Abstract

Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the sameuser for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses,including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user’s password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the trade off among the security and functionality features and the communication and computation costs

Abstract

We consider causality respecting (CR) quantum systems interacting with closed timelike curves (CTCs), within the Deutsch model. We introduce the concepts of popping-up and elimination of quantum information and use them to show that no-cloning and no-deleting, which are true in CR quantum systems, are no more valid in the same that are interacting with CTCs. We also find limits on the possibility of creation of entanglement between a CR system and a CTC, and the same between two CR systems in the presence of a CTC. We prove that teleportation of quantum information, even in its approximate version, from a CR region to a CTC is disallowed. Interestingly, we find that tweaking the Deutsch model, by allowing the input and output not to be the same, leads to a nontrivial approximate teleportation beyond the classical limit.

Abstract

The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future

Abstract

In the recent years, vehicular adhoc networks (VANETs) can be an attractive choice for collecting and transferring the healthcare data of the passengers to the remote healthcare centers. In VANETs, some of the intermediate nodes may act as relay nodes in which case, these networks are called as vehicular relay networks (VRNs). However, the transmitted information in VRNs can be captured by intruders during transmission. Moreover, an attacker can launch selective forwarding, blackhole, and sinkhole attacks in the network, which may in turn degrade the network performance parameters like high end-to-end delay, low packet delivery ratio (PDR) and network throughput. Hence, to address these issues, a secure data dissemination scheme using VRNs is proposed. In the proposed scheme, first, a secure vehicular medical relay network system is designed for the users belonging to disconnected rural areas. The collected information is filtered at zonal levels before transmission to a nearby road side units, which further pass it to the incoming vehicles. Second, a secure passenger health monitoring network is designed which continuously monitors health services of the passengers traveling in different vehicles. The information collected through small body sensors installed in the vehicles act as data sets that is forwarded to the on-board monitoring unit within the vehicle. This collected data is then transmitted to centralized healthcare centers for processing by using VRNs. Lastly, a strong elliptic curve cryptography-based cryptographic solution is designed for secure communication among different vehicles. The performance of the proposed scheme is evaluated in various network scenarios with respect to different selected parameters, such as throughput, network delay, PDR, jitter, transmission and computation overheads, and key distribution overhead. The obtained results indicate that the proposed scheme provides improvement of 52% in average delay and 5% in PDR. This further indicates effective message delivery even with high mobility of the vehicles.

Abstract

Due to recent advances in various technologies such as integrated circuit, embedded systems and wireless communications, the wireless body area network (WBAN) becomes a propitious networking paradigm. WBANs play a very important role in modern medical systems as the real-time biomedical data through intelligent medical sensors in or around the patients' body can be collected and sent the data to remote medical personnel for clinical diagnostics. However, wireless nature of communication makes an adversary to intercept or modify the private and secret data collected by the sensors in WBANs. In critical applications of WBANs, there is a great requirement to access directly the sensing information collected by the body sensors by an external user (e.g., a doctor) in order to monitor the health condition of a patient. In order to do so, the user needs to first authenticate with the accessed body sensors, and only after mutual authentication between that user and the body sensors the real-time data can be directly accessed securely by the user. In this paper, we propose a new user authentication and key management scheme for this purpose. The proposed scheme allows mutual authentication between a user and personal server connected to WBAN via the healthcare server situated at the cloud, and once the mutual authentication is successful, both user and personal server are able to establish a secret session key for their future communication. In addition, key management process is provided for establishment of secret keys among the sensors and personal server for their secure communication. The formal security based on broadly-accepted Real-Or-Random (ROR) model and informal security give confidence that the proposed scheme can withstand several known attacks needed for WBAN security. A detailed comparative analysis among the proposed scheme and other schemes shows that the proposed scheme provides better security & functionality features, low computation and comparable communication costs as compared to recently proposed related schemes. Finally, the practical demonstration using the NS2 based simulation is shown for the proposed scheme and also for other schemes.

Abstract

Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.

Abstract

Designing a secure and efficient handover authentication scheme has al-ways been a concern of cellular networks especially in 4G Long Term Evolution(LTE) wireless networks. What makes their handover so complex, is the presence of different types of base stations namely eNodeB (eNB) and Home eNodeB (HeNB).In addition, they cannot directly communicate with each other. Recently, an efficient proxy signature-based handover authentication scheme has been suggested by Qui etal. Despite its better performance and security advantages than previous schemes, itsuffers serious vulnerabilities, namely being prone to DoS attack , eNB imperson-ation attack and lack of perfect forward secrecy. In this paper, we propose an im-proved handover authentication scheme in LTE wireless networks that resists against such attacks. Further, we validate the security of the proposed scheme using Real-Or-Random (ROR) model and ProVerif analysis tool. The results confirm our security claims of the proposed scheme. In addition, the performance analysis shows that compared to other schemes, our proposed scheme is more efficient.

