockcontaining transactions and Merkle tree root, and a digital signa-ture on those information, and then forwarding to its associatedCloud Server(CS)in the Blockchain Center(BC)for completeblock creation, verification and addition of the block using thedesigned consensus process. Due to blockchain technology usage,it is shown that BCAS-VADN is not only secure against variouspotential attacks, but also maintains transparency, immutabilityand decentralization of the information. Furthermore, a compre-hensive comparative analysis reveals that BCAS-VADN achievesbetter security and more functionality attributes, and has lowcommunication and computational overheads as compared toother competitive authentication schemes in IoV. In addition,the practical demonstration using the blockchain technology hasbeen also provided.

@inproceedings{bib_Smar_2020, AUTHOR = {Anusha, Vangala and Das, Ashok Kumar and Kumar, Neeraj and Alazab, Mamoun }, TITLE = {Smart Secure Sensing for IoT-Based Agriculture: Blockchain Perspective}, BOOKTITLE = {Sensors Journal}. YEAR = {2020}}

Agriculture is a vital area for the sustenance ofmankind engulfing manufacturing, security, traceability, andsustainable resource management. With the resources recedingexpeditiously, it is of utmost significance to innovate techniquesthat help in the subsistence of agriculture. The growth of Internetof Things (IoT) and Blockchain technology as two rapidlyemerging fields can ameliorate the state of food chain today. Thispaper provides a rigorous literature review to inspect the state-of-the-art development of the schemes that provide informationsecurity using blockchain technology. After identifying the corerequirements in smart agriculture, a generalized blockchain-based security architecture has been proposed. A detailed costanalysis has been conducted on the studied schemes. A meticu-lous comparative analysis uncovered the drawbacks in existingresearch. Furthermore, detailed analysis of the literature has alsorevealed the security goals towards which the research has beendirected and helped to identify new avenues for future researchusing artificial intelligence.

@inproceedings{bib_Desi_2020, AUTHOR = {Srinivas, Jangirala and Das, Ashok Kumar and Li, Xiong and Khan, Muhammad Khurram and Jo, Minho }, TITLE = {Designing Anonymous Signature-Based Authenticated Key Exchange Scheme forIoT-Enabled Smart Grid Systems}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2020}}

Recent technological evolution in the Internet ofThings (IoT) age supports better solutions to magnify themanagement of the power quality and reliability concerns, andimposes the measures of a smart grid. In smart grid environment,a smart meter needs to securely access the services from a serviceprovider via insecure channel. However, since the communicationis via public channel, it imposes various security threats byan adversary. To deal to this, in this article we design a newanonymous signature-based authenticated key exchange schemefor IoT-enabled smart grid environment, called AAS-IoTSG.The dynamic smart meter addition phase is also permissiblein AAS-IoTSG after initial deployment. The security of AAS-IoTSG has been tested rigorously using formal security analysisunder the Real-Or-Random (ROR) model which is one of thebroadly-accepted standard random oracle models, formal secu-rity verification under the broadly-used Automated Validationof Internet Security Protocols and Applications (AVISPA) tooland also using informal security analysis. Finally, an exhaustivecomparative study unveils that AAS-IoTSG supports bettersecurity & functionality features and requires less communication& computation overheads as compared to the existing state-of-artauthentication mechanisms in smart grid systems

@inproceedings{bib_Cach_2020, AUTHOR = {Desai, Santosh Kumar and Dua, Amit and Kumar, Neeraj and Das, Ashok Kumar and Rodrigues, Joel J. P. C. }, TITLE = {Cache Poisoning Prevention Scheme in 5G-enabled Vehicular Networks: A Tangle-based TheoreticalPerspective}, BOOKTITLE = {Consumer Communications & Networking Conference}. YEAR = {2020}}

The modern day traffic continues to evolve in termsof scale, autonomy and access to information. Every vehiclegathers information and contributes its decisions to the globalvehicular network every second. With the advent of 5G equippeddigital communication and sophisticated algorithms are in placefor the vehicles to communicate with each other in a closelymonitored, yet decentralized network, there is a need to ensurethat no form of incorrect data be propagated without priorvalidation. There is also a requirement of maintaining cache sincethere is no centralized network where all vehicles report theiractivities and gather information from, at a required speed. Thedistribution of cache is a major hurdle both in terms of validationand propagation. Cache poisoning can occur if a malicious vehicleor a compromised vehicle intentionally or unintentionally putsincorrect data and other vehicles use that data to skew their ownfuture decisions. In this paper, we explore different methodologiesto address and combat the cache poisoning scenarios and suggestan efficient and secure scheme for validation and distribution ofcache using the Directed Acyclic Graph (DAG) based ledger,which is based on Tangle™.

@inproceedings{bib_Cert_2020, AUTHOR = {Mandal, Shobhan and Bera, Basudeb and Das, Ashok Kumar and Choo, Kim-Kwang Raymond and Park, Youngho }, TITLE = {Certificateless Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2020}}

User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless-signcryption-based user access control for the IoT environment (CSUAC-IoT). Specifically, in our scheme, a user U's password, personal biometrics, and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user (U) and a designated smart device (Si) can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells, and each cell will contain a certain number of IoT devices along with a GN. With the established session key between U and Si, both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the real-or-random (ROR) model, and demonstrate that it can resist several common attacks found in a typical IoT environment using the AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better tradeoff for security and functionality, and computational and communication costs, in comparison to five other competing approaches.

@inproceedings{bib_Desi_2020, AUTHOR = {Bera, Basudeb and Chattaraj, Durbadal and Das, Ashok Kumar }, TITLE = {Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment}, BOOKTITLE = {Computer Communications}. YEAR = {2020}}

In recent years, the Internet of Drones (IoD) has emerged as an important research topic in the academy and industry because it has several potential applications ranging from the civilian to military. In IoD environment, several drones, called Unmanned Aerial Vehicles (UAVs), are deployed in different flying zones that communicate each other to exchange crucial information, and then the information are collected by the Ground Station Server . All the drones and the are registered with a central trusted authority, Control Room prior to their deployment. Since the drones and the communicate over open channel (e.g., wireless medium), there are security and privacy issues in the IoD environment. To handle such issues, in this paper we introduce a blockchain-based access control scheme in the IoD environment that allows secure communication among the drones, and also among the drones and the . Secure data gathered by the form transactions, and those transactions are made into the blocks. The blocks are finally added in the blockchain by the cloud servers connected with the via the Ripple Protocol Consensus Algorithm (RPCA) in a peer-to-peer cloud server network. Once the blocks are added into the blockchain, the transactions containing in the blocks cannot be altered, modified or even removed. We provide all sorts of security analysis including formal security under the random oracle model, informal security and simulation-based formal security verification to assure that the proposed scheme can resist various potential attacks with high probability needed in an IoD environment. In addition, a meticulous comparative analysis among the proposed scheme and other closely related existing schemes shows that our scheme offers more functionality attributes and better security, and also low communication and computation costs as compared to other schemes.

@inproceedings{bib_An_E_2020, AUTHOR = {Banerjee, Soumya and Odelu, Vanga and Das, Ashok Kumar and Chattopadhyay, Samiran and Park, Youngho }, TITLE = {An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments}, BOOKTITLE = {Sensors}. YEAR = {2020}}

In recent years, the Internet of Things (IoT) has exploded in popularity. The smart home, as an important facet of IoT, has gained its focus for smart intelligent systems. As users communicate with smart devices over an insecure communication medium, the sensitive information exchanged among them becomes vulnerable to an adversary. Thus, there is a great thrust in developing an anonymous authentication scheme to provide secure communication for smart home environments. Most recently, an anonymous authentication scheme for smart home environments with provable security has been proposed in the literature. In this paper, we analyze the recent scheme to highlight its several vulnerabilities. We then address the security drawbacks and present a more secure and robust authentication scheme that overcomes the drawbacks found in the analyzed scheme, while incorporating its advantages too. Finally, through a detailed comparative study, we demonstrate that the proposed scheme provides significantly better security and more functionality features with comparable communication and computational overheads with similar schemes.

@inproceedings{bib_Desi_2020, AUTHOR = {Pundir, Sumit and Wazid, Mohammad and Singh, Devesh Pratap and Das, Ashok Kumar and Rodrigues, Joel J. P. C. and Park, Youngho }, TITLE = {Designing Efficient Sinkhole Attack Detection Mechanism in Edge-Based IoT Deployment}, BOOKTITLE = {Sensors}. YEAR = {2020}}

The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate and ruin the whole functioning of the communication. The sinkhole attacker nodes (SHAs) have some properties (for example, they first attract the other normal nodes for the shortest path to the destination and when normal nodes initiate the process of sending their packets through that path (i.e., via SHA), the attacker nodes start disrupting the traffic flow of the network). In the presence of SHAs, the destination (for example, sink node i.e., gateway/base station) does not receive the required information or it may receive partial or modified information. This results in reduction of the network performance and degradation in efficiency and reliability of the communication. In the presence of such an attack, the throughput decreases, end-to-end delay increases and packet delivery ratio decreases. Moreover, it may harm other network performance parameters. Hence, it becomes extremely essential to provide an effective and competent scheme to mitigate this attack in EIoT. In this paper, an intrusion detection scheme to protect EIoT environment against sinkhole attack is proposed, which is named as SAD-EIoT. In SAD-EIoT, the resource rich edge nodes (edge servers) perform the detection of different types of sinkhole attacker nodes with the help of exchanging messages. The practical demonstration of SAD-EIoT is also provided using the well known NS2 simulator to compute the various performance parameters. Additionally, the security analysis of SAD-EIoT is conducted to prove its resiliency against various types of SHAs. SAD-EIoT achieves around 95.83% detection rate and 1.03% false positive rate, which are considerably better than other related existing schemes. Apart from those, SAD-EIoT is proficient with respect to computation and communication costs. Eventually, SAD-EIoT will be a suitable match for those applications which can be used in critical and sensitive operations (for example, surveillance, security and monitoring systems).

@inproceedings{bib_SFEE_2020, AUTHOR = {Dharminder, Dharminder and Obaidat, Mohammad S. and Mishra, Dheerendra and Das, Ashok Kumar }, TITLE = {SFEEC: Provably-Secure Signcryption-Based Big Data Security Framework for Energy-Efficient Computing Environment}, BOOKTITLE = {IEEE Systems Journal}. YEAR = {2020}}

Digital networks connect an increasing number of users, sensors, and devices, which communicate, access, share, and analyze data. This phenomenon of diverse data generation is recognized as Big data. While people are benefiting from the convenience added by Big data, they also meet direct threats to privacy and data security. As Big data is massive, it needs an effective security framework with energy-efficient computing environment. Signcryption technique combines both encryption and signature to present an efficient solution. To address threats to data security, chosen cipher security and chosen message security are two important attributes. This means that it is very important to design an efficient framework where we can address these issues. This article introduces an identity-based signcryption technique by combining encryption as well as signature, which provides a solution for secure and authenticated communication in the Big data environment, called SFEEC (security framework for energy-efficient computing). SFEEC fulfills the requirements of less computation and communication overheads by offering pairing-free computation at the user end. SFEEC is also proven under the “indistinguishable against chosen ciphertext” and “secure against chosen message” attacks in the standard model.

@inproceedings{bib_On_t_2020, AUTHOR = {Sutrala, Anil Kumar and Bagga, Palak and Das, Ashok Kumar and Kumar, Neeraj and Rodrigues, Joel J. P. C. and Lorenz, Pascal }, TITLE = {On the Design of Conditional Privacy Preserving Batch Verification-Based Authentication Scheme for Internet of Vehicles Deployment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2020}}

In the Internet of Vehicles (IoV), secure information sharing among vehicles is crucial in order to upgrade driving safety as well as to strengthen vehicular services. However, public communication among vehicles leads to various potential attacks, such as replay, man-in-the-middle, impersonation, unlinkability and traceability attacks. To address this issue, we design a new conditional privacy preserving batch verification-based authentication mechanism in the IoV environment using Elliptic Curve Cryptography (ECC) technique, where a vehicle can authenticate its neighbor vehicle and also a Road-Side Unit (RSU) can authenticate its nearby vehicles in a batch. The proposed scheme is shown to be highly secure against a passive/active adversary through various security analysis, such as random oracle based formal security, formal security verification via automated simulation tool, and also informal security analysis. An exhaustive comparative analysis reveals that the proposed scheme offers better security and functionality attributes, and comparable storage, communication and computation overheads when these are compared with the relevant schemes.

@inproceedings{bib_Mult_2020, AUTHOR = {Banerjee, Soumya and Roy, Sandip and Odelu, Vanga and Das, Ashok Kumar and Chattopadhyay, Samiran and Rodrigues, Joel J. P. C. and Park, Youngho }, TITLE = {Multi-authority CP-ABE-based anonymous user access control scheme with constant-size key and ciphertext for IoT deployment}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2020}}

With the ever-increasing rate of adoption of internet-enabled smart devices, the allure of greater integration of technologies, such as smart home, smart city, and smart grid into everyday life is undeniable. However, this trend inevitably leaves a massive amount of information and infrastructure connected to the public Internet, which exposes the data to many security threats and challenges. In this paper, we discuss the need for fine-grained user access control for IoT smart devices. The inherently distributed nature of IoT environment necessitates the support of multi-authority attribute-based encryption (ABE) for the implementation of fine-grained access control. Therefore, we present a secure fine-grained user access control scheme for data usage in the IoT environment. The proposed scheme is a three-factor user access control scheme, which supports multi-authority ABE and it is highly scalable as both the ABE key size stored in the user’s smart card and ciphertext size needed for authentication request are constant with respect to the number of attributes. Through the formal and informal security analysis, we show that the proposed scheme is secure and robust against several potential attacks required in an IoT environment. Moreover, we demonstrate that the proposed scheme performs at par or better than existing schemes while providing greater functionality features.

@inproceedings{bib_Desi_2020, AUTHOR = {Pancha, Gaurang and Samanta, Debasis and Das, Ashok Kumar and Kumar, Neeraj and Choo, Kim-Kwang Raymond }, TITLE = {Designing Secure and Efficient Biometric-Based Secure Access Mechanism for Cloud Services}, BOOKTITLE = {IEEE Transactions on Cloud Computing}. YEAR = {2020}}

The demand for remote data storage and computation services is increasing exponentially in our data-driven society; thus, the need for secure access to such data and services. In this paper, we design a new biometric-based authentication protocol to provide secure access to a remote (cloud) server. In the proposed approach, we consider biometric data of a user as a secret credential. We then derive a unique identity from the user's biometric data, which is further used to generate the user's private key. In addition, we propose an efficient approach to generate a session key between two communicating parties using two biometric templates for a secure message transmission. In other words, there is no need to store the user's private key anywhere and the session key is generated without sharing any prior information. Extensive experiments and a comparative study demonstrate the efficiency and utility of the proposed approach.

@inproceedings{bib_A_Sm_2020, AUTHOR = {Pardini, Kellow and , Joel J.P.C. Rodrigues and Diallo, Ousmane and Das, Ashok Kumar and Albuquerque, Victor Hugo C. De and Kozlov, Sergei A. }, TITLE = {A Smart Waste Management Solution Geared towards Citizens}, BOOKTITLE = {Sensors}. YEAR = {2020}}

Global industry is undergoing major transformations with the genesis of a new paradigm known as the Internet of Things (IoT) with its underlying technologies. Many company leaders are investing more effort and money in transforming their services to capitalize on the benefits provided by the IoT. Thereby, the decision makers in public waste management do not want to be outdone, and it is challenging to provide an efficient and real-time waste management system. This paper proposes a solution (hardware, software, and communications) that aims to optimize waste management and include a citizen in the process. The system follows an IoT-based approach where the discarded waste from the smart bin is continuously monitored by sensors that inform the filling level of each compartment, in real-time. These data are stored and processed in an IoT middleware providing information for collection with optimized routes and generating important statistical data for monitoring the waste collection accurately in terms of resource management and the provided services for the community. Citizens can easily access information about the public waste bins through the Web or a mobile application. The creation of the real prototype of the smart container, the development of the waste management application and a real-scale experiment use case for evaluation, demonstration, and validation show that the proposed system can efficiently change the way people deal with their garbage and optimize economic and material resources. View Full-Text

@inproceedings{bib_A_Tu_2020, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and SHETTY, SACHIN and JO, MINHO }, TITLE = {A Tutorial and Future Research for Building a Blockchain-Based Secure Communication Scheme for Internet of Intelligent Things}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

The Internet of Intelligent Things (IoIT) communication environment can be utilized in various types of applications (for example, intelligent battlefields, smart healthcare systems, the industrial internet, home automation, and many more). Communications that happen in such environments can have different types of security and privacy issues, which can be resolved through the utilization of blockchain. In this paper, we propose a tutorial that aims in desiging a generalized blockchain-based secure authentication key management scheme for the IoIT environment. Moreover, some issues with using blockchain for a communication environment are discussed as future research directions. The details of different types of blockchain are also provided. Some of the widely-accepted consensus algorithms are then discussed. Next, we discuss different types of applications in blockchain-based IoIT communication environments. The details of the associated system models are provided, such as, the network and attack models for the blockchain-based IoIT communication environment, which are helpful in designing a security protocol for such an environment. A practical demonstration of the proposed generalized scheme is provided in order to measure the impact of the scheme on the performance of the essential parameters. Finally, some of the future research challenges in the blockch

@inproceedings{bib_BAKM_2020, AUTHOR = {GARG, NEHA and WAZID, MOHAMMAD and Das, Ashok Kumar and SINGH, DEVESH PRATAP and RODRIGUES, JOEL J. P. C. and PARK, YOUNGHO }, TITLE = {BAKMP-IoMT: Design of Blockchain Enabled Authenticated Key Management Protocol for Internet of Medical Things Deployment}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

The Internet of Medical Things (IoMT) is a kind of connected infrastructure of smart medical devices along with software applications, health systems and services. These medical devices and applications are connected to healthcare systems through the Internet. The Wi-Fi enabled devices facilitate machine-to-machine communication and link to the cloud platforms for data storage. IoMT has the ability to make accurate diagnoses, with fewer mistakes and lower costs of care. IoMT with smartphone applications permits the patients to exchange their health related confidential and private information to the healthcare experts (i.e., doctors) for the better control of diseases, and also for tracking and preventing chronic illnesses. Due to insecure communication among the entities involved in IoMT, an attacker can tamper with the confidential and private health related information for example an attacker can not only intercept the messages, but can also modify, delete or insert malicious messages during communication. To deal this sensitive issue, we design a novel blockchain enabled authentication key agreement protocol for IoMT environment, called BAKMP-IoMT. BAKMP-IoMT provides secure key management between implantable medical devices and personal servers and between personal servers and cloud servers. The legitimate users can also access the healthcare data from the cloud servers in a secure way. The entire healthcare data is stored in a blockchain maintained by the cloud servers. A detailed formal security including the security verification of BAKMP-IoMT using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is performed to demonstrate its resilience against the different types of possible attack. The comparison of BAKMP-IoMT with relevant existing schemes is conducted which identifies that the proposed system furnishes better security and functionality, and also needs low communication and computational costs as compared to other schemes. Finally, the simulation of BAKMP-IoMT is conducted to demonstrate its impact on the performance parameters.

@inproceedings{bib_A_li_2020, AUTHOR = {Fotouhi, Mahdi and Bayat, Majid and Das, Ashok Kumar and Far, Hossein Abdi Nasib and Pournaghi, S. Morteza and Doostari, M.A. }, TITLE = {A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT}, BOOKTITLE = {Computer Networks}. YEAR = {2020}}

The widespread use of mobile devices, sensors, and wireless sensor networks and the progressive development of the Internet of Things (IoT) has motivated medical and health-care societies to employ IoT to monitor, collect data, and communicate with patients using the wireless body area networks (WBANs). The collected data will make a lot of medical diagnosis applications of WBANs, which are obtained directly from the patients’ bodies. Therefore, because of the nature of wireless networks and freely accessible data feature over the public channel, the security and privacy of WBANs is the most critical concern for those who use it for health-care purposes. Accordingly, there is a need for an authentication scheme for letting a trusted user such as doctors or clinical personnel access to the sensor’s data from patients. In this paper, we propose a new lightweight hash-chain-based and forward secure authentication scheme for wireless body area networks in health-care IoT. Our scheme is secure against various known attacks obliged for WBANs. Additionally, we perform the formal security analysis using Real-or Random (ROR) model, and informal security on the proposed scheme, also, security verification of our scheme is validated by the ProVerif tool. Besides, our scheme is simulated by the OPNET network simulator and compared with several new schemes in terms of security and performance requirements. The simulation results and comparisons confirm that the proposed scheme is suitable for WBANs, and it supports more security features compared to related schemes.

@inproceedings{bib_On_t_2020, AUTHOR = {LEE, JOONYOUNG and YU, SUNGJIN and KIM, MYEONGHYUN and PARK, YOUNGHO and Das, Ashok Kumar }, TITLE = {On the Design of Secure and Efﬁcient Three-factor Authentication Protocol Using Honey List for Wireless Sensor Network}, BOOKTITLE = {IEEE Access}. YEAR = {2020}}

The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.

