Abstract

In recent years, the research in generic Internet of Things (IoT) attracts a lot of practical applications including smart home, smart city, smart grid, industrial Internet, connected healthcare, smart retail, smart supply chain and smart farming. The hierarchical IoT network (HIoTN) is a special kind of the generic IoT network, which is composed of the different nodes, such as the gateway node, cluster head nodes, and sensing nodes organized in a hierarchy. In HIoTN, there is a need, where a user can directly access the real-time data from the sensing nodes for a particular application in generic IoT networking environment. This paper emphasizes on the design of a new secure lightweight three-factor remote user authentication scheme for HIoTNs, called the user authenticated key management protocol (UAKMP). The three factors used in UAKMP are the user smart card, password, and personal biometrics. The security of the scheme is thoroughly analyzed under the formal security in the widely accepted real-or-random model, the informal security as well as the formal security verification using the widely accepted automated validation of Internet security protocols and applications tool. UAKMP offers several functionality features including offline sensing node registration, freely password and biometric update facility, user anonymity, and sensing node anonymity compared to other related existing schemes. In addition, UAKMP is also comparable in computation and communication costs as compared to other existing schemes.

Abstract

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.

Abstract

Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment during the past decade. Wang et al. recently proposed a biometric-based authentication with key agreement protocol for multi-server environment and claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper shows that Wang et al. protocol's users are sharing personal identifiable information with the application servers during the registration and authentication process. This nature of disclosing credentials leads to severe threats particularly insider attacks, user impersonation attacks, and server impersonation attacks. As a remedy of the aforementioned problems, this paper proposes a novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography. We prove that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows-Abadi-Needham logic. The formal security of the proposed protocol is verified using the widely accepted automated validation of Internet security protocols and applications tool to show that our protocol can withstand active and passive attacks including the replay and man-in-the-middle attacks. The proposed protocol is robust and efficient compared with the existing related protocols.

Abstract

Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertextpolicy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can ‘‘write’’ the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has O(1) timecomplexity for each decryption and encryption. Our scheme is then shown to be secure against a chosenciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.

Abstract

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.

Abstract

Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user’s privacy. A viable solution is user authentication set-up for multi-cloud-server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-server up on registration with a registration authority. Biometrics is a widely used authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based authentication scheme for multi-cloud-server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.

Abstract

A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi-Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.

Abstract

A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anticounterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.

Abstract

One of the fundamental restrictions that quantum mechanics imposes is the “No deletion Theorem” which tells us that given two identical unknown quantum states, it is impossible to delete one of them. But nevertheless if not perfect, people have tried to delete it approximately. In these approximate deleting processes our basic target is to delete one of the two identical copies as much as possible while preserving the other copy. In this brief report, by using the No communication theorem (NCT) (impossibility of sending signal faster than light using a quantum resource) as a guiding principle, we obtain a bound on the sum of the fidelity of deletion and the fidelity of preservation. Our result not only brings out the complementary relation between these two fidelities but also predicts the optimal value of the fidelity of deletion achievable for a given fidelity of preservation under no signaling constraint. This work eventually saturates the quest for finding out the optimal value of deletion within the NCT framework.

Abstract

In the recent years we have seen that Grover search algorithm [1] by using quantum parallelism has revolutionized the field of solving huge class of NP problems in comparisons to classical systems. In this work we explore the idea of extending Grover search algorithm to approximate algorithms. Here we try to analyze the applicability of Grover search to process an unstructured database with a dynamic selection function in contrast to the static selection function used in the original work [1]. We show that this alteration facilitates us to extend the application of Grover search to the field of randomized search algorithms. Further, we use the Dynamic Grover search algorithm to define the goals for a recommendation system based on which we propose a recommendation algorithm which uses binomial similarity distribution space giving us a quadratic speedup over traditional classical unstructured recommendation systems. Finally, we see how Dynamic Grover search can be used to tackle a wide range of optimization problems where we improve complexity over existing optimization algorithms.