Abstract

Hadoop framework has been evolved to manage big data in cloud. Hadoop distributedfile system and MapReduce, the vital components of this framework, provide scalable and fault-tolerantbig data storage and processing services at a lower cost. However, Hadoop does not provide any robustauthentication mechanism for principals’ authentication. In fact, the existing state-of-the-art authenticationprotocols are vulnerable to various security threats, such as man-in-the-middle, replay, password guessing,stolen-verifier, privileged-insider, identity compromization, impersonation, denial-of-service, online/off-linedictionary, chosen plaintext, workstation compromization, and server-side compromisation attacks. Besidethese threats, the state-of-the-art mechanisms lack to address the server-side data integrity and confidentialityissues. In addition to this, most of the existing authentication protocols follow a single-server-based userauthentication strategy, which, in fact, originates single point of failure and single point of vulnerabilityissues. To address these limitations, in this paper, we propose a fault-tolerant authentication protocol suitablefor the Hadoop framework, which is called the efficient authentication protocol for Hadoop (HEAP). HEAPalleviates the major issues of the existing state-of-the-art authentication mechanisms, namely operating-system-based authentication, password-based approach, and delegated token-based schemes, respectively,which are presently deployed in Hadoop. HEAP follows two-server-based authentication mechanism. HEAPauthenticates the principal based on digital signature generation and verification strategy utilizing bothadvanced encryption standard and elliptic curve cryptography. The security analysis using both the formalsecurity using the broadly accepted real-or-random (ROR) model and the informal (non-mathematical)security shows that HEAP protects several well-known attacks. In addition, the formal security verificationusing the widely used automated validation of Internet security protocols and applications ensures that HEAPis resilient against replay and man-in-the-middle attacks. Finally, the performance study contemplates thatthe overheads incurred in HEAP is reasonable and is also comparable to that of other existing state-of-the-art authentication protocols. High security along with comparable overheads makes HEAP to be robust andpractical for a secure access to the big data storage and processing services.

Abstract

The Internet of Drones (IoD) provides a coordinated access to unmanned aerial vehicles that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely accepted NS2 simulation.

Abstract

The Internet of Things (IoT) is composed of different networked objects (i.e., smart devices) which are interconnected to gather, process, refine, and exchange meaningful data over the Internet. These objects are assigned to their respective IP addresses, and they are able to send and receive data over a network without any human assistance. IoT offers different types of applications, such as, but not limited to, smart traffic monitoring, smart home, smart health care and smart cities, to name a few. In a Cyber-Physical System (CPS), computing elements coordinate and communicate with sensor devices, which monitor cyber and physical indicators, and actuators, and also modify the cyber and physical environment where they run. The synergy of computational as well as physical components, specifically the use of CPSs, led to the advancement of IoT implementations. In a cloud-driven IoT-based big data environment, a cloud-based platform is used to store the data generated by IoT devices (normally by sensor devices) which further can be considered as a big data warehouse. This environment is highly scalable and provides important real-time event processing (for example, in critical scenarios like surveillance and monitoring of an industrial plant). In IoT-based critical applications, the real-time data access is obligatory as and when it is required. Such access is possible if we permit only authorized external users to access the real-time data directly from the IoT sensors. Sometimes authorized user may also request for big data query processing and big data analytics over the data stored in cloud servers to figure out hidden patterns of some phenomena (i.e., chances of fire in an industrial plant in future). Therefore, we need secure authentication schemes for cloud-driven IoT-based big data environment in which a legitimate user and an IoT sensor can mutually authenticate each other and establish a common session key for secure communication. In this context, this paper first discusses the network and threat models of the authentication schemes for cloud-driven IoT-based big data environment. Some security requirements, issues and challenges of this environment are then discussed. A taxonomy of various existing authentication schemes applicable for cloud-driven IoT-based big data environment is also discussed, which covers a comparative study of these schemes. We identify and briefly discuss some future research challenges in designing the authentication schemes and other security protocols for cloud-driven IoT-based big data environment that need to be addressed in the future.