@inproceedings{bib_Desi_2020, AUTHOR = {C.SRAVANI, and Das, Ashok Kumar and Gope, Prosanta and Kumar, Neeraj and Wu, Fan and Vasilakos, Athanasios V }, TITLE = {Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2020}}

With advancements in engineering and science, the application dimensions of Cyber–Physical System (CPS) are increasing due to their improving efficiency, safety, reliability, usability and autonomy. By providing on-demand access to shared processing resources, cloud computing reduces infrastructure costs. Ensuring quality of service and information privacy and security is important in such environments. In this paper, we design a new authentication scheme related to the cloud-assisted CPS in two directions: (1) authentication between a user and a cloud server, and (2) authentication between a smart meter and a cloud server. In the former situation, any external party (user) can access the information stored in a cloud server provided that the user is legal and has the right to access information. In the later situation, a smart meter and a cloud server authentication is needed for secure communication of data stored in the cloud server. In both cases, both entities first mutually authenticate each other and only after successful authentication with the help of a trusted authority, establish a session key for their future secure communication. The proposed scheme deals with both the cases and provides high security as compared to other related works, which is shown through formal and informal security analysis. In addition, the mutual authentication using the widely-accepted Burrows–Abadi–Needham logic (BAN logic) and also formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool demonstrate further that the scheme is strong in security. Finally, the proposed scheme is shown to be efficient in terms of communication and computation costs as compared to those for other related existing schemes.

@inproceedings{bib_Data_2019, AUTHOR = {Das, Ashok Kumar and Zeadally, Sherali }, TITLE = {Data Security in the Smart Grid Environment}, BOOKTITLE = {Pathways to a Smarter Power System}. YEAR = {2019}}

Smart grid (SG) technology is regarded as the next generation of the power grid, which makes use of the two-way flows of electricity, as well as information, Pathways to a Smarter Power System. https://doi.org/10.1016/B978-0-08-102592-5.00013-2 © 2019 Elsevier Ltd. All rights reserved. 371 in order to build a broadly distributed automated energy delivery network. The Smart grid is a critical infrastructure that plays a critical role in the daily lives of people. Both the Smart Grid and its data must be protected from cyberattacks at all times [1, 2]. In SG, four components are present, namely sensing, control, communication, and actuation systems. The most important component of SG is the smart meter (SM), which consists of sensing and communication modules. In addition, there are service systems from the service providers (SPs), which consist of several modules for control, communication, and actuation. SMs are broadly used in homes for monitoring energy consumption in real time. Moreover, power pricing information to consumers is also provided by the SMs [3–6]. A detailed survey on SG including its applications can be found in [7–14]. In the following subsections, we now discuss the smart grid framework developed by the National Institute of Standards and Technology (NIST) and its taxonomy, based on domains and targeted research areas.

@inproceedings{bib_Cert_2019, AUTHOR = {Malani, Saurav and Srinivas, Jangirala and Das, Ashok Kumar and Kannan, Srinathan and Jo, Minho }, TITLE = {Certificate-Based Anonymous Device Access Control Scheme for IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2019}}

As the “Internet communications infrastructure” develops to encircle smart devices, it is very much essential for designing suitable methods for secure communications with these smart devices, in the future Internet of Things (IoT) applications context. Due to wireless communication among the IoT smart devices and the gateway node (GWN), several security threats may arise in the IoT environment, including replay,man-in-the-middle, impersonation, malicious devices deployment,and physical devices capture attacks. In this article, to mitigate such security threats, we design a new certificate-based device access control scheme in IoT environment which is not only secure against mentioned attacks, but it also preserves anonymity property. A detailed security analysis using the widely accepted real-or-random (ROR) model-based formal security analysis, informal security analysis, and also formal security verification based on the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool has been performed on the proposed scheme to show that it is secure against various known attacks. In addition, a comprehensive comparative analysis among the proposed scheme and other relevant schemes shows that a better trade off among the security and functionality attributes, communication, and computational costs is achieved for the proposed scheme as compared to other schemes.

@inproceedings{bib_2PBD_2019, AUTHOR = {Srinivas, Jangirala and Das, Ashok Kumar and Rodrigues, Joel J. P. C. }, TITLE = {2PBDC: Privacy-Preserving Big Data Collection in Cloud Environment}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2019}}

The combination of two overlapping technologies (bigdata and cloud computing) helps easy access to the evolving applications. In this context, there is a serious requirement of ensuring the transmission of data securely in order to improve the productivity over the public channel. Since the data collected by various sources are strictly private and confidential, there is also a great requirement to deal with the privacy preservation of the bigdata. To handle this issue, a new privacy-preserving bigdata collection technique in cloud computing environment, called 2PBDC, has been designed, which allows secure communication between the bigdata gateway nodes and the cloud servers. 2PBDC is shown to be secure against various known attacks against an active/passive adversary through the formal security verification as well as informal security analysis. A detailed comparative study among 2PBDC and other existing schemes has been conducted. This study shows that 2PBDC offers a better trade-off among the security and functionality features and communication and computation overheads while these are compared with other schemes.

@inproceedings{bib_Desi_2019, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Kumar, Neeraj and Vasilakos, Athanasios V. }, TITLE = {Design of Secure Key Management and User Authentication Scheme for Fog Computing Services}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2019}}

Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKAFC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKAFC is shown to be secure with the help of the formal security analysis using the broadly accepted RealOr-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

@inproceedings{bib_Gove_2019, AUTHOR = {Srinivas, Jangirala and Das, Ashok Kumar and Kumar, Neeraj }, TITLE = {Government Regulations in Cyber Security: Framework, Standards and Recommendations}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2019}}

Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information technology along with computer systems with the purpose of compelling various organizations as well as companies to protect their systems and information from cyber attacks. Several cyber attacks are possible, such as viruses, phishing, Trojan horses, worms, Denial-ofService (DoS) attacks, illegal access (e.g., stealing intellectual property or confidential information) as well as control system attacks. In this article, we focus on importance of various standards in cyber defense, and architecture of cyber security framework. We discuss the security threats, attacks and measures in cyber security. We then discuss various standardization challenges in cyber security. We also discuss about the cyber security national strategy to secure cyberspace and also various government policies in protecting the cyber security. Finally, we provide some recommendations that are critical to cyber security and cyber defense. Keywords: Cyber security, Cyber attacks, Information security, Government policies, Standards.

@inproceedings{bib_Ligh_2019, AUTHOR = {Gope, Prosanta and Das, Ashok Kumar and Kumar, Neeraj and Cheng, Yongqiang }, TITLE = {Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}

Industrial wireless sensor network (IWSN) is an emerging class of a generalized WSN having constraints of energy consumption, coverage, connectivity, and security. However, security and privacy is one of the major challenges in IWSN as the nodes are connected to Internet and usually located in an unattended environment with minimum human interventions. In IWSN, there is a fundamental requirement for a user to access the real-time information directly from the designated sensor nodes. This task demands to have a user authentication protocol. To satisfy this requirement, this paper proposes a lightweight and privacy-preserving mutual user authentication protocol in which only the user with a trusted device has the right to access the IWSN. Therefore, in the proposed scheme, we considered the physical layer security of the sensor nodes. We show that the proposed scheme ensures security even if a sensor node is captured by an adversary. The proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations. Security and performance analysis shows that the proposed scheme is secure, and is efficient for the resource-constrained sensing devices in IWSN.

@inproceedings{bib_User_2019, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Jong-HyoukLee, }, TITLE = {User Authentication in a Tactile Internet Based Remote Surgery Environment: Security Issues, Challenges, and Future Research Directions}, BOOKTITLE = {Pervasive and Mobile Computing}. YEAR = {2019}}

Recently, the Tactile Internet (TI) becomes a new era of the Internet. The TI provides ultra-reliable, ultra-responsive and intelligent network connectivity for delivering real-time control and physical haptic experiences from a remote location. The TI provides a different feeling to human–machine interaction by implementing the real-time interactive systems. In this review article, we discuss a generalized authentication model which can be used to perform authentication procedure among different communicating parties in order to secure remote surgery in the TI environment. By using the proposed authentication model, an authentication protocol can be designed so that an authenticated surgeon can use the robot/robotic arms to perform the surgery securely as well as remotely. Since the application is very critical, the important instructions provided by the surgeon to the robot/robotic arms must not be leaked in between the communication during the surgical procedure. To deal with this emerging research area, a secure mutual user authentication mechanism should be provided between a remote surgeon and the robot/robotic arms so that they can communicate securely using the established session key among them. Further, several security issues and challenges for such kind of communication are also discussed in this article. Finally, we discuss few points that need to be considered as future research works that are related to authentication for securing remote surgery in the TI environment.

@inproceedings{bib_Prov_2019, AUTHOR = {Das, Ashok Kumar and WAZID, MOHAMMAD and REDDY, YANNAM ANIMI and , JOEL J. P. C. RODRIGUES and PARK, YOUNGHO }, TITLE = {Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, ‘‘node authentication’’ and ‘‘key agreement’’ are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based ‘‘lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,’’ that utilizes the elliptic curve cryptography (ECC) along with the ‘‘collision-resistant one-way cryptographic hash function.’’ Through a detailed security analysis using the formal security under the ‘‘Real-Or-Random (ROR) model,’’ informal (non-mathematical) security analysis, and formal security verification using the broadly used ‘‘Automated Validation of Internet Security Protocols and Applications (AVISPA)’’ tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the ‘‘practical demonstration using the NS2 simulation’’ has been carried out on the LACKA-IoT to measure various network parameters

@inproceedings{bib_A_Dy_2019, AUTHOR = {PARK, KISUNG and PARK, YOUNGHO and Das, Ashok Kumar and YU, SUNGJIN and LE, JOONYOUNG and PARK, YOHAN }, TITLE = {A Dynamic Privacy-Preserving Key Management Protocol for V2G in Social Internet of Things}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

With the smart grid (SG) and the social Internet of Things (SIoT), an electric vehicle operator can use reliable, flexible, and efficient charging service with vehicle-to-grid (V2G). However, open channels can be vulnerable to various attacks by a malicious adversary. Therefore, secure mutual authentication for V2G has become essential, and numerous related protocols have been proposed. In 2018, Shen et al. proposed a privacy-preserving and lightweight key agreement protocol for V2G in SIoT to ensure security. However, we demonstrate that their protocol does not withstand impersonation, privileged-insider, and offline password guessing attacks, and it does not also guarantee secure mutual authentication, session key security, and perfect forward secrecy. Therefore, this paper proposes a dynamic privacy-preserving and lightweight key agreement protocol for V2G in SIoT to resolve the security weaknesses of Shen et al.'s protocol. The proposed protocol resists several attacks including impersonation, offline password guessing, man-in-the-middle, replay, and trace attacks, ensures anonymity, perfect forward secrecy, session key security, and secure mutual authentication. We evaluate the security of the proposed protocol using formal security analysis under the broadly-accepted real-or-random (ROR) model, secure mutual authentication proof using the widely-accepted Burrows-Abadi-Needham (BAN) logic, informal (non-mathematical) security analysis, and also the formal security verification using the broadly-accepted automated validation of Internet security protocols and applications (AVISPA) tool. We then compare computation costs, and security and functionality features of the proposed protocol with related protocols. Overall, the proposed protocol provides superior security, and it can be efficiently deployed to practical SIoT-based V2G environment.

@inproceedings{bib_ECCA_2019, AUTHOR = {Kumar, Neeraj and Aujla, Gagangeet Singh and Das, Ashok Kumar and Conti, Mauro }, TITLE = {ECCAuth: Secure Authentication Protocol for Demand Response Management in Smart Grid Systems}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}

The devices in smart grids (SG) transfer data to a utility center (UC) or to the remote control centers. Using these data, the energy balance is maintained between consumers and the grid. However, this flow of data may be tampered by the intruders, which may result in energy imbalance. Thus, a robust authentication protocol, which supports dynamic SG device validation and UC addition, both in the local and global domains, is an essential requirement. For this reason, ECCAuth: a novel elliptic curve cryptography-based authentication protocol is proposed in this paper for preserving demand response in SG. This protocol allows establishment of a secret session key between an SG device and a UC after mutual authentication. Using this key, they can securely communicate for exchanging the sensitive information. The formal security analysis, informal security analysis, and formal security verification show that ECCAuth can withstand several known attacks

@inproceedings{bib_A_Pr_2019, AUTHOR = {Banerjee, Soumya and Odelu, Vanga and Das, Ashok Kumar and Srinivas, Jangirala and Kumar, Neeraj and Chattopadhyay, Samiran and Choo, Kim-Kwang Raymond }, TITLE = {A Provably-Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}

With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user's smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme's security using the broadly accepted real-or-random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.

@inproceedings{bib_AKM-_2019, AUTHOR = {Wazid, Mohammad and Bagga, Palak and Das, Ashok Kumar and Shetty, Sachin and Rodrigues, Joel J. P. C. and Park, Youngho }, TITLE = {AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}

Internet of Vehicles (IoV) is an intelligent application of Internet of Things (IoT) in smart transportation that takes intelligent commitments to the passengers to improve traffic safety and efficiency, and generate a more enjoyable driving and riding environment. Fog cloud-based IoV is another variant of mobile cloud computing where vehicular cloud and Internet can co-operate in more effective way in IoV. However, more increasing dependence on wireless communication, control, and computing technology makes IoV more dangerous to prospective attacks. For secure communication among vehicles, road-side units, fog and cloud servers, we design a secure authenticated key management protocol in fog computing-based IoV deployment, called AKM-IoV. In the designed AKM-IoV, after mutual authentication between communicating entities in IoV they establish session keys for secure communications. AKM-IoV is tested for its security analysis using the formal security analysis under the widely accepted real-or-random (ROR) model, informal, and formal security verification using the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool. The practical demonstration of AKM-IoV is shown using the NS2 simulation. In addition, a detailed comparative study is conducted to show the efficiency and functionality and security features supported by AKM-IoV as compared to other existing recent protocols.

@inproceedings{bib_Cryp_2019, AUTHOR = {Zeadally, Sherali and Das, Ashok Kumar and Sklavos, Nicolas }, TITLE = {Cryptographic Technologies and Protocol Standards for Internet of Things}, BOOKTITLE = {Internet of Things Journal}. YEAR = {2019}}

The Internet of Things (IoT) comprises physical/virtual networked objects that collect and exchange data with each other via the public Internet. As this exchange often takes place over public networks, many security attacks in an IoT environment are possible. First, we briefly review the security issues in the IoT environment. Next, we focus on recent cryptographic protocol standards that are in use or have been recommended for IoT devices to ensure secure communications. We also highlight the advantages and weaknesses of the several protocol standards for various IoT application scenarios including connected vehicles, health, smart home, and consumer appliances and devices. Finally, we discuss some challenges in the area of cryptographic protocol standards that still require to be addressed for IoT applications in the future.

@inproceedings{bib_Phys_2019, AUTHOR = {BANERJEE, SOUMYA and ODELU, VANGA and Das, Ashok Kumar and CHATTOPADHYAY, SAMIRAN and RODRIGUES, JOEL J. P. C. and PARK, YOUNGHO }, TITLE = {Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things using Physically Unclonable Functions}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing ‘‘cryptographic one-way hash function’’, ‘‘physically unclonable function (PUF)’’ and ‘‘bitwise exclusive-OR (XOR)’’ operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely ‘‘automated validation of internet security protocols and applications (AVISPA)’’ and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.

@inproceedings{bib_A_li_2019, AUTHOR = {Majid, Bayat and Jousheghani, Zahra Zare and Das, Ashok Kumar and Singh, Pitam and , Saru Kumari and Aref, Mohammad Reza }, TITLE = {A lightweight privacy-preserving authenticated key exchange scheme for smart grid communications}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2019}}

Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Due to the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. We found that Mahmood et al. ’ s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted BAN logic and AVISPA tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.

@inproceedings{bib_Desi_2019, AUTHOR = {Jangirala, Srinivas and Das, Ashok Kumar and Vasilakos, Athanasios V. }, TITLE = {Designing Secure Lightweight Blockchain-Enabled RFID-Based Authentication Protocol for Supply Chains in 5G Mobile Edge Computing Environment}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2019}}

Secure real-time data about goods in transit in supply chains needs bandwidth having capacity that is not fulfilled with the current infrastructure. Hence, 5G-enabled Internet of Things (IoT) in mobile edge computing is intended to substantially increase this capacity. To deal with this issue, we design a new efficient lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment, called LBRAPS. LBRAPS is based on bitwise exclusive-or (XOR), one-way cryptographic hash and bitwise rotation operations only. LBRAPS is shown to be secure against various attacks. Moreover, the simulation-based formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool assures that LBRAPS is secure. Finally, it is shown that LBRAPS has better trade-off among its security and functionality features, communication and computation costs as compared to those for existing protocols

@inproceedings{bib_A_Me_2019, AUTHOR = {BHAT, K. VIVEKANANDA and Das, Ashok Kumar and LEE, JONG-HYOUK }, TITLE = {A Mean Quantization Watermarking Scheme for Audio Signals using Singular-Value Decomposition}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

Recently, research in audio watermarking technology makes it a promising tool for copyright protection of digital audio files in networked environments. In this paper, we propose a new mean quantization based watermarking mechanism for audio based on the technique due to Singular Value Decomposition (SVD). In this method, the host signal is divided into a number of two-dimensional matrix frames. The SVD is then employed to every frame, and also the Euclidean norm of the Singular Values (SVs) are calculated for every frame. The watermark is then hidden into an audio signal by quantization of the norm of the SVs. The watermark is extracted blindly using the inverse process. Both the subjective and objective tests demonstrate good imperceptibility of the watermark in the audio file. Furthermore, the experimental results show good robustness of the proposed scheme against various common audio attacks and Stirmark benchmark attacks. The false-negative error of the method is very near to zero against Stirmark and audio attacks. The proposed scheme has a high payload, and its performance is superior compared to other related watermarking methods for audio signals. Finally, the proposed method achieves better trade-offs between conflicting requirements of imperceptibility, payload, and robustness.

@inproceedings{bib_LAM-_2019, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and K, Vivekananda Bhat and Vasilakos, Athanasios V. }, TITLE = {LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2019}}

Internet of Things (IoT) becomes a new era of the Internet, which consists of several connected physical smart objects (i.e., sensing devices) through the Internet. IoT has different types of applications, such as smart home, wearable devices, smart connected vehicles, industries, and smart cities. Therefore, IoT based applications become the essential parts of our day-to-day life. In a cloud-based IoT environment, cloud platform is used to store the data accessed from the IoT sensors. Such an environment is greatly scalable and it supports real-time event processing which is very important in several scenarios (i.e., IoT sensors based surveillance and monitoring). Since some applications in cloud-based IoT are very critical, the information collected and sent by IoT sensors must not be leaked during the communication. To accord with this, we design a new lightweight authentication mechanism in cloud-based IoT environment, called LAM-CIoT. By using LAM-CIoT, an authenticated user can access the data of IoT sensors remotely. LAM-CIoT applies efficient “one-way cryptographic hash functions” along with “bitwise XOR operations”. In addition, fuzzy extractor mechanism is also employed at the user's end for local biometric verification. LAM-CIoT is methodically analyzed for its security part through the formal security using the broadly-accepted “Real-Or-Random (ROR)” model, formal security verification using the widely-used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool as well as the informal security analysis. The performance analysis shows that LAM-CIoT offers better security, and low communication and computation overheads as compared to the closely related authentication schemes. Finally, LAM-CIoT is evaluated using the NS2 network simulator for the measurement of network performance parameters that envisions the impact of LAM-CIoT on the network performance of LAM-CIoT and other schemes.

