1,624 research outputs found
A Lightweight Multi-receiver Encryption Scheme with Mutual Authentication
"In this paper, we propose a lightweight multi-receiver encryption scheme for the device to device communications on Internet of Things (IoT) applications. In order
for the individual user to control the disclosure range of
his/her own data directly and to prevent sensitive personal data
disclosure to the trusted third party, the proposed scheme uses
device-generated public keys. For mutual authentication, third
party generates Schnorr-like lightweight identity-based partial
private keys for users. The proposed scheme provides source
authentication, message integrity, replay-attack prevention and
implicit user authentication. In addition to more security properties, computation expensive pairing operations are eliminated
to achieve less time usage for both sender and receiver, which
is favourable property for IoT applications. In this paper, we
showed a proof of security of our scheme, computational cost
comparison and experimental performance evaluations. We
implemented our proposed scheme on real embedded Android
devices and confirmed that it achieves less time cost for both
encryption and decryption comparing with the existing most
efficient certificate-based multi-receiver encryption scheme and
certificateless multi-receiver encryption scheme.
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
TD2SecIoT: Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT
The Internet of Things (IoT) is an emerging technology, which comprises wireless smart sensors and actuators. Nowadays, IoT is implemented in different areas such as Smart Homes, Smart Cities, Smart Industries, Military, eHealth, and several real-world applications by connecting domain-specific sensors. Designing a security model for these applications is challenging for researchers since attacks (for example, zero-day) are increasing tremendously. Several security methods have been developed to ensure the CIA (Confidentiality, Integrity, and Availability) for Industrial IoT (IIoT). Though these methods have shown promising results, there are still some security issues that are open. Thus, the security and authentication of IoT based applications become quite significant. In this paper, we propose TD2SecIoT (Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT), which incorporates Elliptic Curve Cryptography (ECC) and Nth-degree Truncated Polynomial Ring Units (NTRU) methods to ensure confidentiality and integrity. The proposed method has been evaluated against different attacks and performance measures (quantitative and qualitative) using the Cooja network simulator with Contiki-OS. The TD2SecIoT has shown a higher security level with reduced computational cost and time
The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach
Wireless sensor networks consist of a large number of distributed sensor
nodes so that potential risks are becoming more and more unpredictable. The new
entrants pose the potential risks when they move into the secure zone. To build
a door wall that provides safe and secured for the system, many recent research
works applied the initial authentication process. However, the majority of the
previous articles only focused on the Central Authority (CA) since this leads
to an increase in the computation cost and energy consumption for the specific
cases on the Internet of Things (IoT). Hence, in this article, we will lessen
the importance of these third parties through proposing an enhanced
authentication mechanism that includes key management and evaluation based on
the past interactions to assist the objects joining a secured area without any
nearby CA. We refer to a mobility dataset from CRAWDAD collected at the
University Politehnica of Bucharest and rebuild into a new random dataset
larger than the old one. The new one is an input for a simulated authenticating
algorithm to observe the communication cost and resource usage of devices. Our
proposal helps the authenticating flexible, being strict with unknown devices
into the secured zone. The threshold of maximum friends can modify based on the
optimization of the symmetric-key algorithm to diminish communication costs
(our experimental results compare to previous schemes less than 2000 bits) and
raise flexibility in resource-constrained environments.Comment: 27 page
A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices
Authentication is the first defence mechanism in many electronic systems,
including Internet of Things (IoT) applications, as it is essential for other
security services such as intrusion detection. As existing authentication
solutions proposed for IoT environments do not provide multi-level
authentication assurance, particularly for device-to-device authentication
scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and
Interaction based Authentication) framework to facilitate multi-factor
authentication of devices in device-to-device and device-to-multiDevice
interactions. In this paper, we extend the framework to address group
authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group
Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access
(HGA) protocol. The protocols use a combination of symmetric and asymmetric
cryptographic primitives to facilitate multifactor group authentication. The
informal analysis and formal security verification show that the protocols
satisfy the desirable security requirements and are secure against
authentication attacks
BANZKP: a Secure Authentication Scheme Using Zero Knowledge Proof for WBANs
-Wireless body area network(WBAN) has shown great potential in improving
healthcare quality not only for patients but also for medical staff. However,
security and privacy are still an important issue in WBANs especially in
multi-hop architectures. In this paper, we propose and present the design and
the evaluation of a secure lightweight and energy efficient authentication
scheme BANZKP based on an efficient cryptographic protocol, Zero Knowledge
Proof (ZKP) and a commitment scheme. ZKP is used to confirm the identify of the
sensor nodes, with small computational requirement, which is favorable for body
sensors given their limited resources, while the commitment scheme is used to
deal with replay attacks and hence the injection attacks by committing a
message and revealing the key later. Our scheme reduces the memory requirement
by 56.13 % compared to TinyZKP [13], the comparable alternative so far for Body
Area Networks, and uses 10 % less energy
A Multi-User, Single-Authentication Protocol for Smart Grid Architectures
open access articleIn a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand–response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only
access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis
Fortifying Public Safety: A Dynamic Role-Based Access Control Paradigm for Cloud-Centric IoT
The evolution of communication technologies, exemplified by the Internet of
Things (IoT) and cloud computing, has significantly enhanced the speed and
accessibility of Public Safety (PS) services, critical to ensuring the safety
and security of our environment. However, these advancements also introduce
inherent security and privacy challenges. In response, this research presents a
novel and adaptable access control scheme tailored to PS services in
cloud-supported IoT environments. Our proposed access control protocol
leverages the strengths of Key Policy Attribute Based Encryption (KP-ABE) and
Identity-Based Broadcast Encryption (IDBB), combining them to establish a
robust security framework for cloud-supported IoT in the context of PS
services. Through the implementation of an Elliptic Curve Diffie-Hellman (ECDH)
scheme between entities, we ensure entity authentication, data confidentiality,
and integrity, addressing fundamental security requirements. A noteworthy
aspect of our lightweight protocol is the delegation of user private key
generation within the KP-ABE scheme to an untrusted cloud entity. This
strategic offloading of computational and communication overhead preserves data
privacy, as the cloud is precluded from accessing sensitive information. To
achieve this, we employ an IDBB scheme to generate secret private keys for
system users based on their roles, requiring the logical conjunction ('AND') of
user attributes to access data. This architecture effectively conceals user
identities from the cloud service provider. Comprehensive analysis validates
the efficacy of the proposed protocol, confirming its ability to ensure system
security and availability within acceptable parameters
Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices
open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)
A survey on wireless body area networks: architecture, security challenges and research opportunities.
In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues
- …