@inproceedings{bib_LDAK_2019, AUTHOR = {, Mohammad Wazid and Das, Ashok Kumar and Shetty, Sachin and Rodrigues, Joel J. P. C. and Park, Youngho }, TITLE = {LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT}, BOOKTITLE = {Sensors}. YEAR = {2019}}

first_pagesettings Open AccessArticle LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT Deployment by Mohammad Wazid 1OrcID,Ashok Kumar Das 2OrcID,Sachin Shetty 3OrcID,Joel J. P. C. Rodrigues 4,5OrcID andYoungho Park 6,*,†OrcID 1 Department of Computer Science and Engineering, Graphic Era Deemed to be University, Dehradun 248 002, India 2 Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India 3 Virginia Modeling, Analysis and Simulation Center, Center for Cybersecurity Education and Research, Department of Computational Modeling and Simulation Engineering, Old Dominion University, Suffolk, VA 23435, USA 4 Federal University of Piauí (UFPI), 64049-550 Teresina-Pi, Brazil 5 Instituto de Telecomunicações, 1049-001 Lisbon, Portugal 6 School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea * Author to whom correspondence should be addressed. † Current address: School of Electronics Engineering, Kyungpook National University, 80 Daehak-ro, Sangyeok-dong, Buk-gu, Daegu 41566, Korea. Sensors 2019, 19(24), 5539; https://doi.org/10.3390/s19245539 Received: 19 November 2019 / Revised: 9 December 2019 / Accepted: 11 December 2019 / Published: 14 December 2019 (This article belongs to the Special Issue Security and Privacy in Wireless Sensor Network) Download PDF Browse Figures Abstract In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication is successful, they establish a session key between them for secure communication. To achieve this goal, a novel device authentication and key management mechanism for the edge based IoT environment, called the lightweight authentication and key management scheme for the edge based IoT environment (LDAKM-EIoT), was designed. The detailed security analysis and formal security verification conducted by the widely used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool prove that the proposed LDAKM-EIoT is secure against several attack vectors that exist in the infrastructure of the edge based IoT environment. The elaborated comparative analysis of the proposed LDAKM-EIoT and different closely related schemes provides evidence that LDAKM-EIoT is more secure with less communication and computation costs. Finally, the network performance parameters are calculated and analyzed using the NS2 simulation to demonstrate the practical facets of the proposed LDAKM-EIoT

@inproceedings{bib_IoMT_2019, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and RODRIGUES, JOEL J. P. C. and SHETTY, SACHIN and PARK, YOUNGHO }, TITLE = {IoMT Malware Detection Approaches: Analysis and Research Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, privileged-insider, remote hijacking, password guessing and denial of service (DoS) attacks, and malware attacks. Among these attacks, the attacks which are performed through the malware botnet (i.e., Mirai) are the malignant attacks. The existence of malware botnets leads to attacks on confidentiality, integrity, authenticity and availability of the data and other resources of the system. In presence of such attacks, the sensitive data of IoT communication may be disclosed, altered or even may not be available to the authorized users. Therefore, it becomes essential to protect the IoT/IoMT environment from malware attacks. In this review paper, we first perform the study of various types of malware attacks, and their symptoms. We also discuss some architectures of IoT environment along with their applications. Next, a taxonomy of security protocols in IoT environment is provided. Moreover, we conduct a comparative study on various existing schemes for malware detection and prevention in IoT environment. Finally, some future research challenges and directions of malware detection in IoT/IoMT environment are highlighted.

@inproceedings{bib_Intr_2019, AUTHOR = {PUNDIR, SUMIT and WAZID, MOHAMMAD and SINGH, DEVESH PRATAP and Das, Ashok Kumar and RODRIGUES, JOEL J. P. C. and PARK, YOUNGHO }, TITLE = {Intrusion Detection Protocols in Wireless Sensor Networks integrated to Internet of Things Deployment: Survey and Future Challenges}, BOOKTITLE = {IEEE Access}. YEAR = {2019}}

As we all know that the technology is projected to be next to humans very soon because of its holistic growth. Now-a-days, we see a lot of applications that are making our lives comfortable such as smart cars, smart homes, smart traffic management, smart offices, smart medical consultation, smart cities, etc. All such facilities are in the reach of a common man because of the advancement in Information and Communications Technology (ICT). Because of this advancement, new computing and communication environment such as Internet of Things (IoT) came into picture. Lot of research work is in progress in IoT domain which helps for the overall development of the society and makes the lives easy and comfortable. But in the resource constrained environment of Wireless Sensor Network (WSN) and IoT, it is almost inconceivable to establish a fully secure system. As we are moving forward very fast, technology is becoming more and more vulnerable to the security threats. In future, the number of Internet connected people will be less than the smart objects so we need to prepare a robust system for keeping the above mentioned environments safe and standardized it for the smooth conduction of communication among IoT objects. In this survey paper, we provide the details of threat model applicable for the security of WSN and IoT based communications. We also discuss the security requirements and various attacks possible in WSN and IoT based communication environments. The emerging projects of WSNs integrated to IoT are also briefed. We then provide the details of different architectures of WSN and IoT based communication environments. Next, we discuss the current issues and challenges related to WSN and IoT. We also provide a critical literature survey of recent intrusion detection protocols for IoT and WSN environments along with their comparative analysis. A taxonomy of security and privacy-preservation protocols in WSN and IoT is also highlighted. Finally, we discuss some research challenges which need to be addressed in the coming future.

@inproceedings{bib_Mobi_2019, AUTHOR = {Wazid, Mohammad and , Sherali Zeadally and Das, Ashok Kumar }, TITLE = {Mobile banking: evolution and threats: malware threats and security solutions}, BOOKTITLE = {IEEE Consumer Electronics Magazine}. YEAR = {2019}}

Mobile banking refers to the use of a mobile device (e.g., a smartphone) to perform online banking activities, while away from the home computer, for transferring funds, monitoring account balance and bill payments, and so on. It provides a great convenience to bank customers, but it suffers from various types of attacks that are possible on the mobile banking infrastructure. We present the evolution of mobile banking and discuss the various threats associated with it as well as some of the most recent malware attacks. Finally, we include a review of recent security solutions for enabling secure mobile banking.

@inproceedings{bib_TCAL_2019, AUTHOR = {Srinivas, Jangirala and Das, Ashok Kumar and Kumar, Neeraj and Rodrigues, d Joel J. P. C. }, TITLE = {TCALAS: Temporal credential-based anonymous lightweight authentication scheme for Internet of drones environment}, BOOKTITLE = {IEEE Transactions on Vehicular Technology}. YEAR = {2019}}

A user (external party) is interested in accessing the real-time data from some designated drones of a particular fly zone in the Internet of Drones (IoD) deployment. However, to provide this facility, the user needs to be authenticated by an accessed remote drone and vice-versa. After successful authentication both parties can establish a secret session key for the secure communication. To handle this important problem in IoD environment, we design a novel temporal credential based anonymous lightweight user authentication mechanism for IoD environment, called TCALAS. A detailed security analysis using formal security under the broadly applied real-or-random (ROR) model, formal security verification under the broadly used software verification tool, known as automated validation of internet security protocols and applications, and also informal security analysis reveal that TCALAS has the capability to resist various known attacks against passive/active adversary. In addition, a detailed comparative study has been conducted for TCALAS and other related schemes, and the study also reveals that TCALAS provides better security and functionality features, and lower costs in both computation and communication as compared to existing schemes.

@inproceedings{bib_A_pr_2018, AUTHOR = {Kumari, Saru and Das, Ashok Kumar and Li, Xiong and Wu, Fan and Khan, Muhammad Khurram and Jiang, Qi and Islam, S. K. Hafizul }, TITLE = {A provably secure biometrics-based authenticated key agreement scheme for multi-server environments}, BOOKTITLE = {Journal on Multimedia Tools Applications}. YEAR = {2018}}

An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using one-time registration. The practical realization of distribution of online services efficiently and transparently in multiple-server systems has come true by virtue of multi-server user authentication schemes. Due to distinguished properties like, difficulty to forge or copy, in-feasibility to lose or guess or forget, etc., biometrics have been widely preferred as a third authenticating factor in password and smart card based user authentication protocols. In this paper, we design a new biometrics-based multi-server authentication scheme based on trusted multiple-servers. We harness the concept of fuzzy extractor to provide the proper matching of biometric patterns. We evaluate our scheme through informal discussions on performance and also using Burrows-Abadi-Needham logic (BAN-logic) & random oracle model for formal security analysis. We also compose a comparative assessment of our scheme and the related ones. Outcome of the analysis and assessment shows our scheme an edge above many related and contemporary schemes.

@inproceedings{bib_Desi_2018, AUTHOR = {BANERJEE, SOUMYA and ODELU, VANGA and Das, Ashok Kumar and CHATTOPADHYAY, SAMIRAN and Kumar, Neeraj and TANWAR, SUDEEP and PARK, YOUNGHO }, TITLE = {Design of an Anonymity-Preserving Group Formation Based Authentication Protocol in Global Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}

Remote user authentication without compromising user anonymity is an emerging area in the last few years. In this paper, we propose a new anonymity preserving mobile user authentication scheme for the global mobility networks (GLOMONETs). We also propose a new anonymity preserving group formation phase for roaming services in GLOMONETs that meets the extended anonymity requirement without compromising any standard security requirements. We provide the security analysis using the widely-accepted Burrows-Abadi-Needham logic and informal analysis for the proposed scheme to show that it is secure against possible well-known attacks, such as replay, man-in-the-middle, impersonation, privileged-insider, stolen smart card, ephemeral secret leakage, and password guessing attacks. In addition, the formal security verification with the help of the broadly accepted automated validation of internet security protocols and applications software simulation tool is tested on the proposed scheme and the simulation results confirm that the proposed scheme is safe. Moreover, the comparative study of the proposed scheme with other relevant schemes reveals that it performs well as compared to other techniques.

@inproceedings{bib_Prov_2018, AUTHOR = {Roy, Sandip and Das, Ashok Kumar and Chatterjee, Santanu and Kumar, Neeraj and Chattopadhyay, Samiran and Rodrigues, Joel J. P. C. }, TITLE = {Provably Secure Fine-Grained Data Access Control over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2018}}

Mobile cloud computing (MCC) allows mobile users to have on-demand access to cloud services. A mobile cloud model helps in analyzing the information regarding the patients' records and also in extracting recommendations in healthcare applications. In MCC, a fine-grained level access control of multiserver cloud data is a prerequisite for successful execution of end-users applications. In this paper, we propose a new scheme that provides a combined approach of fine-grained access control over cloud-based multiserver data along with a provably secure mobile user authentication mechanism for the Healthcare Industry 4.0. To the best of our knowledge, the proposed scheme is the first to pursue fine-grained data access control over multiple cloud servers in a MCC environment. The proposed scheme has been validated extensively in different heterogeneous environment where its performance was found good in comparison to other existing schemes.

@inproceedings{bib_Clou_2018, AUTHOR = {Jangirala, Srinivas and Das, Ashok Kumar and Kumar, Neeraj and Rodrigues, Joel J. P. C. }, TITLE = {Cloud Centric Authentication for Wearable Healthcare Monitoring System}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2018}}

Security and privacy are the major concerns in cloud computing as users have limited access on the stored data at the remote locations managed by different service providers.These become more challenging especially for the data generated from the wearable devices as it is highly sensitive and heterogeneous in nature. Most of the existing techniques reported in the literature are having high computation and communication costs and are vulnerable to various known attacks, which reduce their importance for applicability in real-world environment. Hence, in this paper, we propose a new cloud based user authentication scheme for secure authentication of medical data. After successful mutual authentication between a user and wearable sensor node, both establish a secret session key that is used for future secure communications. The extensively-used Real-Or-Random (ROR) model based formal security analysis and the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool based formal security verification show that the proposed scheme provides the session-key security and protects active attacks. Theproposed scheme is also informally analyzed to show its resilience against other known attacks. Moreover, we have done a detailed comparative analysis for the communication and computation costs along with security and functionality features which proves its efficiency in comparison to the other existing schemes of its category.

@inproceedings{bib_A_Pr_2018, AUTHOR = {, Alavalapati Goutham Reddy and Das, Ashok Kumar and Odelu, Vanga and Ahmad, Awais and Shin, Ji Sun }, TITLE = {A Privacy Preserving Three-Factor Authenticated Key Agreement Protocol for Client-Server Environment}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}

Research has proven that accomplishing security properties while improving performance of an authentication protocol is a challenging task. Numerous authentication protocols proposed in the recent times are still behind in achieving the concrete objectives. Qi et al. and Lu et al. recently proposed two-factor authenticated key-agreement protocols for client–server architecture. This paper revisits their protocols and analyzes the shortcomings of such approaches. We also propose an improved authenticated key agreement protocol for client–server environment to defeat mentioned weaknesses of existing protocols that are discussed in related works. The rigorous security analysis using Burrows–Abadi–Needham logic, formal security verification using Real-OR-Random model, simulations using the Automated Validation of Internet Security Protocols and Applications tool, and the informal security analysis shows that the proposed protocol is secure. Additionally, we summarize the results to ensure that the proposed protocol is efficient compared to the existing related protocols.

@inproceedings{bib_Secu_2018, AUTHOR = {Karuppiah, Marimuthu and Das, Ashok Kumar and Li, Xiong and Kumari, Saru and Wu, Fan and Chaudhry, Shehzad Ashraf and Niranchana, R. }, TITLE = {Secure Remote User Mutual Authentication Scheme with KeyAgreement for Cloud Environment}, BOOKTITLE = {Mobile Networks and Applications}. YEAR = {2018}}

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks.Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally,we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

@inproceedings{bib_2PAK_2018, AUTHOR = {PARK, KISUNG and PARK, YOUNGHO and PARK, YOHAN and Das, Ashok Kumar }, TITLE = {2PAKEP: Provably Secure and Efficient Two-party Authenticated Key Exchange Protocol for Mobile Environment}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}

With the increasing use of mobile devices, a secure communication and key exchange become the significant security issues in mobile environments. However, because of open network envi-ronments, mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange.Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for mobile environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined above mentioned security vulnerabilities,we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications,on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEPis applicable to mobile environment efficiently.

@inproceedings{bib_Taxo_2018, AUTHOR = {Das, Ashok Kumar and SheraliZeadally, and He, Debiao }, TITLE = {Taxonomy and Analysis of Security Protocols for Internet of Things}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2018}}

The Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since the communication often takes place over the Internet, it is vulnerable to various security threats in an IoT environment. We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to the IoT environment. We then present a taxonomy of security protocols for the IoT environment which includes important security services such as key management, user and device authentication, access control, privacy preservation, and identity management. We also present a comparative study of recently proposed IoT-related state-of-art security protocols in terms of various security and functionality features they support. Finally, we discuss some future challenges for IoT security protocols that need to be addressed in the future.

@inproceedings{bib_Prov_2018, AUTHOR = {BARMAN, SUBHAS and Das, Ashok Kumar and SAMANTA, DEBASIS and CHATTOPADHYAY, SAMIRAN and RODRIGUES, JOEL J. P. C. and PARK, YOUNGHO }, TITLE = {Provably Secure Multi-Server Authentication Protocol using Fuzzy Commitment}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}

Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the sameuser for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses,including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user’s password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the trade off among the security and functionality features and the communication and computation costs

@inproceedings{bib_Auth_2018, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Lee, Jong‑Hyouk }, TITLE = {Authentication Protocols for the Internet of Drones: Taxonomy, Analysis and Future Directions}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}

The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future

@inproceedings{bib_Secu_2018, AUTHOR = {Singh, Prabhjot and Bali, Rasmeet Singh and Kumar, Neeraj and Das, Ashok Kumar and Vinel, Alexey and Yang, Laurence T. }, TITLE = {Secure Healthcare Data Dissemination Using Vehicle Relay Networks}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}

In the recent years, vehicular adhoc networks (VANETs) can be an attractive choice for collecting and transferring the healthcare data of the passengers to the remote healthcare centers. In VANETs, some of the intermediate nodes may act as relay nodes in which case, these networks are called as vehicular relay networks (VRNs). However, the transmitted information in VRNs can be captured by intruders during transmission. Moreover, an attacker can launch selective forwarding, blackhole, and sinkhole attacks in the network, which may in turn degrade the network performance parameters like high end-to-end delay, low packet delivery ratio (PDR) and network throughput. Hence, to address these issues, a secure data dissemination scheme using VRNs is proposed. In the proposed scheme, first, a secure vehicular medical relay network system is designed for the users belonging to disconnected rural areas. The collected information is filtered at zonal levels before transmission to a nearby road side units, which further pass it to the incoming vehicles. Second, a secure passenger health monitoring network is designed which continuously monitors health services of the passengers traveling in different vehicles. The information collected through small body sensors installed in the vehicles act as data sets that is forwarded to the on-board monitoring unit within the vehicle. This collected data is then transmitted to centralized healthcare centers for processing by using VRNs. Lastly, a strong elliptic curve cryptography-based cryptographic solution is designed for secure communication among different vehicles. The performance of the proposed scheme is evaluated in various network scenarios with respect to different selected parameters, such as throughput, network delay, PDR, jitter, transmission and computation overheads, and key distribution overhead. The obtained results indicate that the proposed scheme provides improvement of 52% in average delay and 5% in PDR. This further indicates effective message delivery even with high mobility of the vehicles.

@inproceedings{bib_Auth_2018, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and V.Vasilakos, Athanasios }, TITLE = {Authenticated key management protocol for cloud-assisted body area sensor networks}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2018}}

Due to recent advances in various technologies such as integrated circuit, embedded systems and wireless communications, the wireless body area network (WBAN) becomes a propitious networking paradigm. WBANs play a very important role in modern medical systems as the real-time biomedical data through intelligent medical sensors in or around the patients' body can be collected and sent the data to remote medical personnel for clinical diagnostics. However, wireless nature of communication makes an adversary to intercept or modify the private and secret data collected by the sensors in WBANs. In critical applications of WBANs, there is a great requirement to access directly the sensing information collected by the body sensors by an external user (e.g., a doctor) in order to monitor the health condition of a patient. In order to do so, the user needs to first authenticate with the accessed body sensors, and only after mutual authentication between that user and the body sensors the real-time data can be directly accessed securely by the user. In this paper, we propose a new user authentication and key management scheme for this purpose. The proposed scheme allows mutual authentication between a user and personal server connected to WBAN via the healthcare server situated at the cloud, and once the mutual authentication is successful, both user and personal server are able to establish a secret session key for their future communication. In addition, key management process is provided for establishment of secret keys among the sensors and personal server for their secure communication. The formal security based on broadly-accepted Real-Or-Random (ROR) model and informal security give confidence that the proposed scheme can withstand several known attacks needed for WBAN security. A detailed comparative analysis among the proposed scheme and other schemes shows that the proposed scheme provides better security & functionality features, low computation and comparable communication costs as compared to recently proposed related schemes. Finally, the practical demonstration using the NS2 based simulation is shown for the proposed scheme and also for other schemes.

@inproceedings{bib_Biom_2018, AUTHOR = {Das, Ashok Kumar and Wazid, Mohammad and Kumar, Neeraj and Vasilakos, Athanasios V. and Rodrigues, Joel J. P. C. }, TITLE = {Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}

Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.

@inproceedings{bib_On_t_2018, AUTHOR = {Zahednejad, Behnam and Bayat, Majid and Das, Ashok Kumar }, TITLE = {On the Design of a Secure Proxy Signature-based Handover Authentication Scheme for LTEWireless Networks.}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2018}}

Designing a secure and efficient handover authentication scheme has al-ways been a concern of cellular networks especially in 4G Long Term Evolution(LTE) wireless networks. What makes their handover so complex, is the presence of different types of base stations namely eNodeB (eNB) and Home eNodeB (HeNB).In addition, they cannot directly communicate with each other. Recently, an efficient proxy signature-based handover authentication scheme has been suggested by Qui etal. Despite its better performance and security advantages than previous schemes, itsuffers serious vulnerabilities, namely being prone to DoS attack , eNB imperson-ation attack and lack of perfect forward secrecy. In this paper, we propose an im-proved handover authentication scheme in LTE wireless networks that resists against such attacks. Further, we validate the security of the proposed scheme using Real-Or-Random (ROR) model and ProVerif analysis tool. The results confirm our security claims of the proposed scheme. In addition, the performance analysis shows that compared to other schemes, our proposed scheme is more efficient.

@inproceedings{bib_HEAP_2018, AUTHOR = {Chattaraj, Durbadal and Sarma, Monalisa and Das, Ashok Kumar and Kumar, Neeraj and RODRIGUES, JOEL J. P. C. and PARK, YOUNGHO }, TITLE = {HEAP: An Efficient and Fault-tolerant Authentication and Key Exchange Protocol for Hadoop-assisted Big Data Platform}, BOOKTITLE = {IEEE Access}. YEAR = {2018}}

Hadoop framework has been evolved to manage big data in cloud. Hadoop distributedfile system and MapReduce, the vital components of this framework, provide scalable and fault-tolerantbig data storage and processing services at a lower cost. However, Hadoop does not provide any robustauthentication mechanism for principals’ authentication. In fact, the existing state-of-the-art authenticationprotocols are vulnerable to various security threats, such as man-in-the-middle, replay, password guessing,stolen-verifier, privileged-insider, identity compromization, impersonation, denial-of-service, online/off-linedictionary, chosen plaintext, workstation compromization, and server-side compromisation attacks. Besidethese threats, the state-of-the-art mechanisms lack to address the server-side data integrity and confidentialityissues. In addition to this, most of the existing authentication protocols follow a single-server-based userauthentication strategy, which, in fact, originates single point of failure and single point of vulnerabilityissues. To address these limitations, in this paper, we propose a fault-tolerant authentication protocol suitablefor the Hadoop framework, which is called the efficient authentication protocol for Hadoop (HEAP). HEAPalleviates the major issues of the existing state-of-the-art authentication mechanisms, namely operating-system-based authentication, password-based approach, and delegated token-based schemes, respectively,which are presently deployed in Hadoop. HEAP follows two-server-based authentication mechanism. HEAPauthenticates the principal based on digital signature generation and verification strategy utilizing bothadvanced encryption standard and elliptic curve cryptography. The security analysis using both the formalsecurity using the broadly accepted real-or-random (ROR) model and the informal (non-mathematical)security shows that HEAP protects several well-known attacks. In addition, the formal security verificationusing the widely used automated validation of Internet security protocols and applications ensures that HEAPis resilient against replay and man-in-the-middle attacks. Finally, the performance study contemplates thatthe overheads incurred in HEAP is reasonable and is also comparable to that of other existing state-of-the-art authentication protocols. High security along with comparable overheads makes HEAP to be robust andpractical for a secure access to the big data storage and processing services.

@inproceedings{bib_Desi_2018, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Kumar, Neeraj and Vasilakos, Athanasios V. and Rodrigues, Joel J. P. C. }, TITLE = {Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2018}}

The Internet of Drones (IoD) provides a coordinated access to unmanned aerial vehicles that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely accepted NS2 simulation.

@inproceedings{bib_Auth_2018, AUTHOR = {Wazid, Mohammad and Das, Ashok Kumar and Hussain, Rasheed and Succi, Giancarlo and Rodrigues, Joel J.P.C. }, TITLE = {Authentication in cloud-driven IoT-based big data environment: Survey and outlook}, BOOKTITLE = {Journal of Systems Architecture}. YEAR = {2018}}

The Internet of Things (IoT) is composed of different networked objects (i.e., smart devices) which are interconnected to gather, process, refine, and exchange meaningful data over the Internet. These objects are assigned to their respective IP addresses, and they are able to send and receive data over a network without any human assistance. IoT offers different types of applications, such as, but not limited to, smart traffic monitoring, smart home, smart health care and smart cities, to name a few. In a Cyber-Physical System (CPS), computing elements coordinate and communicate with sensor devices, which monitor cyber and physical indicators, and actuators, and also modify the cyber and physical environment where they run. The synergy of computational as well as physical components, specifically the use of CPSs, led to the advancement of IoT implementations. In a cloud-driven IoT-based big data environment, a cloud-based platform is used to store the data generated by IoT devices (normally by sensor devices) which further can be considered as a big data warehouse. This environment is highly scalable and provides important real-time event processing (for example, in critical scenarios like surveillance and monitoring of an industrial plant). In IoT-based critical applications, the real-time data access is obligatory as and when it is required. Such access is possible if we permit only authorized external users to access the real-time data directly from the IoT sensors. Sometimes authorized user may also request for big data query processing and big data analytics over the data stored in cloud servers to figure out hidden patterns of some phenomena (i.e., chances of fire in an industrial plant in future). Therefore, we need secure authentication schemes for cloud-driven IoT-based big data environment in which a legitimate user and an IoT sensor can mutually authenticate each other and establish a common session key for secure communication. In this context, this paper first discusses the network and threat models of the authentication schemes for cloud-driven IoT-based big data environment. Some security requirements, issues and challenges of this environment are then discussed. A taxonomy of various existing authentication schemes applicable for cloud-driven IoT-based big data environment is also discussed, which covers a comparative study of these schemes. We identify and briefly discuss some future research challenges in designing the authentication schemes and other security protocols for cloud-driven IoT-based big data environment that need to be addressed in the future.

@inproceedings{bib_SecS_2018, AUTHOR = {Aujla, Gagangeet Singh and Chaudhary, Rajat and Kumar, Neeraj and Das, Ashok Kumar and , Joel J. P. C. Rodrigues }, TITLE = {SecSVA: secure storage, verification, and auditing of big data in the cloud environment}, BOOKTITLE = {IEEE Communications Magzine}. YEAR = {2018}}

With the widespread popularity of Internet-enabled devices, there is an exponential increase in the information sharing among different geographically located smart devices. These smart devices may be heterogeneous in nature and may use different communication protocols for information sharing among themselves. Moreover, the data shared may also change with respect to various Vs (volume, velocity, variety, and value) to categorize it as big data. However, as these devices communicate with each other using an open channel, the Internet, there is a higher chance of information leakage during communication. Most of the existing solutions reported in the literature ignore these facts. Keeping focus on these points, in this article, we propose secure storage, verification, and auditing (SecSVA) of big data in cloud environment. SecSVA includes the following modules: an attribute-based secure data deduplication framework for data storage on the cloud, Kerberos-based identity verification and authentication, and Merkle hash-tree-based trusted third-party auditing on cloud. From the analysis, it is clear that SecSVA can provide secure third party auditing with integrity preservation across multiple domains in the cloud environment.

@inproceedings{bib_Prov_2018, AUTHOR = {Jindal, Anish and Dua, Amit and Kumar, Neeraj and Das, Ashok Kumar and Vasilakos, Athanasios V. and Rodrigues, Joel J. P. C. }, TITLE = {Providing healthcare-as-a-service using fuzzy rule based big data analytics in cloud computing}, BOOKTITLE = {IEEE Journal of Biomedical and Health Informatics}. YEAR = {2018}}

With advancements in information and communication technology, there is a steep increase in the remote healthcare applications in which patients can get treatment from the remote places also. The data collected about the patients by remote healthcare applications constitute big data because it varies with volume, velocity, variety, veracity, and value. To process such a large collection of heterogeneous data is one of the biggest challenges which requires a specialized approach. To address this challenge, a new fuzzy rule based classifier is presented in this paper with an aim to provide Healthcare-as-a-Service. The proposed scheme is based upon the initial cluster formation, retrieval, and processing of the big data in cloud environment. Then, a fuzzy rule based classifier is designed for efficient decision making for data classification in the proposed scheme. To perform inferencing from the collected data, membership functions are designed for fuzzification and defuzzification processes. The proposed scheme is evaluated on various evaluation metrics, such as average response time, accuracy, computation cost, classification time, and false positive ratio. The results obtained confirm the effectiveness of the proposed scheme with respect to various performance evaluation metrics in cloud computing environment.

@inproceedings{bib_A_ne_2018, AUTHOR = {Chattaraj, Durbadal and Sarma, Monalisa and Das, Ashok Kumar }, TITLE = {A new two-server authentication and key agreement protocol for accessing secure cloud services}, BOOKTITLE = {Computer Networks}. YEAR = {2018}}

Emerging Cloud computing paradigm came up with the on-demand ubiquitous service sharing facility via the Internet. In this synergy, the cloud service providers provide various services, namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) to their clients. In such a provision, both the end parties demand proper auditing so that the resources can be legitimately utilized, and meanwhile the privacy is also preserved. In order to achieve this goal, there is a need for designing an efficient and robust authentication mechanism. Though other existing authentication protocols, such as Kerberos, Open Authorization (OAuth) and OpenID are proposed in the literature, they are vulnerable to various security threats such as replay, online dictionary, offline dictionary, stolen-verifier, impersonation, denial-of-service, privileged-insider and man-in-the-middle attacks. In this paper, we aim to propose an authentication protocol which overcomes these security loopholes in the existing protocols. In the proposed protocol, a new dynamic password-based two-server authentication and key exchange mechanism is proposed with the help of both public and private key cryptography. Moreover, to achieve strong user anonymity property, a new multi-factor authentication scheme with identity preservation has been also introduced. The security analysis using both the formal security using the broadly-accepted Real-Or-Random (ROR) model and the informal security show that the proposed protocol protects several well-known attacks. In addition, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) ensures that the scheme is resilient against replay as well as man-in-the-middle attacks. Finally, the performance study contemplates that the overheads incurred in the protocol is reasonable and comparable to that of other existing state-of-art authentication protocols. High security along with comparable overheads make the proposed protocol to be robust and practical for a secure access to the cloud services.

@inproceedings{bib_A_se_2018, AUTHOR = {Kumari, Saru and Karuppiah, Marimuthu and Das, Ashok Kumar and Li, Xiong and Wu, Fan and Kumar, Neeraj }, TITLE = {A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2018}}

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.

@inproceedings{bib_LaCS_2018, AUTHOR = {Chaudhary, Rajat and Aujla, Gagangeet Singh and Kumar, Neeraj and Das, Ashok Kumar and Saxena, Neetesh and Rodrigues, Joel J.P.C. }, TITLE = {LaCSys: Lattice-based cryptosystem for secure communication in smart grid environment}, BOOKTITLE = {International Conference on Communications}. YEAR = {2018}}

Smart grid (SG) is a modernized power grid that uses information and communication technologies for bidirectional flow of information between the power utilities and the consumers. Nowadays, the focus of SG has shifted towards intelligent processing and control of various operations in order to provide high quality of experience to the end users domain (consumers, smart devices, utility, etc). Therefore, in near future, for smooth execution of various operations in SG, high volume of data is expected to move across different inter-connected smart devices. So, to handle this challenge, a self-configurable network technology known as software-defined networking (SDN)that provides faster and dynamic forwarding of data through adaptable flow-table management is a viable solution. However, in SDN- enabled SG systems, security and privacy are major challenges that need to be handled effectively. So, in this paper, a lattice-based cryptosystem for secure communication in SG environment, called LaCSys, is presented which works in three phases. In first phase, a secure authentication between all the network communication entities based on lattice based key exchange scheme is designed using a third party auditor (TPA). In second phase, a lightweight lattice-based public-key encryption scheme is designed to provide data confidentiality and integrity. In last phase, a temporary key-based scheme for detection of suspicious activity is designed. The proposed crytosystem is evaluated and compared with existing scheme in order to prove its effectiveness

@inproceedings{bib_Desi_2018, AUTHOR = {Kumari, Saru and Karuppiah, Marimuthu and Das, Ashok Kumar and Li, Xiong and Wu, Fan and Gupta, Vidushi }, TITLE = {Design of a secure anonymity‑preserving authentication scheme for session initiation protocol using elliptic curve cryptography}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}

The session initiation protocol (SIP) is a signaling protocol which is used to controlling communication in the Internet. It is also used for initiating, terminating and maintaining the sessions. A strong authentication scheme plays a pivotal role in safeguarding communications over the Internet. In order to ensure the secure communication, several authentication schemes have been proposed for SIP in the literature. Recently, Lu et al. proposed an authentication scheme for SIP-based communications and proved that their scheme can resist various network attacks. In this paper, we show that their scheme is susceptible to the user and server impersonation attacks. Also, their scheme fails to achieve user anonymity and mutual authentication. Hence, there is a need to propose a secure ECC-based authentication scheme with user anonymity for SIP to overcome the shortcomings of Lu et al.’s scheme. Security analysis shows that the proposed scheme is able to fix the flaws found in Lu et al.’s scheme. In addition to informal security discussions, we give formal security analysis of the proposed scheme under the generic group model of cryptography. Performance analysis also shows that the proposed scheme is suitable for SIP based communication

@inproceedings{bib_An_e_2018, AUTHOR = {C.SRAVANI, and Das, Ashok Kumar and Odelu, Vanga and Kumar, Neeraj and Kumari, Saru and Khan, Muhammad Khurram and Vasilakos, Athanasios V. }, TITLE = {An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2018}}

We first show the security limitations of a recent user authentication scheme proposed for wireless healthcare sensor networks. We then present a provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. The proposed scheme supports functionality features, such as dynamic sensor node addition, password as well as biometrics update, smart card revocation along with other usual features required for user authentication in wireless sensor networks. Our scheme is shown to be secure through the rigorous formal security analysis under the Real-Or-Random (ROR) model and broadly-accepted Burrows-Abadi-Needham (BAN) logic. Furthermore, the simulation through the widely-known Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that our scheme is also secure. High security, and low communication and computation costs make our scheme more suitable for practical application in healthcare applications as compared to other related existing schemes

@inproceedings{bib_Anon_2018, AUTHOR = {Jangirala, Srinivas and Das, Ashok Kumar and Wazid, Mohammad and Kumar, Neeraj }, TITLE = {Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2018}}

With an exponential increase in the popularity of Internet, the real-time data collected by various smart sensing devices can be analyzed remotely by a remote user (e.g., a manager) in the Industrial Internet of Things (IIoT). However, in the IIoT environment, the gathered real-time data is transmitted over the public channel, which raises the issues of security and privacy in this environment. Therefore, to protect illegal access by an adversary, user authentication mechanism is one of the promising security solutions in the IIoT environment. To achieve this goal, we propose a new user authenticated key agreement scheme in which only authorized users can access the services from the designated IoT sensing devices installed in the IIoT environment. In the proposed scheme, fuzzy extractor technique is used for biometric verification. Moreover, three factors, namely smart card, password and personal biometrics of a legal registered user are applied in the proposed scheme to increase the level of security in the system. The proposed scheme supports new devices addition after initial deployment of the devices, password/biometric change phase and also smart card revocation phase in case the smart card is lost or stolen by an adversary. In addition, the proposed scheme is lightweight in nature. We carry out the formal security analysis using the broadly accepted Real-Or-Random (ROR) model and also the non-mathematical (informal) security analysis on the proposed scheme. Furthermore, the formal security verification using the popularly-used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool is carried out on the proposed scheme. The detailed security analysis assures that the proposed scheme can withstand several well-known attacks in the IIoT environment. A practical demonstration using the NS2 simulation study is also performed for the proposed scheme and other related existing schemes. Also, a detailed comparative study shows that the proposed scheme is efficient, and provides superior security in comparison to the other schemes.

@inproceedings{bib_A_li_2018, AUTHOR = {Wu, Fan and Xu, Lili and Kumari, Saru and Li, Xiong and Das, Ashok Kumar and Shen, Jian }, TITLE = {A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications}, BOOKTITLE = {Journal on Ambient Intelligence and Humanized Computing}. YEAR = {2018}}

As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.

@inproceedings{bib_Attr_2018, AUTHOR = {Ibrahim, Maged Hamada and Kumari, Saru and Das, Ashok Kumar and Odelu, Vanga }, TITLE = {Attribute-based authentication on the cloud for thin clients}, BOOKTITLE = {Journal on SuperComputing}. YEAR = {2018}}

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.

@inproceedings{bib_A_se_2018, AUTHOR = {Odelu, Vanga and Zeadally, Sherali and Das, Ashok Kumar and Wazid, Mohammad and He, Debiao }, TITLE = {A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks}, BOOKTITLE = {Telecommunication Systems}. YEAR = {2018}}

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SKsecurity along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.

@inproceedings{bib_Dema_2018, AUTHOR = {Desai, Santosh Kumar and Dua, Amit and Kumar, Neeraj and Das, Ashok Kumar and Rodrigues, Joel J. P. C. }, TITLE = {Demand Response Management Using Lattice-Based Cryptography in Smart Grids}, BOOKTITLE = {IEEE Global Communications Conference}. YEAR = {2018}}

The prolonged usage of non-renewable resources like petroleum and coal have adverse affect on the environment and has led to energy crisis in the world. In order to mitigate the situation, efficient strategies have been proposed for generation, distribution and consumption of energy obtained from renewable sources such as tidal, wind and solar power. With the advent of Smart Grids being developed world wide, the most widely accepted strategy is Demand-Response management. In this strategy, the customers or end-users are incentivized to change their energy-utility behavior with time in response to fluid price changes or to induce lower energy consumption during peak demand time. The system is controlled by a cloud of servers that monitor the demand- supply chain over a network all the time. This brings up the issue of security within the operations of the system. Current security mechanisms such as Rivest-Shamir-Alderman (RSA) public key encryption, Advanced Encryption Standard (AES) symmetric encryption, Elliptic Curve Cryptography (ECC) public-key cryptosytem and the recently proposed works are not future- proof in the world of post-quantum cryptography. This paper proposes a lattice based cryptographic scheme to ensure proper security in the system. The proposed scheme has been proven secure against major known attacks

@inproceedings{bib_Secu_2017, AUTHOR = {C.SRAVANI, and WAZID, MOHAMMAD and Das, Ashok Kumar and KUMAR, NEERAJ and REDDY, ALAVALAPATI GOUTHAM and YOON, EUN-JUN and YOO, KEE-YOUNG }, TITLE = {Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. These devices can be remotely accessed and controlled using existing network infrastructure, thus allowing a direct integration of computing systems with the physical world. This also reduces human involvement along with improving accuracy and efficiency, resulting in economic benefit. The devices in IoT facilitate the day-to-day life of people. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between user and devices happens. In this paper, we present a new signature-based authenticated key establishment scheme for the IoT environment. The proposed scheme is tested for security with the help of the widely used Burrows-Abadi-Needham logic, informal security analysis, and also the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool. The proposed scheme is also implemented using the widely accepted NS2 simulator, and the simulation results demonstrate the practicability of the scheme. Finally, the proposed scheme provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.

@inproceedings{bib_Ligh_2017, AUTHOR = {Das, Ashok Kumar and Zeadally, Sherali and WAZID, MOHAMMAD }, TITLE = {Lightweight authentication protocols for wearable devices}, BOOKTITLE = {Computers & Electrical Engineering}. YEAR = {2017}}

In the wearable communication environment, wearable devices are used for various applications including fitbit flex tracks steps, sleep cycles, workout stats, and recording health-related sensitive information. The decreasing costs and increasing performance of Information Communication Technologies (ICTs) have made wearable devices more cost effective. Different types of wearable devices are being used today by citizens to improve their health and lifestyle. However, the data (such as health-related or movement data) generated from the user’s daily activities is often private and therefore, ensuring the security and privacy of this data is important. First, we present some emerging trends of wearable devices followed by a discussion of the main security and functionality requirements along with the threats to the wearable communication environment. We then present a review of some of the recently proposed lightweight authentication protocols for wearable devices based on performance metrics such as computation cost and communication cost. We also compare these authentication protocols in terms of various security features they support. Finally, we discuss some future challenges in the area of security protocols for wearable devices that need to be addressed in the future.

@inproceedings{bib_Prov_2017, AUTHOR = {PARK, KISUNG and PARK, YOUNGHO and PARK, YOHAN and REDDY, ALAVALAPATI GOUTHAM and Das, Ashok Kumar }, TITLE = {Provably Secure and Efficient Authentication Protocol for Roaming Service in Global Mobility Networks}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

In global mobility networks, a mobile user can access roaming services using a mobile device at anytime and anywhere. However, mobile users can be vulnerable to various attacks by adversaries, because the roaming services are provided through public network. Therefore, an anonymous mobile user authentication for roaming services is an essential security issue in global mobility networks. Recently, Lee et al. pointed out the security weaknesses of a previous scheme and proposed an advanced secure anonymous authentication scheme for roaming services in global mobility networks. However, we found that the scheme proposed by Lee et al. is vulnerable to password guessing and user impersonation attacks, and that it cannot provide perfect forward secrecy and secure password altered phase. In this paper, to overcome the security weaknesses of the scheme proposed by Lee et al., we propose an improved secure anonymous authentication scheme using shared secret keys between home agent and foreign agent. In addition, we analyze the security of our proposed scheme against various attacks and prove that it provides secure mutual authentication using Burrows–Abadi–Needham logic. In addition, the formal security analysis using the broadly-accepted real-or-random (ROR) random oracle model and the formal security verification using the widely accepted automated validation of the Internet security protocols and applications tool show that the proposed scheme provides the session key security and protection against replay as well as man-in-themiddle attacks, respectively. Finally, we compare the performance of the proposed scheme with the related schemes, and the results show that the proposed scheme provides better security and comparable efficiency as compared with those for the existing schemes.

@inproceedings{bib_Desi_2017, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Odelu, Vanga and Kumar, Neeraj and Conti, Mauro and Jo, Minho }, TITLE = {Design of Secure User Authenticated Key Management Protocol for Generic IoT Network}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}

In recent years, the research in generic Internet of Things (IoT) attracts a lot of practical applications including smart home, smart city, smart grid, industrial Internet, connected healthcare, smart retail, smart supply chain and smart farming. The hierarchical IoT network (HIoTN) is a special kind of the generic IoT network, which is composed of the different nodes, such as the gateway node, cluster head nodes, and sensing nodes organized in a hierarchy. In HIoTN, there is a need, where a user can directly access the real-time data from the sensing nodes for a particular application in generic IoT networking environment. This paper emphasizes on the design of a new secure lightweight three-factor remote user authentication scheme for HIoTNs, called the user authenticated key management protocol (UAKMP). The three factors used in UAKMP are the user smart card, password, and personal biometrics. The security of the scheme is thoroughly analyzed under the formal security in the widely accepted real-or-random model, the informal security as well as the formal security verification using the widely accepted automated validation of Internet security protocols and applications tool. UAKMP offers several functionality features including offline sensing node registration, freely password and biometric update facility, user anonymity, and sensing node anonymity compared to other related existing schemes. In addition, UAKMP is also comparable in computation and communication costs as compared to other existing schemes.

@inproceedings{bib_On_t_2017, AUTHOR = {SUTRALA, ANIL KUMAR and Das, Ashok Kumar and Kumar, Neeraj and Reddy, Alavalapati Goutham and Vasilakos, Athanasios V. and Rodrigues, Joel J. P. C. }, TITLE = {On the Design of Secure User Authenticated Key Management Scheme for Multi-Gateway Based Wireless Sensor Networks using ECC}, BOOKTITLE = {International Journal of Communication Systems}. YEAR = {2017}}

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.

@inproceedings{bib_Desi_2017, AUTHOR = {REDDY, ALAVALAPATI GOUTHAM and YOON, EUN-JUN and Das, Ashok Kumar and ODELU, VANGA and YOO, KEE-YOUNG }, TITLE = {Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment during the past decade. Wang et al. recently proposed a biometric-based authentication with key agreement protocol for multi-server environment and claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper shows that Wang et al. protocol's users are sharing personal identifiable information with the application servers during the registration and authentication process. This nature of disclosing credentials leads to severe threats particularly insider attacks, user impersonation attacks, and server impersonation attacks. As a remedy of the aforementioned problems, this paper proposes a novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography. We prove that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows-Abadi-Needham logic. The formal security of the proposed protocol is verified using the widely accepted automated validation of Internet security protocols and applications tool to show that our protocol can withstand active and passive attacks including the replay and man-in-the-middle attacks. The proposed protocol is robust and efficient compared with the existing related protocols.

@inproceedings{bib_Expr_2017, AUTHOR = {ODELU, VANGA and Das, Ashok Kumar and KHAN, MUHAMMAD KHURRAM and CHOO, KIM-KWANG RAYMOND and JO, MINHO }, TITLE = {Expressive CP-ABE Scheme for Mobile Devices in IoT satisfying Constant-size Keys and Ciphertexts}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertextpolicy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can ‘‘write’’ the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has O(1) timecomplexity for each decryption and encryption. Our scheme is then shown to be secure against a chosenciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.

@inproceedings{bib_Prov_2017, AUTHOR = {Das, Ashok Kumar and Odelu, Vanga and Kumari, Saru and Huang, Xinyi and WAZID, MOHAMMAD }, TITLE = {Provably secure authenticated key agreement scheme for distributed mobile cloud computing services}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2017}}

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.

@inproceedings{bib_Desi_2017, AUTHOR = {Kumari, Saru and Li, Xiong and Wu, Fan and Das, Ashok Kumar and Choo, Kim-Kwang Raymond and Shen, Jian }, TITLE = {Design of a provably secure biometrics-based multi-cloud-server authentication scheme}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2017}}

Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user’s privacy. A viable solution is user authentication set-up for multi-cloud-server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-server up on registration with a registration authority. Biometrics is a widely used authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based authentication scheme for multi-cloud-server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.

@inproceedings{bib_On_t_2017, AUTHOR = {CHATTERJEE, SANTANU and ROY, SANDIP and Das, Ashok Kumar and CHATTOPADHYA, SAMIRAN and KUMAR, NEERAJ and REDDY, ALAVALAPATI GOUTHAM and PARK, KISUNG and PARK, YOUNGHO }, TITLE = {On the design of fine grained access control with user authentication scheme for telecare medicine information systems}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi-Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.

@inproceedings{bib_Secu_2017, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Khan, Muhammad Khurram and Al-Ghaiheb, Abdulatif Al-Dhawailie and Kumar, Neeraj and Vasilakos, Athanasios V. }, TITLE = {Secure Authentication Scheme for Medicine Anti-Counterfeiting System in IoT Environment}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}

A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anticounterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.

@inproceedings{bib_Chao_2017, AUTHOR = {Roy, Sandip and Chatterjee, Santanu and Das, Ashok Kumar and Chattopadhyay, Samiran and Kumari, Saru and Jo, Minho }, TITLE = {Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things}, BOOKTITLE = {IEEE Internet of Things Journal}. YEAR = {2017}}

The recent proliferation of mobile devices, such as smartphones and wearable devices has given rise to crowdsourcing Internet of Things (IoT) applications. E-healthcare service is one of the important services for the crowdsourcing IoT applications that facilitates remote access or storage of medical server data to the authorized users (for example, doctors, patients, and nurses) via wireless communication. As wireless communication is susceptible to various kinds of threats and attacks, remote user authentication is highly essential for a hazard-free use of these services. In this paper, we aim to propose a new secure three-factor user remote user authentication protocol based on the extended chaotic maps. The three factors involved in the proposed scheme are: 1) smart card; 2) password; and 3) personal biometrics. As the proposed scheme avoids computationally expensive elliptic curve point multiplication or modular exponentiation operation, it is lightweight and efficient. The formal security verification using the widely-accepted verification tool, called the ProVerif 1.93, shows that the presented scheme is secure. In addition, we present the formal security analysis using the both widely accepted real-or-random model and Burrows-Abadi-Needham logic. With the combination of high security and appreciably low communication and computational overheads, our scheme is very much practical for battery limited devices for the healthcare applications as compared to other existing related schemes.

@inproceedings{bib_A_no_2017, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Kumar, Neeraj and Conti, Mauro and Vasilakos, Athanasios V }, TITLE = {A novel authentication and key agreement scheme for implantable medical devices deployment}, BOOKTITLE = {IEEE Journal of Biomedical and Health Informatics}. YEAR = {2017}}

Implantable medical devices (IMDs) are man-made devices, which can be implanted in the human body to improve the functioning of various organs. The IMDs monitor and treat physiological condition of the human being (for example, monitoring of blood glucose level by insulin pump). The advancement of information and communication technology enhances the communication capabilities of IMDs. In healthcare applications, after mutual authentication, a user (for example, doctor) can access the health data from the IMDs implanted in a patient's body. However, in this kind of communication environment, there are always security and privacy issues, such as leakage of health data and malfunctioning of IMDs by an unauthorized access. To mitigate these issues, in this paper, we propose a new secure remote user authentication scheme for IMDs communication environment to overcome security and privacy issues in existing schemes. We provide the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. We also provide the informal security analysis of the proposed scheme. The formal security verification and informal security analysis prove that the proposed scheme is secure against known attacks. The practical demonstration of the proposed scheme is performed using the broadly accepted NS2 simulation tool. The computation and communication costs of the proposed scheme are also comparable with the existing schemes. Moreover, the scheme provides additional functionality features, such as anonymity, untraceability, and dynamic implantable medical device addition.

@inproceedings{bib_An_e_2017, AUTHOR = {Wu, Fan and Xu, Lili and Kumari, Saru and Li, Xiong and Shen, Jian and Choo, Kim-Kwang Raymond and WAZID, MOHAMMAD and Das, Ashok Kumar }, TITLE = {An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2017}}

Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanović et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.

@inproceedings{bib_Desi_2017, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and KUMAR, NEERAJ and ODELU, VANGA and REDDY, ALAVALAPATI GOUTHAM and PARK, YOUNGHO }, TITLE = {Design of lightweight authentication and key agreement protocol for vehicular ad hoc networks}, BOOKTITLE = {IEEE Access}. YEAR = {2017}}

Due to the widespread popularity in both academia and industry, vehicular ad hoc networks (VANETs) have been used in a wide range of applications starting from intelligent transportation to e-health and itinerary planning. This paper proposes a new decentralized lightweight authentication and key agreement scheme for VANETs. In the proposed scheme, there are three types of mutual authentications: 1) between vehicles; 2) between vehicles and their respective cluster heads; and 3) between cluster heads and their respective roadside units. Apart from these authentications, the proposed scheme also maintains secret keys between roadside units for their secure communications. The rigorous formal and informal security analysis shows that the proposed scheme is capable to defend various malicious attacks. Moreover, the ns-2 simulation demonstrates the practicability of the proposed scheme in VANET environment.

@inproceedings{bib_Secu_2017, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Kumar, Neeraj and Rodrigues, Joel J. P. C. }, TITLE = {Secure three-factor user authentication scheme for renewable-energy-based smart grid environment}, BOOKTITLE = {IEEE Transactions on Industrial Informatics}. YEAR = {2017}}

Smart grid (SG) technology has recently received significant attention due to its usage in maintaining demand response management in power transmission systems. In SG, charging of electric vehicles becomes one of the emerging applications. However, authentication between a vehicle user and a smart meter is required so that both of them can securely communicate for managing demand response during peak hours. To address the above mentioned issues, in this paper, we propose a new efficient three-factor user authentication scheme for a renewable energy-based smart grid environment (TUAS-RESG), which uses the lightweight cryptographic computations such as one-way hash functions, bitwise XOR operations, and elliptic curve cryptography. The detailed security analysis shows the robustness of TUAS-RESG against various well-known attacks. Moreover, TUAS-RESG provides superior security with additional features, such as dynamic smart meter addition, flexibility for password and biometric update, user and smart meter anonymity, and untraceability as compared to other related existing schemes. The practical demonstration of TUAS-RESG is also proved using the widely accepted NS2 simulation.

@inproceedings{bib_A_mu_2017, AUTHOR = {Jangiral, Srinivas and Mukhopadhyay, Sourav and Das, Ashok Kumar }, TITLE = {A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2017}}

The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, numerous remote user authentication schemes based on dynamic ID have been proposed for the multi-server environment using smart cards. Recently, Shunmuganathan et al. pointed out that Li et al.’s scheme is defenseless in resisting the password guessing attack, stolen smart card attack and forgery attack. Furthermore, they showed the poor repairability and no two-factor security in Li et al.’s scheme. To surmount these security disadvantages, Shunmuganathan et al. proposed a remote user authentication scheme using smart card for multi-server environment and claimed that their scheme is secure and efficient. In this paper, we show that Shunmuganathan et al.’s scheme is also defenseless in resisting the password guessing attack, stolen smart card attack, user impersonation attack, forgery attack, forward secrecy and session key secrecy. Moreover, the two-factor security is also not preserved in their scheme. In our proposed scheme, a user is free to choose his/her login credentials such as user id and password. And also a user can regenerate the password any time. Simultaneously the proposed scheme preserves the merits of Shunmuganathan et al.’s scheme and also provides better functionality and security features, such as mutual authentication, session key agreement and perfect forward secrecy. The security analysis using the widely accepted Burrows–Abadi–Needham logic shows that the proposed scheme provides the mutual authentication proof between a user and a server. Through the rigorous formal and informal security analysis, we show that the proposed scheme is secure against possible known attacks. In addition, we carry out the simulation of the proposed scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results clearly indicate that our scheme is secure.

@inproceedings{bib_Pair_2017, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Rao, Y. Sreenivasa and Kumari, Saru and Khan, Muhammad Khurram and Choo, Kim-Kwang Raymond }, TITLE = {Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment}, BOOKTITLE = {Computer Standards & Interfaces}. YEAR = {2017}}

Ciphertext-policy attribute-based encryption (CP-ABE) scheme can be deployed in a mobile cloud environment to ensure that data outsourced to the cloud will be protected from unauthorized access. Since mobile devices are generally resource-constrained, CP-ABE schemes designed for a mobile cloud deployment should have constant sizes for secret keys and ciphertexts. However, most existing CP-ABE schemes do not provide both constant size ciphertexts and secret keys. Thus, in this paper, we propose a new pairing-based CP-ABE scheme, which offers both constant size ciphertexts and secret keys (CSCTSK) with an expressive AND gate access structure. We then show that the proposed CP-ABE-CSCTSK scheme is secure against chosen-ciphertext adversary in the selective security model, and present a comparative summary to demonstrate the utility of the scheme.

@inproceedings{bib_A_No_2016, AUTHOR = {Li, Xiong and Niu, Jianwei and Kumari, Saru and Islam, SK Hafizul and Wu, Fan and Khan, Muhammad Khurram and Das, Ashok Kumar }, TITLE = {A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}

The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.

@inproceedings{bib_SEAP_2016, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and , Adrijit Goswami }, TITLE = {SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms}, BOOKTITLE = {IEEE Transactions Consumer Electronics}. YEAR = {2016}}

Authentication protocol plays an important role in the short-range wireless communications for the Near Field Communication (NFC) technology. Due to the shared nature of wireless communication networks, there are several kinds of security vulnerabilities. Recently, a pseudonym-based NFC protocol (PBNFCP) has been proposed to withstand the security pitfalls found in the existing conditional privacy preserving security protocol (CPPNFC). However, this paper further analyzes PBNFCP and shows that it still fails to prevent the claimed security properties, such as impersonation attacks against an adversary, who is a malicious registered user having a valid pseudonym and corresponding private key. In order to overcome these security drawbacks, this paper proposes a secure and efficient authentication protocol (SEAP) for NFC applications using lifetime-based pseudonyms. The proposed SEAP is simulated for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The simulation results show that SEAP is secure. The rigorous security and performance analysis shows that the proposed SEAP is secure and efficient as compared to the related existing authentication protocols for NFC applications.

@inproceedings{bib_A_Se_2016, AUTHOR = {Das, Ashok Kumar and SUTRALA, ANIL KUMAR and Odelu, Vanga and Goswami, Adrijit }, TITLE = {A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}

A wireless medical sensor network (WMSN) is a professional application of the traditional wireless body area sensor networks in medicine. Using WMSNs, the parameters of patients’ vital signs can be gathered from the sensor nodes deployed on the body of the patients and accessed by the healthcare professionals by using a mobile device. Due to wireless communication, securing communication becomes a vital issue in WMSNs. Since the vital signs parameters are sensitive to the patients’ health status and these information must not be revealed to the others except the healthcare professionals, the protection of patients’ privacy becomes another key issue for WMSNs applications. Thus, user authentication with anonymity property is the most basic and commonly used method in order to resolve the security and privacy issues of WMSNs. He et al. presented a user authentication protocol for healthcare applications using WMSNs to protect the security and privacy problems. However, Li et al. showed that their scheme is incorrect in authentication and session key agreement phase, has no wrong password detection mechanism and is vulnerable to denial of service caused by password change with wrong password. In this paper, we review Li et al.’s scheme and show that their scheme is still vulnerable to privileged-insider attack, sensor node capture attack and fails to provide user anonymity property. Moreover, we find that He et al.’s scheme is still vulnerable to the same attacks as we find out in Li et al.’s scheme. In order to remedy the security weak-nesses found in both He et al.’s scheme and Li et al.’s scheme, we present a secure biometrics-based user authentication scheme in WMSNs using smart card. Through the rigorous formal and informal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Application stool and the simulation results reveal that our scheme is secure. Our scheme is also efficient in computation and communication as compared to He et al.’s scheme, Li et al.’sscheme and other related schemes.

@inproceedings{bib_A_Se_2016, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar }, TITLE = {A Secure Group-Based Blackhole Node Detection Scheme for Hierarchical Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}

Rapid development of the wireless communication technology and low cost of sensing devices has accelerated the development of wireless sensor networks (WSNs). These types of networks have a wide range of applications including habitat monitoring, health monitoring, data acquisition in hazardous environmental conditions and military operations. Sensor nodes are resource constrained having limited communication range, battery and processing power. Sensor nodes are prone to failure and can be also physically captured by an adversary. One of the main concerns in WSNs is to provide security, especially in the cases where they are deployed for military applications and monitoring. Further, WSNs are prone to various attacks such as wormhole, sinkhole and blackhole attacks. A blackhole attack is a kind of denial of service attack, which is very difficult to detect and defend and such blackhole attack, if happens, affects the entire performance of the network. In addition, it causes high end-to-end delay and less throughput with less packet delivery ratio. The situation can be worst if multiple blackhole attacker nodes present in the network. As a result, detection and prevention of the blackhole attack becomes crucial in WSNs. In this paper, we aim to propose a new efficient group-based technique for the detection and prevention of multiple blackhole attacker nodes in WSNs. In our approach, the entire WSN is divided into several clusters and each cluster has a powerful high-end sensor node (called a cluster head), which is responsible for the detection of blackhole attacker nodes, if present, in that cluster. The proposed scheme achieves about 90 % detection rate and 3.75 % false positive rate, which are significantly better than the existing related schemes. Furthermore, our scheme is efficient and thus, it is very appropriate for practical applications in WSNs.

@inproceedings{bib_Prov_2016, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and WAZID, MOHAMMAD and Conti, Mauro }, TITLE = {Provably Secure Authenticated Key Agreement Scheme for Smart Grid}, BOOKTITLE = {IEEE Transactions on Smart Grid}. YEAR = {2016}}

Due to the rapid development of wireless communication systems, authentication becomes a key security component in smart grid environments. Authentication then plays an important role in the smart grid domain by providing a variety of security services including credentials' privacy, session-key (SK) security, and secure mutual authentication. In this paper, we analyze the security of a recent relevant work in smart grid, and it is unfortunately not able to deal with SK-security and smart meter secret credentials' privacy under the widely accepted Canetti-Krawczyk adversary (CK-adversary) model. We then propose a new efficient provably secure authenticated key agreement scheme for smart grid. Through the rigorous formal security analysis, we show that the proposed scheme achieves the well-known security functionalities including smart meter credentials' privacy and SK-security under the CK-adversary model. The proposed scheme reduces the computation overheads for both smart meters and service providers. Furthermore, the proposed scheme offers more security functionalities as compared to the existing related schemes.

@inproceedings{bib_An_E_2016, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar }, TITLE = {An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2016}}

Sensor nodes in a wireless sensor network (WSN) may be lost due to enervation or malicious attacks by an adversary. WSNs deployed for several applications including military applications are prone to various attacks, which degrade the network performance very rapidly. Hybrid anomaly is a type of anomaly that contains the different types of attacker nodes such as blackhole, misdirection, wormhole etc. These multiple attacks can be launched in the network using the hybrid anomaly. In this situation, it is very difficult to find out which kind of attacker nodes are activated in the network. This motivates us to design a robust and efficient secure intrusion detection approach in order to extend thelifetime of a WSN. In this paper, we aim to propose a new intrusion detection technique forhybrid anomaly, which uses the existing data mining algorithm, called K-means clustering.For the detection purpose, patterns of intrusions are built automatically by the K-mean sclustering algorithm over training data. After that intrusions are detected by matching network activities against these detection patterns. We evaluate our approach over a WSNd ataset that is created using Opnet modeler, which contains various attributes, such as end-to-end delay, traffic sent and traffic received. The training data set contains the normal values of the network parameters. The testing dataset is created in actual working mode consists of normal and abnormal values of the network parameters. The proposed tech-nique has the ability to detect two types of malicious nodes: black hole and misdirection nodes. Our scheme achieves 98.6 % detection rate and 1.2 % false positive rate, which are significantly better than the existing related schemes.

@inproceedings{bib_An_e_2016, AUTHOR = {Sahoo, Jayakrushna and Das, Ashok Kumar and Goswami, A. }, TITLE = {An efficient fast algorithm for discoverin closed+highutility itemsets}, BOOKTITLE = {Applied Intelligence}. YEAR = {2016}}

In recent years, high utility itemsets (HUIs) mining from the transactional databases becomes one of the most emerging research topic in the field of data mining due to its wide range of applications in online e-commerce data analysis, identifying interesting patterns in biomedical data and for cross marketing solutions in retail business. It aims to discover the itemsets with high utilities efficiently by considering item quantities in a transaction and profit values of each item. However, it produces a tremendous number of HUIs, which imposes further burden in analysis of the extracted patterns and also degrades the performance of mining methods. Mining the set of closed + high utility itemsets (CHUIs) solves this issue as it is a loss-less and condensed representation of all HUIs. In this paper, we aim to present a new algorithm for finding CHUIs from a transactional database, called the CHUM (Closed + High Utility itemset Miner), which is scalable and efficient. The proposed mining algorithm adopts a tricky aimed vertical representation of the database in order to speed up the execution time in generating itemset closures and compute their utility information without accessing the database. The proposed method makes use of the item co-occurrences strategy in order to further reduce the number of intersections needed to be performed. Several experiments are conducted on various sparse and dense datasets and the simulation results clearly show the scalability and superior performance of our algorithm as compared to those for the existing state-of-the-art CHUD (Closed + High Utility itemset Discovery) algorithm.

@inproceedings{bib_A_se_2016, AUTHOR = {Das, Ashok Kumar }, TITLE = {A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks}, BOOKTITLE = {Peer to Peer Networking and Applications}. YEAR = {2016}}

User authentication is one of the most important security services required forthe resource-constrained wire-less sensor networks (WSNs). In user authentication, for critical applications of WSNs, a legitimate user is allowed to query and collect the real-time data at any time from a sensor node of the network as and when he/she demands for it. In order to get the real-time information from the nodes,the user needs to be first authenticated by the nodes as well as the gateway node (GWN) of WSN so that illegal accesst o nodes do not happen in the network. Recently, Jiang et al.proposed an efficient two-factor user authentication scheme with unlinkability property in WSNs Jiang (2014). In this paper, we analyze Jiang et al.’s scheme. Unfortunately, we point out that Jiang et al.’s scheme has still several draw-backs such as (1) it fails to protect privileged insider attack,(2) inefficient registration phase for the sensor nodes,(3) it fails to provide proper authentication in login and authentication phase, (4) it fails to update properly the new changed password of a user in the password update phase,(5) it lacks of supporting dynamic sensor node addition after initial deployment of nodes in the network, and (6) itlacks the formal security verification. In order to withstand these pitfalls found in Jiang et al.’s scheme, we aim to pro-pose a three-factor user authentication scheme for WSNs.Our scheme preserves the original merits of Jiang et al.’sscheme. Our scheme is efficient as compared to Jiang et al.’s

@inproceedings{bib_A_se_2016, AUTHOR = {Mishra, Dheerendra and Das, Ashok Kumar and Mukhopadhyay, Sourav }, TITLE = {A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card}, BOOKTITLE = {Peer to Peer Networking and Applications}. YEAR = {2016}}

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’sscheme. Furthermore, we simulate our scheme for the for-mal security analysis using the widely-accepted AVISPA(Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.

@inproceedings{bib_Desi_2016, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Kumari, Saru and Li, Xiong and Wu, Fan }, TITLE = {Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

Several remote user authentication techniques for telecare medicine information system (TMIS) have been proposed in the literature. But most existing techniques have limitations such as vulnerable to various attacks, lack of functionalities, and inefficiency. Recently, Amin and Biswas proposed a three‐factor authentication and key agreement technique for TMIS. But their scheme is inefficient and has several security drawbacks. The attacks such as privileged‐insider, user impersonation, and strong reply attacks are possible on their scheme. It also has flaw in password update phase. In order to overcome drawbacks of their scheme, a new provably secure and efficient three‐factor remote user authentication scheme for TMIS is proposed in this paper. The proposed scheme overcomes all drawbacks of their scheme and also provides additional features such as user unlinkability, user anonymity, efficient password, and biometric update. The rigorous informal and formal security analysis using random oracle models and the mostly acceptable Automated Validation of Internet Security Protocols and Applications tool is also performed. During the experimentation, it has been observed that the proposed scheme is secure against various known attacks that include replay and man‐in‐the‐middle attacks. Furthermore, the analysis of computation and communication cost estimation of the proposed scheme depicts that our scheme is efficient as compared with other related exiting schemes.

@inproceedings{bib_Ligh_2016, AUTHOR = {Reddy, Alavalapati Goutham and Yoon, Eun-Jun and Das, Ashok Kumar and Yoo, Kee-Young }, TITLE = {Lightweight authentication with key-agreement protocol for mobile network environment using smartcards}, BOOKTITLE = {IET Information Security}. YEAR = {2016}}

In 2012, Mun et al. proposed an enhanced secure authentication with key-agreement protocol for roaming service in global mobility networks environment based on elliptic curve cryptography. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful analysis of this study proves that Mun et al.'s protocol is susceptible to several attacks such as replay attack, man-in-middle attack, user impersonation attack, privileged insider attack, denial-ofservice attack, no login phase and imperfect mutual authentication phase. In addition, this study proposes an enhanced lightweight authentication with key-agreement protocol for mobile networks based on elliptic curve cryptography using smart cards. The proposed protocol is lightweight and perfectly suitable for real-time applications as it accomplishes simple one-way hash function, message authentication code and exclusive-OR operation. Furthermore, it achieves all the eminent security properties and is resistant to various possible attacks. The security analysis and comparison section demonstrates that the proposed protocol is robust compared with Mun et al.'s protocol.

@inproceedings{bib_An_e_2016, AUTHOR = {Das, Ashok Kumar and SUTRALA, ANIL KUMAR and Kumari, Saru and Odelu, Vanga and WAZID, MOHAMMAD and Li, Xiong }, TITLE = {An efficient multi-gateway based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

User authentication in wireless sensor network (WSN) plays a very important role in which a legal registered user is allowed to access the real‐time sensing information from the sensor nodes inside WSN. To allow such access, a user needs to be authenticated by the accessed sensor nodes as well as gateway nodes inside WSNs. Because of resource limitations and vulnerability to physical capture of some sensor nodes by an attacker, design of a secure user authentication in WSN continues to be an important and challenging research area in recent years. In this paper, we propose a new three‐factor user authentication scheme based on the multi‐gateway WSN architecture. Through the widely‐accepted Burrows–Abadi–Needham logic, we prove that our scheme provides the secure mutual authentication. We then present the formal security verification of our proposed scheme using AVISPA tool, which is a powerful validation tool for network security applications, and show that our scheme is secure. In addition, the rigorous informal security analysis shows that our scheme is also secure against possible other known attacks including the sensor node capture attack. Furthermore, we present the additional functionality features that our scheme offers, which are efficient in communication and computation.

@inproceedings{bib_Desi_2016, AUTHOR = {Islam, SK Hafizul and Das, Ashok Kumar and Khan, Muhammad Khurram }, TITLE = {Design of a provably secure identity-based digital multi-signature scheme using biometrics and fuzzy extractor}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

A novel biometric identity-based digital multi-signature (BIO-IDMS) scheme is put forwarded in this paper. The proposed scheme is constructed with the help of fuzzy extractor and elliptic curve bilinear pairings. Furthermore, we designed the formal model and the security model of the proposed BIO-IDMS scheme. The formal security analysis demonstrates that the forgery of the proposed scheme is infeasible in the random oracle model based on the intractability assumption of the computational Diffie–Hellman (CDH) problem. The proposed scheme outperforms in terms of computational cost compared with other related existing multi-signature schemes.

@inproceedings{bib_Desi_2016, AUTHOR = {Chaturvedi, Ankita and Das, Ashok Kumar and Mishra, Dheerendra and Mukhopadhyay, Sourav }, TITLE = {Design of a secure smart card-based multi-server authentication scheme}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2016}}

Traditional two party client server authentication protocol may not provide a scalable solution for present network environments where personal and ubiquitous computing technologies are involved as it is now becoming multi-server based. To achieve efficient authorized communication, multi-server based authentication protocols have been designed. The key feature of multi-server based protocols is one time registration. We study the existing multi-server based authentication protocols, and identify that many of the multi-server based authentication protocols involve control server in mutual authentication or trusted server environment is required. The involvement of central authority in mutual authentication may be a bottleneck for large network, and the servers may be semi-trusted. To erase these drawbacks, Wei et al. recently proposed a multi-server based authentication protocol. Their protocol does not require all servers to be trusted and involvement of control server in mutual authentication. Unfortunately, we identify the security vulnerability of Wei et al.'s scheme to insider attack and password guessing attack. Additionally, lack of pre-smart card authentication leads to denial of service attack. To enhance the security of Wei et al.'s protocol, we propose a secure biometric-based authentication scheme for multi-server environment using smart card. We simulate the proposed protocol for the formal security verification using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against active and passive attacks. In addition, we prove that our proposed scheme provides mutual authentication using the widely-accepted Burrows–Abadi–Needham (BAN) logic and is also secured against various well known attacks. In addition, our scheme is efficient in terms of computational and communication overheads as compared to Wei et al.'s scheme and other existing related schemes.

@inproceedings{bib_Prov_2016, AUTHOR = {Das, Ashok Kumar and Kumari, Saru and Odelu, Vanga and Li, Xiong and Wu, Fan and Huang, Xinyi }, TITLE = {Provably secure user authentication and key agreement scheme for wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols urn:x-wiley:sec:media:sec1573:sec1573-math-0001 and urn:x-wiley:sec:media:sec1573:sec1573-math-0002. urn:x-wiley:sec:media:sec1573:sec1573-math-0003 is based on exclusive or (XOR) and hash functions, while urn:x-wiley:sec:media:sec1573:sec1573-math-0004 deploys elliptic curve cryptography in addition to the two functions used in urn:x-wiley:sec:media:sec1573:sec1573-math-0005. Although their protocols are efficient, we point out that both urn:x-wiley:sec:media:sec1573:sec1573-math-0006 and urn:x-wiley:sec:media:sec1573:sec1573-math-0007 are vulnerable to session specific temporary information attack and offline password guessing attack, while urn:x-wiley:sec:media:sec1573:sec1573-math-0008 is also vulnerable to session key breach attack. In addition, we show that both the protocols urn:x-wiley:sec:media:sec1573:sec1573-math-0009 and urn:x-wiley:sec:media:sec1573:sec1573-math-0010 are inefficient in authentication and password change phases. To withstand these weaknesses found in their protocols, we aim to design a new authentication and key agreement scheme using elliptic curve cryptography. Rigorous formal security proofs using the broadly accepted, the random oracle models, and the Burrows–Abadi–Needham logic and verification using the well‐known Automated Validation of Internet Security Protocols and Applications tool are preformed on our scheme. The analysis shows that our designed scheme has the ability to resist a number of known attacks comprising those found in both Chang–Le's protocols

@inproceedings{bib_Prov_2016, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Kumari, Saru and Li, Xiong and Wu, Fan }, TITLE = {Provably secure biometric-based user authentication and key agreement scheme in cloud computing}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

Cloud computing, the conjoin of many types of computing, has made a great impact on the life of everyone. People from anywhere can access the different cloud-based services by using the Internet. A user, who wants to access some cloud-based service, needs to register himself/herself to an authority (service provider), and after that, he/she can use the service. To access the service, each user needs to authenticate to that particular cloud server. Several user authentication schemes for cloud computing have been presented but mostly have limitations/drawbacks as they are prone to various known attacks, such as privileged insider, user and server impersonation, and strong reply attacks, and they also have lack of functionality features. Moreover, these schemes do not provide efficient password change phase. In order to overcome these drawbacks, we propose a new provably secure biometric-based user authentication and key agreement scheme for cloud computing. The proposed scheme overcomes the weaknesses of the existing schemes and supports extra functionality features including user anonymity and efficient password and biometric update phase for multi-server environment. The careful formal security analysis under standard model and informal security analysis and the simulation results for formal security verification using the most acceptable AVISPA tool show that the proposed scheme is secure against various known possible attacks. The analysis of computation and communication overheads of our scheme depicts its efficiency over other related existing schemes, and thus, the proposed scheme is suitable for the cloud computing environment.

@inproceedings{bib_Desi_2016, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar }, TITLE = {Design of a new CP-ABE with constant size secret keys for lightweight devices using elliptic curve cryptography}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2016}}

The energy cost of public‐key cryptography is a vital component of modern secure communications. It inhibits the widespread adoption within the ultra‐low energy regimes (for example, implantable medical devices and Radio Frequency Identification tags). In the ciphertext‐policy attribute‐based encryption (CP‐ABE), an encryptor can decide the access policy that who can decrypt the data. Thus, data will be protected from the unauthorized users. However, most of the existing CP‐ABE schemes require huge storage and computational overheads. Moreover, CP‐ABE schemes based on bilinear map loose high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra‐low energy devices in practice. In this paper, we aim to propose a novel expressive AND gate access structured CP‐ABE scheme with constant‐size secret keys (CSSK) with cost‐efficient solutions for encryption and decryption using elliptic curve cryptography, called the CP‐ABE‐CSSK scheme. In the proposed CP‐ABE‐CSSK, the size of the secret key is as small as 320 bits. In addition, elliptic curve cryptography is efficient and more suitable for lightweight devices as compared with bilinear pairing‐based cryptosystem. Thus, the proposed CP‐ABE‐CSSK scheme provides low computation and storage overheads with an expressive AND gate access structure as compared with related existing schemes. Consequently, our scheme becomes very practical for CP‐ABE key storage and computation cost for ultra‐low energy devices. Copyright © 2016 John Wiley & Sons, Ltd.

@inproceedings{bib_A_se_2016, AUTHOR = {Karuppiah, Marimuthu and Kumari, Saru and Das, Ashok Kumar and Li, Xiong and Wu, Fan and Basu, Sayantani }, TITLE = {A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Ubiquitous networks provide effective roaming services for mobile users (MUs). Through the worldwide roaming technology, authorized MUs can avail ubiquitous network services. Important security issues to be considered in ubiquitous networks are authentication of roaming MUs and protection of privacy of MUs. However, because of the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is a challenging task. Very recently, Farash et al. proposed an authentication scheme with anonymity for consumer roaming in ubiquitous networks and claimed their scheme achieves all security requirements. In this paper, we show that the scheme of Farash et al. fails to achieve user anonymity and mutual authentication. Their scheme also fails to provide local password verification, and it has a faulty password change phase. Moreover, their scheme is vulnerable to replay, offline password guessing, and forgery attacks. To fix the security flaws of the scheme of Farash et al., we present an improved authentication scheme for accessing roaming service provided by ubiquitous networks. We then formally verify the security properties of our scheme by the widely‐accepted push‐button tool called Automated Validation of Internet Security Protocols and Applications. Security and performance analyses show that our scheme is more powerful, efficient, and secure when it is compared with existing schemes. Copyright © 2016 John Wiley & Sons, Ltd.

@inproceedings{bib_A_no_2016, AUTHOR = {Wu, Fan and Xu, Lili and SaruKumari, and Li, Xiong and Das, Ashok Kumar and Khan, Muhammad Khurram and Karuppiah, Marimuthu and Baliyan, Renuka }, TITLE = {A novel and provable authentication and key agreement scheme with user anonymity for global mobility networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off‐line guessing attack and the de‐synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two‐factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.

@inproceedings{bib_An_A_2016, AUTHOR = {Reddy, Alavalapati Goutham and Das, Ashok Kumar and Yoon, Eun-Jun and Yoo, Kee-Young }, TITLE = {An Anonymous Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Biometrics and Smartcards}, BOOKTITLE = {Transactions on Internet and Information Systems}. YEAR = {2016}}

Authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in computing technologies and associated constraints. Lu et al. recently proposed a biometrics and smartcards-based authentication scheme for multi-server environment. The careful analysis of this paper demonstrates Lu et al.’s protocol is susceptible to user impersonation attacks and comprises insufficient data. In addition, this paper proposes an improved authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. The formal security of the proposed protocol is verified using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our protocol can withstand active and passive attacks. The formal and informal security analysis, and performance analysis sections determines that our protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols.

@inproceedings{bib_An_e_2016, AUTHOR = {Kumari, Saru and Karuppiah, Marimuthu and Li, Xiong and Wu, Fan and Das, Ashok Kumar and Odelu, Vanga }, TITLE = {An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Vehicular Ad‐hoc Networks (VANETs) are a move towards regulating safe traffic and intelligent transportation system. A VANETs is characterized by extremely dynamic topographical conditions owing to speedily moving vehicles. In VANETs, vehicles can transmit messages within a pre‐defined area to achieve safety and efficiency of the system. Then ensuring authenticity of origin of messages to the receiver in such a dynamic environment is a crucial challenge. Another concern in VANET is preservation of privacy of user/vehicle. Recently, Chuang and Lee proposed a trust‐extended authentication mechanism (TEAM) for vehicle‐to‐vehicle communications in VANETs. TEAM not only satisfies various security features but also enhances the performance of the authentication process using transitive trust relationship among vehicles. Nonetheless, our analysis shows that TEAM is vulnerable to insider attack, privacy breach, impersonation attacks and some other problems. In this paper, to eradicate the vulnerabilities found in Chuang‐Lee's scheme, an enhanced trust‐extended authentication scheme for VANET is proposed. We display the efficiency of our scheme through security analysis and comparison. Through simulation results using widely accepted NS‐2 simulator, we show that our scheme authenticates vehicles faster than Chuang‐Lee's scheme. Copyright © 2016 John Wiley & Sons, Ltd.

@inproceedings{bib_A_Se_2016, AUTHOR = {REDDY, ALAVALAPATI GOUTHAM and Das, Ashok Kumar and YOON, EUN-JUN and YOO, KEE-YOUNG }, TITLE = {A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography}, BOOKTITLE = {IEEE Access}. YEAR = {2016}}

Mobile user authentication is an essential topic to consider in the current communications technology due to greater deployment of handheld devices and advanced technologies. Memon et al. recently proposed an efficient and secure two-factor authentication protocol for location-based services using asymmetric key cryptography. Unlike their claims, the vigilant analysis of this paper substantiates that Memon et al.'s protocol has quite a few limitations such as vulnerability to key compromised impersonation attack, insecure password changing phase, imperfect mutual authentication, and vulnerability to insider attack. Furthermore, this paper proposes an enhanced secure authentication protocol for roaming services on elliptic curve cryptography. The proposed protocol is also a two-factor authentication protocol and is suitable for practical applications due to the composition of light-weight operations. The proposed protocol's formal security is verified using Automated Validation of Internet Security Protocols and Applications tool to certify that the proposed protocol is free from security threats. The informal and formal security analyses along with the performance analysis sections determine that the proposed protocol performs better than Memon et al.'s protocol and other related protocols in terms of security and efficiency.

@inproceedings{bib_Secu_2016, AUTHOR = {Chatterjee, Santanu and Roy, Sandip and Das, Ashok Kumar and Chattopadhyay, Samiran and Kumar, Neeraj and Vasilakos, Athanasios V. }, TITLE = {Secure Biometric-Based Authentication Scheme using Chebyshev Chaotic Map for Multi-Server Environment}, BOOKTITLE = {IEEE Transactions on Dependable and Secure Computing}. YEAR = {2016}}

—Multi-server environment is the most common scenario for a large number of enterprise class applications. In this environment, user registration at each server is not recommended. Using multi-server authentication architecture, user can manage authentication to various servers using single identity and password. We introduce a new authentication scheme for multi-server environments using Chebyshev chaotic map. In our scheme, we use the Chebyshev chaotic map and biometric verification along with password verification for authorization and access to various application servers. The proposed scheme is light-weight compared to other related schemes. We only use the Chebyshev chaotic map, cryptographic hash function and symmetric key encryptiondecryption in the proposed scheme. Our scheme provides strong authentication, and also supports biometrics & password change phase by a legitimate user at any time locally, and dynamic server addition phase. We perform the formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to show that the presented scheme is secure. In addition, we use the formal security analysis using the Burrows-Abadi-Needham (BAN) logic along with random oracle models and prove that our scheme is secure against different known attacks. High security and significantly low computation and communication costs make our scheme is very suitable for multi-server environments as compared to other existing related schemes

@inproceedings{bib_An_e_2016, AUTHOR = {Reddy, Alavalapati Goutham and Das, Ashok Kumar and Odelu, Vanga and Yoo, Kee-Young }, TITLE = {An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography}, BOOKTITLE = {Plos One}. YEAR = {2016}}

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols.

@inproceedings{bib_An_e_2016, AUTHOR = {Reddy, Alavalapati Goutham and , Eun-Jun Yoon and Das, Ashok Kumar and Yoo, Kee-Young }, TITLE = {An enhanced anonymous two-factor mutual authentication with key-agreement scheme for session initiation protocol}, BOOKTITLE = {Proceedings of the 9th International Conference on Security of Information and Networks}. YEAR = {2016}}

A two-factor authenticated key-agreement scheme for session initiation protocol emerged as a best remedy to overcome the ascribed limitations of the password-based authentication scheme. Recently, Lu et al. proposed an anonymous two-factor authenticated key-agreement scheme for SIP using elliptic curve cryptography. They claimed that their scheme is secure against attacks and achieves user anonymity. Conversely, this paper's keen analysis points out several severe security weaknesses of the Lu et al.'s scheme. In addition, this paper puts forward an enhanced anonymous two-factor mutual authenticated key-agreement scheme for session initiation protocol using elliptic curve cryptography. The security analysis and performance analysis sections demonstrates that the proposed scheme is more robust and efficient than Lu et al.'s scheme.

@inproceedings{bib_A_Us_2016, AUTHOR = {Kumari, Saru and Li, Xiong and Wu, Fan and Das, Ashok Kumar and Odelu, Vanga and Khan, Muhammad Khurram }, TITLE = {A User Anonymous Mutual Authentication Protocol.}, BOOKTITLE = {Transactions on Internet and Information Systems}. YEAR = {2016}}

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author’s claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server’s reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.’s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

@inproceedings{bib_A_us_2016, AUTHOR = {Kumari, Saru and Li, Xiong and Wu, Fan and Das, Ashok Kumar and Arshad, Hamed and Khan, Muhammad Khurram }, TITLE = {A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps}, BOOKTITLE = {Future Generation Computer Systems}. YEAR = {2016}}

Spread of wireless network technology has opened new doors to utilize sensor technology in various areas via Wireless Sensor Networks (WSNs). Many authentication protocols for among the service seeker users, sensing component sensor nodes (SNs) and the service provider base-station or gateway node (GWN) are available to realize services from WSNs efficiently and without any fear of deceit. Recently, Li et al. and He et al. independently proposed mutual authentication and key agreement schemes for WSNs. We find that both the schemes achieve mutual authentication, establish session key and resist many known attacks but still have security weaknesses. We show the applicability of stolen verifier, user impersonation, password guessing and smart card loss attacks on Li et al.’s scheme. Although their scheme employs the feature of dynamic identity, an attacker can reveal and guess the identity of a registered user. We demonstrate the susceptibility of He et al.’s scheme to password guessing attack. In both the schemes, the security of the session key established between user and SNs is imperfect due to lack of forward secrecy and session-specific temporary information leakage attack. In addition both the schemes impose extra computational load on resource scanty sensor-nodes and are not user friendly due to absence of user anonymity and lack of password change facility. To handle these drawbacks, we design a mutual authentication and key agreement scheme for WSN using chaotic maps. To the best of our knowledge, we are the first to propose an authentication scheme for WSN based on chaotic maps. We show the superiority of the proposed scheme over its predecessor schemes by means of detailed security analysis and comparative evaluation. We also formally analyze our scheme using BAN logic.

@inproceedings{bib_Secu_2016, AUTHOR = {Ibrahim, Maged Hamada and , Saru Kumari and Das, Ashok Kumar and WAZID, MOHAMMAD and Odelu, Vanga }, TITLE = {Secure anonymous mutual authentication for star two-tier wireless body area networks}, BOOKTITLE = {Computer Methods and Programs in Biomedicine}. YEAR = {2016}}

Background and objectives: Mutual authentication is a very important service that must be established between sensor nodes in wireless body area network (WBAN) to ensure the originality and integrity of the patient’s data sent by sensors distributed on different parts of the body. However, mutual authentication service is not enough. An adversary can benefit from monitoring the traffic and knowing which sensor is in transmission of patient’s data. Observing the traffic (even without disclosing the context) and knowing its origin, it can reveal to the adversary information about the patient’s medical conditions. Therefore, anonymity of the communicating sensors is an important service as well. Few works have been conducted in the area of mutual authentication among sensor nodes in WBAN. However, none of them has considered anonymity among body sensor nodes. Up to our knowledge, our protocol is the first attempt to consider this service in a two-tier WBAN. We propose a new secure protocol to realize anonymous mutual authentication and confidential transmission for star two-tier WBAN topology. Methods: The proposed protocol uses simple cryptographic primitives. We prove the security of the proposed protocol using the widely-accepted Burrows-Abadi-Needham (BAN) logic, and also through rigorous informal security analysis. In addition, to demonstrate the practicality of our protocol, we evaluate it using NS-2 simulator. Results: BAN logic and informal security analysis prove that our proposed protocol achieves the necessary security requirements and goals of an authentication service. The simulation results show the impact on the various network parameters, such as end-to-end delay and throughput. The nodes in the network require to store few hundred bits. Nodes require to perform very few hash invocations, which are computationally very efficient. The communication cost of the proposed protocol is few hundred bits in one round of communication. Due to the low computation cost, the energy consumed by the nodes is also low.

@inproceedings{bib_Secu_2016, AUTHOR = {SUTRALA, ANIL KUMAR and Das, Ashok Kumar and Odelu, Vanga and WAZID, MOHAMMAD and Kumari, Saru }, TITLE = {Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems}, BOOKTITLE = {Computer Methods and Programs in Biomedicine}. YEAR = {2016}}

Background and objectives Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Methods Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin–Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin–Biswas's scheme and also preserves user anonymity property. Results The careful formal security analysis using the two widely accepted Burrows–Abadi–Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin–Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. Conclusions We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin–Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications.

@inproceedings{bib_Anal_2016, AUTHOR = {WAZID, MOHAMMAD and Zeadally, · Sherali and Das, Ashok Kumar and Odelu, Vanga }, TITLE = {Analysis of Security Protocols for Mobile Healthcare}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2016}}

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient’s health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

@inproceedings{bib_An_a_2016, AUTHOR = {Mishra, Dheerendra and Das, Ashok Kumar and Mukhopadhyay, Sourav }, TITLE = {An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

In [1] the authorship was originally shown as “Ashok Kumar Das, Dheerendra Mishra and Sourav Mukhopadhyay”. This has now been corrected to “Dheerendra Mishra, Ashok Kumar Das and Sourav Mukhopadhyay”. We apologize for any inconvenience caused … 1. Mishra D, Das AK, Mukhopadhyay S. An anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Security and Communica- tions Networks2015;8:3383–3404 . doi:10.1002/sec.1266." … SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:3762 … Published online 18 August 2016 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1604

@inproceedings{bib_Desi_2016, AUTHOR = {WAZID, MOHAMMAD and Das, Ashok Kumar and Kumari, Saru and Khan, Muhammad Khurram }, TITLE = {Design of sinkhole node detection mechanism for hierarchical wireless sensor networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Wireless sensor networks (WSNs) have several applications ranging from the civilian to military applications. WSNs are prone to various hole attacks, such as sinkhole, wormhole, blackhole, and greyhole. Among these hole attacks, the sinkhole attack is the malignant one. A sinkhole attack allows a malicious node, called the sinkhole node, advertises a best possible path to the base station (BS). This misguides its neighbors to utilize that path more frequently. The sinkhole node has the opportunity to tamper with the data, and it also performs the modifications in messages or it drops messages or it produces unnecessary delay before forwarding them to the BS. On the basis of these malicious acts that are performed by a sinkhole attacker node, we consider three types of malicious nodes in a WSN: sinkhole message modification node (SMD), sinkhole message dropping node (SDP), and sinkhole message delay node (SDL). None of the existing techniques in the literature is capable to handle all three types of nodes at a time. This paper presents a new detection scheme for the detection of different types of sinkhole nodes for a hierarchical wireless sensor network (HWSN). To the best of our knowledge, this is the first attempt to design such a detection scheme in HWSNs which can detect SMD, SDP, and SDL nodes. In our approach, the entire HWSN is divided into several disjoint clusters, and each cluster has a powerful high-end sensor node (called a cluster head), which is responsible for the detection of different sinkhole attacker nodes if present in that cluster. We simulate our scheme using the widely-accepted NS2 simulator for measurement of various network parameters. The proposed scheme achieves around 95% detection rate and 1.25% false positive rate. These factors are significantly better than the previous related schemes. Furthermore, the computation and communication efficiency is achieved in our scheme. As a result, our scheme seems suitable for the sensitive critical applications, such as military applications.

@inproceedings{bib_Prov_2016, AUTHOR = {C.SRAVANI, and Das, Ashok Kumar and Kumar, Saru and Odelu, Vanga and Wu, Fan and Li, Xiong }, TITLE = {Provably secure three‐factor authentication and key agreement scheme for session initiation protocol}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Session initiation protocol (SIP) is a widely used authentication protocol for the Voice over IP communications. Over the years, several protocols have been proposed in the literature to strengthen the security of SIP. In this paper, we present an efficient elliptic curve cryptography (ECC)‐based provably secure three‐factor authentication and session key agreement scheme for SIP, which uses the identity, password, and personal biometrics of a user as three factors. Our scheme aims to resolve the security weaknesses and drawbacks in existing SIP authentication protocols. In addition, our scheme supports password and biometric update phase without involving the server and the user mobile device revocation phase in case the mobile device is lost/stolen. Formal security analysis under the standard model and the broadly accepted Burrows–Abadi–Needham logic ensures that the proposed scheme can withstand several known security attacks. The proposed scheme has also been analyzed informally. Simulation for formal security verification using the widely known automated validation of internet security protocols and applications tool shows the replay, and the man‐in‐the‐middle attacks are protected by the scheme. High security and low communication and computation costs make the proposed scheme more suitable for practical application as compared with other existing related ECC‐based schemes. Copyright © 2016 John Wiley & Sons, Ltd

@inproceedings{bib_Jamm_2016, AUTHOR = {Ibrahim, Maged Hamada and Kumari, Saru and Das, Ashok Kumar and Odelu, Vanga }, TITLE = {Jamming resistant non‐interactive anonymous and unlinkable authentication scheme for mobile satellite networks}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2016}}

Most of the previously proposed schemes use temporary identities for mobile users to provide unlinkable anonymous authentication for mobile users to the satellite network control center (NCC), where the temporary identities are picked at random after each session and agreed between a mobile user U and the NCC for the next session. Although such schemes provide full anonymity and are computationally efficient, the common problem with such strategies is that an adversary is able to desynchronize the temporary identity shared between U and NCC by means of simple jamming attack at a certain round in the authentication protocol. It results in the denial of all future sessions unless U re‐registers a new identity at the NCC. In this paper, we propose a new authentication scheme for mobile satellite networks. We avoid using synchronized temporary identities, which are always vulnerable to desynchronization attacks. We also avoid multi‐round authentication phase in order to reduce the jamming effect. Instead, a mobile user is able to create a new blinded version of his clear identity for each established session noninteractively, allowing him to anonymously authenticate himself to NCC in a fully unlinkable fashion. Moreover, in few milliseconds and one move non‐interactive way, U is able to establish a session key with NCC in a fully anonymous and authenticated way. Our new scheme uses recent advances in elliptic curve cryptography, and hence, it is efficient for implementation on mobile devices with limited resources. Through the rigorous security analysis using the broadly accepted Burrows–Abadi–Needham logic, informal security analysis, and the simulation for formal security verification using the widely known automated validation of Internet security protocols and sapplications tool, we show that our scheme is secure against various known attacks. Copyright © 2017 John Wiley & Sons, Ltd.

@inproceedings{bib_A_Se_2015, AUTHOR = {Das, Ashok Kumar and Odelu, Vanga and Goswami, Adrijit }, TITLE = {A Secure and Robust User Authenticated Key AgreementScheme for Hierarchical Multi-medical Server Environmentin TMIS}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas’s scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

@inproceedings{bib_A_Se_2015, AUTHOR = {Das, Ashok Kumar }, TITLE = {A Secure User Anonymity-Preserving Three-FactorRemote User Authentication Scheme for the TelecareMedicine Information Systems}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan’s scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan’s scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan’s scheme and then presented an improvement on Tan’s s scheme. However, we show that Arshad and Nikooghadam’s scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan’s scheme, and Arshad and Nikooghadam’s scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan’s scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan’s scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan’s scheme and then presented an improvement on Tan’s s scheme. However, we show that Arshad and Nikooghadam’s scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan’s scheme, and Arshad and Nikooghadam’s scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

@inproceedings{bib_A_ro_2015, AUTHOR = {Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A robust anonymous biometric-based remote user authentication scheme using smart cards}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2015}}

Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i) flaw in user’s biometric verification during the login phase, (ii) flaw in user’s password verification during the login and authentication phases, and (iii) flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.

@inproceedings{bib_A_Se_2015, AUTHOR = {Das, Ashok Kumar }, TITLE = {A Secure and Robust Password-Based Remote User Authentication Scheme using Smart Cards for the Integrated EPR Information System}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2015}}

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients’ information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients’ health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen’s scheme has the same security drawbacks as in Lee at al.’s scheme. In order to remedy these security weaknesses found in Lee et al.’s scheme and Wen’s scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.’s scheme and Wen’s scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

@inproceedings{bib_An_e_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2015}}

The authentication protocols are trusted components in a communication system in order to protect sensitive information against a malicious adversary in the client-server environment by means of providing a variety of services including users' privacy and authentication. In the cryptographic protocols, understanding the security failures is the key for both patching to the existing protocols and designing the future protocols. Recently, in 2014, Wang proposed an improved Elliptic Curve Cryptography (ECC) based anonymous remote authentication scheme using smart card and claimed that the proposed scheme is secure against password guessing attack, smart card lost/stolen verifier attack, and also preserves user anonymity and prevents credential leakage. However, in this paper, we show that Wang's scheme fails to preserve the user anonymity and does not prevent the off-line password guessing attack, credential leakage and smart card lost/stolen verifier attack. In order to withstand those security pitfalls found in Wang's scheme, we aim to propose a new secure privacy-preserving ECC-based client authentication with key agreement protocol using smart card. Through the formal and informal security analysis we show that our scheme is secure against possible known attacks including the off-line password guessing attack, credential leakage attack and smart card lost/stolen verifier attack. Our scheme also preserves the user anonymity property. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low computational and communication costs. As a result, our scheme is practically suitable for mobile devices in the client-server environment as compared to other related schemes in the literature.

@inproceedings{bib_DMAM_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2015}}

In real-life applications, ensuring secure transmission of data over public network channels to prevent malicious eavesdropping of the data is an important issue in distributed network environment. There are several potential security risks in protecting data and providing access control over the data. It is a challenging problem to manage dynamically the access rights to the resources and protect them from unauthorized access.Several migration access control mechanisms have been proposed in the literature using hierarchical structure to manage the cryptographic keys to prevent from unauthorized access of resources. However, most of them suffer from some known attacks and they do not efficiently support all required dynamic properties for mobile agent environment. Since, in practical scenarios, from time to time changing of decryption key of a confidential file provides maximum security for the system, it affects significantly the performance of the key management mechanism. In this paper, we propose a novel dynamic migration access control mechanism for the mobile agents (DMAMA) in a distributed network environment using symmetric-key cryptosystem. Further, we provide an elliptic curve cryptography based signature (El-Gamal type) on the decryption key assigned to the confidential file to avoid unauthorized modifications by an attacker. Moreover, DMAMA provides an efficient solution to the dynamic property such as changing decryption key of a confidential file, whereas other schemes do not provide. In addition, DMAMA is efficient in computation and storage overheads as compared to the other related existing schemes. Through the informal and formal security analysis, we show that DMAMA is secure against possible known attacks including man-in-the-middle attack as well as DMAMA provides backward secrecy to the decryption key of a confidential file when adding a new node or creating a new relationship in the existing hierarchy. As a result, higher security, low computational and storage overheads along with efficient access control properties make DMAMA more suitable for practical applications compared to the other related schemes.

@inproceedings{bib_A_Se_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A Secure and Scalable Group Access Control Scheme for Wireless Sensor Networks}, BOOKTITLE = {Wireless Personal Communications}. YEAR = {2015}}

Recently, in 2013, Wu et al. proposed an efficient adaptable and scalable group access control scheme (GAC) for managing wireless sensor networks and they claimed that their proposed GAC approach provides the forward secrecy and backward secrecy, and it also prevents the man-in-the-middle attack. However, in this paper, we revisit Wu et al.’s scheme and show that Wu et al.’s scheme fails to provide the forward and backward secrecy to the group access key (GAK), and also their scheme does not prevent the man-inthe-middle attack and it does not provide the mutual authentication between a node and the task manager. Moreover, in Wu et al.’s scheme, all the past GAKs used by a node can be revealed to an adversary when that node is compromised. We then aim to propose a novel group access control mechanism to withstand the security weaknesses found in Wu et al.’s scheme while retaining the original merits of their scheme. Through the rigorous informal security analysis and the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic, we show that our scheme is secure against various known attacks including the attacks found in Wu et al.’s scheme. Moreover, in our scheme, the vulnerability of the GAKs used by a node is limited and bounded to the last GAK update protocol interval when that node is compromised by an adversary. Our scheme provides efficient dynamic properties such as joining and leaving of a node from a group along with high security and the required desirable features as compared to Wu et al.’s scheme, and as a result, our scheme is very suitable for the practical applications.

@inproceedings{bib_Key__2015, AUTHOR = {Hazra, Prasun and Giri, Debasis and Das, Ashok Kumar }, TITLE = {Key chain-based key predistribution protocols for securing wireless sensor networks}, BOOKTITLE = {International Conference on Mathematics and Computing}. YEAR = {2015}}

Since the conception of the seminal work proposed by Eschenauer and Gligor in 2002, several key predistribution mechanisms have been proposed in the literature in order to establish symmetric secret keys between any two neighbor sensor nodes in wireless sensor networks (WSNs) for secure communication. However, due to lack of prior deployment knowledge, limited resources of sensor nodes and security threats posed in the unattended environment of WSNs, it is always a challenging task to propose a better secure key predistribution scheme apart from existing schemes. In this paper, we aim to propose two new key predistribution schemes based on hashed key chains, which provide secure communication between the sensor nodes with the desired storage and communication overheads. The proposed schemes provide better tradeoff among security, network connectivity, and overheads as compared to those for other existing schemes.

@inproceedings{bib_A_se_2015, AUTHOR = {Mishra, Dheerendra and Das, Ashok Kumar and Chaturvedi, Ankita and Mukhopadhyay, Sourav }, TITLE = {A secure password-based authentication and key agreement scheme using smart cards}, BOOKTITLE = {Journal of Information Security and Applications}. YEAR = {2015}}

Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et al. designed a robust authentication scheme to erase the weaknesses of Sood et al.'s scheme. In 2013, Jiang et al. showed that Chen et al.'s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented an efficient solution to overcome the shortcoming of Chen et al.'s scheme. We demonstrate that Jiang et al.'s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide user's anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et al.'s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passive attacks.

@inproceedings{bib_An_e_2015, AUTHOR = {Chatterjee, Santanu and Das, Ashok Kumar }, TITLE = {An effective ECC‐based user access control scheme with attribute‐based encryption for wireless sensor networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2015}}

For critical applications, real‐time data access is essential from the nodes inside a wireless sensor network (WSN). Only the authorized users with unique access privilege should access the specific, but not all, sensing information gathered by the cluster heads in a hierarchical WSNs. Access rights for the correct information and resources for different services from the cluster heads to the genuine users can be provided with the help of efficient user access control mechanisms. In this paper, we propose a new user access control scheme with attribute‐based encryption using elliptic curve cryptography in hierarchical WSNs. In attribute‐based encryption, the ciphertexts are labeled with sets of attributes and secret keys of the users that are associated with their own access structures. The authorized users with the relevant set of attributes can able to decrypt the encrypted message coming from the cluster heads. Our scheme provides high security. Moreover, our scheme is efficient as compared with those for other existing user access control schemes. Through both the formal and informal security analysis, we show that our scheme has the ability to tolerate different known attacks required for a user access control designed for WSNs. Furthermore, we simulate our scheme for the formal security verification using the widely‐accepted automated validation of Internet security protocols and applications tool. The simulation results demonstrate that our scheme is secure.

@inproceedings{bib_An_e_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smartcards}, BOOKTITLE = {Security in Communication Networks}. YEAR = {2015}}

In communication systems, authentication protocols play an important role in protecting sensitive information against a malicious adversary by means of providing a variety of services such as mutual authentication, user credentials' privacy, and user revocation facility when the smart card of the user is lost/stolen or user's authentication parameters are revealed. Recently, several three‐party authentication with key agreement (3PAKA) schemes are proposed in the literature, but most of them do not provide the basic security requirements such as user anonymity as well as user revocation and re‐registration with the same identity. Thus, we feel that there is a great need to design a secure 3PAKA scheme with these security properties. In this paper, we propose a new secure biometric‐based privacy‐preserving 3PAKA scheme using the elliptic curve cryptography with efficient mechanism for the user revocation and re‐registration with the same identity. The formal security analysis using the widely accepted Burrows–Abadi–Needham logic shows that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results show that our scheme is secure against passive and active attacks. Furthermore, our scheme is efficient as compared with other related schemes. Our scheme provides high security along with low computation and communication costs, and extra features as compared with other related existing schemes in the literature, and as a result, our scheme is suitable for battery‐limited mobile devices.

@inproceedings{bib_An_E_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {An Efficient CP-ABE with Constant Size Secret Keys using ECC for Lightweight Devices.}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2015}}

The energy cost of asymmetric cryptography is a vital component of modern secure communications, which inhibits its wide spread adoption within the ultra-low energy regimes such as Implantable Medical Devices (IMDs) and Radio Frequency Identification (RFID) tags. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic tool, where an encryptor can decide the access policy that who can decrypt the data. Thus, the data will be protected from the unauthorized users. However, most of the existing CP-ABE schemes require huge storage and computational overheads. Moreover, CP-ABE schemes based on bilinear map loose the high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra-low energy devices in practice. In this paper, we aim to propose a novel expressive AND-gate access structured CP-ABE scheme with constant-size secret keys (CSSK) with the cost efficient solutions for the encryption and decryption using ECC, called the CP-ABE-CSSK scheme. In the proposed CP-ABE-CSSK, the size of secret key is as small as 320 bits. In addition, ECC is efficient and more suitable for the lightweight devices as compared to the bilinear pairing based cryptosystem. Thus, the proposed CP-ABE-CSSK scheme provides the low computation and storage overheads with an expressive AND-gate access structure as compared to the related existing schemes in the literature. As a result, our scheme is very suitable for CP-ABE key storage and computation cost in the ultra-low energy devices.

@inproceedings{bib_A_no_2015, AUTHOR = {Islam, SK Hafizul and Das, Ashok Kumar and Khan, Muhammad Khurram }, TITLE = {A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor}, BOOKTITLE = {International Journal of Ad Hoc and Ubiquitous Computing}. YEAR = {2015}}

In this paper, we devise a new and efficient biometric-based password authentication scheme (BIO-PWA) for the client-server environment. Our scheme uses the elliptic curve cryptography (ECC) along with the fuzzy extractor. Through the rigorous security analysis, we show that our scheme is secure against various known attacks. We further show that our scheme is secure in the generic group model through the formal security analysis. In addition, the formal security verification of our scheme using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool is performed against active and passive adversaries and the simulation results clearly demonstrate that our scheme is secure against active and passive attacks, including the replay and man-in-the-middle attacks. Finally, we show that our scheme is also efficient in computation against the existing related ECC-based authentication schemes for the client-server environment.

@inproceedings{bib_Sing_2015, AUTHOR = {Kumari, Saru and Wu, Fan and Li, Xiong and Farash, Mohammad Sabzinejad and Jiang, Qi and Khan, Muhammad Khurram and Das, Ashok Kumar }, TITLE = {Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card}, BOOKTITLE = {Journal on Multimedia Tools Applications}. YEAR = {2015}}

In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP applications including VoIP, the topic of Session Initiation Protocol (SIP) has attracted major concern from researchers. SIP is an advanced signaling protocol operating on Internet Telephony. SIP uses digest authentication protocols such as Simple Mail Transport Protocol (SMTP) and HyperText Transport Protocol (HTTP). When a user seeks SIP services, authentication plays an important role in providing secure access to the server only to the authorized access seekers. Being an insecure-channel-based protocol, a SIP authentication protocol is susceptible to adversarial threats. Therefore, security is a big concern in SIP authentication mechanisms. This paper reveals the security vulnerabilities of two recently proposed SIP authentication schemes for VoIP, Irshad et al.’s scheme [Multimed. Tools. Appl. doi:10.1007/s11042-013- 1807-z] and Arshad and Nikooghadam’s scheme [Multimed. Tools. Appl. DOI 10.1007/ s11042-014-2282-x], the later scheme is based on the former scheme. Irshad et al.’s scheme suffers from password guessing, user impersonation and server spoofing attacks. Arshad and Nikooghadam’s scheme can be threatened with server spoofing and stolen verifier attack. None of these two schemes achieve mutual authentication. It also fails to follow the single round-trip authentication design of Irshad et al.’s scheme. To overcome these weaknesses, we propose a provable secure single round-trip SIP authentication scheme for VoIP using smart card. We formally prove the security of the scheme in random oracle and demonstrate through discussion its resistance to various attacks. The comparative analysis shows that the proposed SIP authentication scheme offers superior performance with a little extra computational cost.

@inproceedings{bib_A_se_2015, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A secure biometrics-based multi-server authentication protocol using smart cards}, BOOKTITLE = {IEEE Transactions on Information Forensics and Security}. YEAR = {2015}}

Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's authentication parameter is revealed. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multi-server authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the Burrows-Abadi-Needham logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted and used automated validation of Internet security protocols and applications tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared with He-Wang's scheme.

@inproceedings{bib_An_e_2015, AUTHOR = {Sahoo, Jayakrushna and Das, Ashok Kumar and GOSWAMI, ADITI }, TITLE = {An efficient approach for mining association rules from high utility itemsets}, BOOKTITLE = {Expert Systems with Applications}. YEAR = {2015}}

Traditional association rule mining based on the support–confidence framework provides the objective measure of the rules that are of interest to users. However, it does not reflect the semantic measure among the items. The semantic measure of an itemset is characterized with utility values that are typically associated with transaction items, where a user will be interested to an itemset only if it satisfies a given utility constraint. In this paper, we first define the problem of finding association rules using utility-confidence framework, which is a generalization of the amount-confidence measure. Using this semantic concept of rules, we then propose a compressed representation for association rules having minimal antecedent and maximal consequent. This representation is generated with the help of high utility closed itemsets (HUCI) and their generators. We propose the algorithms to generate the utility based non-redundant association rules and methods for reconstructing all association rules. Furthermore, we describe the algorithms which generate high utility itemsets (HUI) and high utility closed itemsets with their generators. These proposed algorithms are implemented using both synthetic and real datasets. The results demonstrate better efficiency and effectiveness of the proposed HUCI-Miner algorithm compared to other well-known existing algorithms. In addition, the experimental results show better quality in the compressed representation of the entire rule set under the considered framework.

@inproceedings{bib_An_e_2014, AUTHOR = {Sahoo, Jayakrushna and Das, Ashok Kumar and Goswami, A. }, TITLE = {An effective association rule mining scheme using a new generic basis}, BOOKTITLE = {Knowledge and Information Systems}. YEAR = {2014}}

Association rule mining among itemsets is a fundamental task and is of great importance in many data mining applications including attacks in network data, stock market, financial applications, bioinformatics to find genetic disorders, etc. However, association rule extraction from a reasonable-sized database produces a large number of rules. As a result, many of them are redundant to other rules, and they are practically useless. To overcome this issue, methods for mining non-redundant rules are essentially required. To address such problem, we initially propose a definition for redundancy in sense of minimal knowledge and then a compact representation of non-redundant association rules which we call as compact informative generic basis. We also provide an improved version of the existing DCI_CLOSED algorithm (DCI_PLUS) to find out the frequent closed itemsets (FCI) with their minimal representative generators in combination with BitTable which represents a compact database form in a single scan of the original database. We further introduce an algorithm for constructing the compact informative generic basis from the FCI and their generators in an efficient way. We finally present an inference mechanism in which all association rules can be generated without accessing the database. Experiments are performed on the proposed method. The experimental results show that the proposed method outperforms the other existing related methods.

@inproceedings{bib_An_E_2014, AUTHOR = {Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce using Chaotic Hash Function}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2014}}

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava’s scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava’s scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava’s scheme.

@inproceedings{bib_A_se_2014, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2014}}

With the rapid growth of the Internet, a lot of electronic patient records (EPRs) have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE). However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

@inproceedings{bib_A_se_2014, AUTHOR = {Mishra, Dheerendra and Das, Ashok Kumar and Mukhopadhyay, Sourav }, TITLE = {A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards}, BOOKTITLE = {Expert Systems with Applications}. YEAR = {2014}}

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.

@inproceedings{bib_A_se_2014, AUTHOR = {, Vanga Odelu and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks}, BOOKTITLE = {Security and Communication Networks}. YEAR = {2014}}

A user authentication in the distributed computer networks (DCNs) plays a crucial rule to verify whether the user is a legal user and can therefore be granted access to the requested services to that user. In recent years, several RSA‐based single sign‐on mechanisms have been proposed in DCNs. However, most of them cannot preserve the user anonymity when possible attacks occur. The user devices are usually battery limited (e.g., cellular phones) and the elliptic‐curve cryptosystem is much efficient than RSA cryptosystem for the battery‐limited devices. In this paper, we aim to propose a new secure elliptic‐curve cryptosystem‐based single sign‐on mechanism for user authentication and key establishment for the secure communications in a DCNs using biometric‐based smart card. In our scheme, a user only needs to remember a private password and his or her selected unique identity to authenticate and agree on a high‐entropy cryptographic one‐time session key with a provider to communicate over untrusted public networks. Through formal and informal security analysis, we show that our scheme prevents other known possible attacks. In addition, we perform simulation on our scheme for the formal security verification using the widely‐accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results ensure that our scheme is secure against replay and man‐in‐the‐middle attacks. Furthermore, our scheme provides high security along with lower computational cost and communication cost, and as a result, our scheme is much suitable for the battery‐limited devices as compared to other related RSA‐based schemes.

@inproceedings{bib_Cryp_2014, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {Cryptanalysis on ‘Robust Biometrics-Based Authentication Scheme for Multi-server Environment’}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2014}}

Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials’ privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang’s scheme and show that He-Wang’s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user’s anonymity. Furthermore, He-Wang’s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang’s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.

@inproceedings{bib_On_t_2014, AUTHOR = {Das, Ashok Kumar }, TITLE = {On the Security of ‘An Efficient Biometric Authentication Protocol for Wireless Sensor Networks’}, BOOKTITLE = {IACR Cryptology ePrint Archive}. YEAR = {2014}}

In 2013, Althobaiti et al. proposed an efficient biometricbased user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack,(2) it is insecure against impersonation attack and (3) it is insecure against man-in-the-middle attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.

@inproceedings{bib_A_ro_2014, AUTHOR = {Das, Ashok Kumar and Odelu, Vanga and Goswami, Adrijit }, TITLE = {A robust and effective smart card-based remote user authentication mechanism using hash function}, BOOKTITLE = {e Scientific World Journal}. YEAR = {2014}}

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

@inproceedings{bib_A_se_2014, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A secure effective key management scheme for dynamic access control in a large leaf class hierarchy}, BOOKTITLE = {Information Sciences}. YEAR = {2014}}

Lo et al. (2011) proposed an efficient key assignment scheme for access control in a large leaf class hierarchy where the alternations in leaf classes are more frequent than in non-leaf classes in the hierarchy. Their scheme is based on the public-key cryptosystem and hash function where operations like modular exponentiations are very much costly compared to symmetric-key encryptions and decryptions, and hash computations. Their scheme performs better than the previously proposed schemes. However, in this paper, we show that Lo et al.’s scheme fails to preserve the forward security property where a security class can also derive the secret keys of its successor classes ’s even after deleting the security class from the hierarchy. We aim to propose a new key management scheme for dynamic access control in a large leaf class hierarchy, which makes use of symmetric-key cryptosystem and one-way hash function. We show that our scheme requires significantly less storage and computational overheads as compared to Lo et al.’s scheme and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against all possible attacks including the forward security. In addition, our scheme supports efficiently dynamic access control problems compared to Lo et al.’s scheme and other related schemes. Thus, higher security along with low storage and computational costs make our scheme more suitable for practical applications compared to other schemes.

@inproceedings{bib_A_no_2014, AUTHOR = {Chatterjee, Santanu and Das, Ashok Kumar and Sing, Jamuna Kanta }, TITLE = {A novel and efficient user access control scheme for wireless body area sensor networks}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2014}}

Wireless body area networks (WBANs) can be applied to provide healthcare and patient monitoring. However, patient privacy can be vulnerable in a WBAN unless security is considered. Access to authorized users for the correct information and resources for different services can be provided with the help of efficient user access control mechanisms. This paper proposes a new user access control scheme for a WBAN. The proposed scheme makes use of a group-based user access ID, an access privilege mask, and a password. An elliptic curve cryptography-based public key cryptosystem is used to ensure that a particular legitimate user can only access the information for which he/she is authorized. We show that our scheme performs better than previously existing user access control schemes. Through a security analysis, we show that our scheme is secure against possible known attacks. Furthermore, through a formal security verification using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is also secure against passive and active attacks.

@inproceedings{bib_An_A_2014, AUTHOR = {Sahoo, Jayakrushna and Das, Ashok Kumar and Goswami, A. }, TITLE = {An Algorithm for Mining High Utility Closed Itemsets and Generators}, BOOKTITLE = {Technical Report}. YEAR = {2014}}

Traditional association rule mining based on the support-confidence framework provides the objective measure of the rules that are of interest to users. However, it does not reflect the utility of the rules. To extract non-redundant association rules in support-confidence framework frequent closed itemsets and their generators play an important role. To extract non-redundant association rules among high utility itemsets, high utility closed itemsets (HUCI) and their generators should be extracted in order to apply traditional support-confidence framework. However, no efficient method exists at present for mining HUCIs with their generators. This paper addresses this issue. A postprocessing algorithm, called the HUCI-Miner, is proposed to mine HUCIs with their generators. The proposed algorithm is implemented using both synthetic and real datasets.

@inproceedings{bib_A_no_2013, AUTHOR = {Das, Ashok Kumar and SUNIL, MASSAND ASHISH and PATIL, SAGAR P }, TITLE = {A novel proxy signature scheme based on user hierarchical access control policy}, BOOKTITLE = {Journal of King Saud University - Computer and Information Sciences}. YEAR = {2013}}

In this paper, we propose a new security protocol for proxy signature by a hierarchy of proxy signers. In this protocol, the original signer delegates his/her signing capability to a predefined hierarchy of proxy signers. Given the documents of a security class to be signed by the original signer, our scheme suggests a protocol for the hierarchy of proxy signers to sign the document on behalf of the original signer. The concept of hierarchical access control limits the number of people who could sign the document to the people who have the required security clearances. User in a security class requires two secret keys: one which identifies his/her security clearance, and that can also be derived by a user of upper level security clearance and second is his/her private key which identifies him/her as a proxy signer for the signature generation. We show that our scheme is efficient in terms of computational complexity as compared to the existing related proxy signature schemes based on the hierarchical access control. Our scheme also supports addition and deletion of security classes in the hierarchy. We show through security analysis that our scheme is secure against possible attacks. Furthermore, through the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our scheme is also secure against passive and active attacks.

@inproceedings{bib_An_I_2013, AUTHOR = {Das, Ashok Kumar and Bruhadeshwar, · Bezawada }, TITLE = {An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu’s scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu’s scheme. We show that our scheme is efficient as compared to Lee-Liu’s scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

@inproceedings{bib_LHSC_2013, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {LHSC: an effective dynamic key management scheme for linear hierarchical access control}, BOOKTITLE = {International Conference on Communication Systems & Networks}. YEAR = {2013}}

Several key management schemes for access control in a user hierarchy have been proposed in the recent years. However, most of them have dealt with key management issues for tree structured hierarchies, which result overheads when they are applied to the linear hierarchies. Linear hierarchy comprises a particularly interesting type of hierarchies, and it appears in a wide range of applications such as secure communications within security corporations and multi-layered data streaming. In this paper, we propose an effective key management scheme for linear hierarchies. Compared to the recently proposed Hassen et al.'s scheme, our scheme reduces the storage overhead of each class significantly. Further, use of symmetric-key cryptosystem (Advanced Encryption Standard algorithm) makes the key sizes for security classes to reduce in our scheme. In addition, our scheme is secure against possible attacks required for a linear hierarchy access control scheme. Security along with low storage and computational overheads make our scheme to be much suitable for practical applications for linear hierarchies.

@inproceedings{bib_Anal_2013, AUTHOR = {Chatterjee, Santanu and Das, Ashok Kumar and Sing, Jamuna Kanta }, TITLE = {Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey.}, BOOKTITLE = {Journal of Information Assurance & Security}. YEAR = {2013}}

In an access control scheme, a deployed sensor node proves its identity to its neighbor nodes through authentication and also proves that it has the proper right to access the sensor network. After successful authentication, the shared secret keys should be established between a deployed sensor node and its neighbor nodes to protect communications. In a wireless sensor network, we often require deployment of new nodes to extend the lifetime of the network because sensor network may be lost due to power exhaustion problem or malicious nodes. In order to protect malicious nodes from joining the sensor network, access control mechanism becomes a major challenge in the design of sensor network protocols due to resource limitations of sensor nodes. Until now, there have been ample of access control schemes published in the literature, and each published scheme has its own merits and demerits. In this paper, we have identified all the functionality features and security requirements which must be satisfied for an ideal access control scheme. We have presented and discussed the recently proposed access control schemes available so far in the literature and their cryptanalysis. We have critically analyzed the storage, communication, computational overheads requirement, functionality and security analysis of the existing schemes. Further, we have performed formal security analysis of existing schemes using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. All the schemes are vulnerable to different attacks except the Zhou et al.’s scheme and the Chatterjee et al.’s scheme. However he Zhou et al.’s scheme requires high storage, communication and computational costs. Hence, we feel that there is a strong need to design an ideal efficient access control scheme in future, which should meet all the security requirements and achieve all the functionality features.

@inproceedings{bib_A_bi_2013, AUTHOR = {Das, Ashok Kumar and Bruhadeshwar, Bezawada }, TITLE = {A biometric-based user authentication scheme for heterogeneous wireless sensor networks}, BOOKTITLE = {International Conference on Advanced Information Networking and Applications Workshops}. YEAR = {2013}}

In this paper, we propose a new biometric-based user authentication mechanism in heterogeneous wireless sensor networks. The proposed protocol provides strong authentication compared to traditional related password-based schemes and achieves good properties such as works without synchronized clock, freely changes password, low computation costs and mutual authentication. Our scheme establishes a symmetric secret session key shared between the user and a sensor node so that the secret session key can be used later for secure future communications between them. Moreover, the proposed scheme provides unconditional security against node capture attack and it is also resilient against different attacks.

@inproceedings{bib_An_e_2013, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {An effective and secure key-management scheme for hierarchical access control in e-medicine system}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against ‘man-in-the-middle attack’ or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.’s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu–Chen’s scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu–Chen’s scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu–Chen’s scheme, Nikooghadam–Zakerolhosseini’s scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

@inproceedings{bib_A_se_2013, AUTHOR = {Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care}, BOOKTITLE = {Journal of Medical Systems}. YEAR = {2013}}

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user’s personal biometrics along with his/her password with the help of the smart card. The user’s biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.’s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.’s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

@inproceedings{bib_Form_2013, AUTHOR = {Das, Ashok Kumar and Chatterjee, Santanu and Sing, Jamuna Kanta }, TITLE = {Formal security verification of a dynamic password-based user authentication scheme for hierarchical wireless sensor networks}, BOOKTITLE = {International Journal of Trust Management in Computing and Communications}. YEAR = {2013}}

In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user’s password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols nd Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.’s scheme is secure against possible assive and active attacks.

@inproceedings{bib_Impr_2012, AUTHOR = {Das, Ashok Kumar }, TITLE = {Improving Identity-based Random Key Establishment Scheme for Large-Scale Hierarchical Wireless Sensor Networks.}, BOOKTITLE = {International Journal of Network Security}. YEAR = {2012}}

In this paper, we propose a novel identity-based random key pre-distribution scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other existing key predistribution schemes. IBPRF always guarantees that no matter how many sensor nodes are captured, the secret communication between non-compromised sensor nodes are still secure. We then propose an improved version of our scheme in a large-scale hierarchical wireless sensor network. This improved approach has better trade off among network connectivity, security, communication, computational and storage overheads, and scalability than the existing random key pre-distribution schemes. The strength of the proposed IBPRF scheme and its improved approach is establishing pairwise secret keys between neighboring nodes with scantling communication and computational overheads. The improved IBPRF approach further supports a large-scale sensor network for the network connectivity. Through the analysis we show that the improved IBPRF scheme provides better security and lower overheads than other existing schemes.

@inproceedings{bib_A_ra_2012, AUTHOR = {Das, Ashok Kumar }, TITLE = {A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks}, BOOKTITLE = {International Journal of Information Security}. YEAR = {2012}}

Several symmetric-key distribution mechanisms are proposed in the literature, but most of them are not scalable or they are vulnerable to a small number of captured nodes. In this paper, we propose a new dynamic random key establishment mechanism in large-scale distributed sensor networks, which supports deployment of sensor nodes in multiple phases. In the existing random key distribution schemes, nodes do not refresh their own keys, and thus, the keys in their key rings remain static throughout the lifetime of the network. One good property of our dynamic key distribution scheme is that the already deployed nodes in a deployment phase refresh their own keys in key rings before another deployment phase occurs. The strength of the proposed scheme is that it provides high resilience against node capture as compared to that for the other existing random key distribution schemes. Through analysis and simulation results, we show that our scheme achieves better network performances as compared to those for the existing random key distribution schemes. Finally, we propose an extended version of our scheme for practical usefulness to support high network connectivity and resilience against node capture

@inproceedings{bib_A_dy_2012, AUTHOR = {Das, Ashok Kumar and SHARMA, PRANAY and Chatterjee, Santanu and Sing, Jamuna Kanta }, TITLE = {A dynamic password-based user authentication scheme for hierarchical wireless sensor networks}, BOOKTITLE = {Journal on Network and Computer Applications}. YEAR = {2012}}

Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external users (parties) those who are authorized to access data as and when they demand. The user authentication plays a vital role for this purpose. In this paper, we propose a new password-based user authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the user's password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.

@inproceedings{bib_A_no_2012, AUTHOR = {Odelu, Vanga and Das, Ashok Kumar and Goswami, Adrijit }, TITLE = {A novel key management mechanism for dynamic hierarchical access control based on linear polynomials}, BOOKTITLE = {International Conference on Security in Computer Networks and Distributed Systems}. YEAR = {2012}}

Several key management schemes for dynamic access control in a user hierarchy are proposed in the literature based on elliptic curve cryptosystem (ECC) and polynomial interpolation. Since the elliptic curve scalar multiplication and construction of interpolating polynomials are time-consuming operations, most of the proposed schemes require high storage and computational complexity. Further, most of the proposed schemes are vulnerable to different attacks including the man-in-the-middle attacks. In this paper, we propose a novel key management scheme for hierarchical access control based on linear polynomials only. We show that our scheme is secure against different attacks including the man-in-the-middle attack, which are required for an idle access control scheme. Moreover, the computational cost and the storage space are significantly reduced in our scheme while compared to the recently proposed related schemes.

@inproceedings{bib_Cryp_2012, AUTHOR = {Das, Ashok Kumar and Paul, Nayan Ranjan and Tripathy, Laxminath }, TITLE = {Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem}, BOOKTITLE = {Information Sciences}. YEAR = {2012}}

In a key management scheme for hierarchy based access control, each security class having higher clearance can derive the cryptographic secret keys of its other security classes having lower clearances. In 2008, Chung et al. proposed an efficient scheme on access control in user hierarchy based on elliptic curve cryptosystem [Information Sciences 178 (1) (2008) 230–243]. Their scheme provides solution of key management efficiently for dynamic access problems. However, in this paper, we propose an attack on Chung et al.’s scheme to show that Chung et al.’s scheme is insecure against the exterior root finding attack. We show that under this attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class by using the root finding algorithm. In order to remedy this attack, we further propose a simple improvement on Chung et al.’s scheme. Overall, the main theme of this paper is very simple: a security flaw is presented on Chung et al.’s scheme and then a fix is provided in order to remedy the security flaw found in Chung et al.’s scheme.

@inproceedings{bib_A_ke_2011, AUTHOR = {Das, Ashok Kumar }, TITLE = {A key establishment scheme for mobile wireless sensor networks using post-deployment knowledge}, BOOKTITLE = {International Journal of Computer Networks & Communications}. YEAR = {2011}}

Establishment of pairwise keys between sensor nodes in a sensor network is a difficult problem due to resource limitations of sensor nodes as well as vulnerability to physical captures of sensor nodes by the enemy. Public-key cryptosystems are not much suited for most resource-constrained sensor networks. Recently, elliptic curve cryptographic techniques show that public key cryptosystem is also feasible for resource-constrained sensor networks. However, most researchers accept that the symmetric key cryptosystems are viable options for resource-constrained sensor networks. In this paper, we first develop a basic principle to address the key pre-distribution problem in mobile sensor networks. Then, using this developed basic principle, we propose a scheme which takes the advantage of the post-deployment knowledge. Our scheme is a modified version of the key prioritization technique proposed by Liu and Ning. Our improved scheme provides reasonable network connectivity and security. Moreover, the proposed scheme works for any deployment topology.

@inproceedings{bib_Anal_2011, AUTHOR = {Das, Ashok Kumar }, TITLE = {Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards}, BOOKTITLE = {IET Information Security}. YEAR = {2011}}

The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.

PhD Students (15)

MS Students (3)

Dual Degree Students (0)

Honours Students (6)