Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

An Efficient Authentication Scheme for Internet of Things

The Internet of Things (IoT) is increasingly affecting human lives in multiple profound ways. “Things” have the ability to communicate, generate, transmit and store data over the network connection. During each communication between “Things”, the data transmitted is potentially vulnerable to malicious attacks, loss, distortions and interruption which impair functionality, system efficiency and user satisfaction. Additionally, inappropriate user controls can cause problems in IoT services, such as granting anonymous users access to personal resources and enable legitimate users to access resources in an illegal manner or preventing legitimate users to access resources in an authorized manner. Therefore, communications between things need to be authenticated, authorized, secured and ensured to have high privacy by applying a strong authentication protocol. The aim of this research is to enhance the authentication protocol, starting by reducing the heavy use of storage in “Things”, and eliminating unnecessary messages during authentication steps, taking into consideration the network security analysis. This research represents a security performance analysis and enhancement authentication for the IoT. The results indicate that the enhanced protocol has a positive effect on minimizing packet length and time performance in authenticating users having once obtained access to the visited location area compared with the other two protocols used for comparative purposes, with 33% increased the proposed protocol performance

Wireless IP network mobility management: advancing from mobile IP to HIP-based network

Wireless networking introduces a whole range of challenges to the traditional TCP/IP network. In particular, IP address the issue of overloading because IP addresses are used as a network locator and an end point identity in the different layers in an OSI model. Even though Mobile IP is widely deployed, it has significant problems relating to performance and security. The Host Identity Protocol (HIP) provides secure mobility management by solving the IP address overloading from another angle. It restructures the TCP/IP model and introduces a new layer and a new namespace. The performance of HIP has proven to be better than Mobile IP and also opens a range of new research opportunities. This dissertation proposes and analyses a new step-stone solution from the Mobile IP-based network into a HIP-based network. The main advantage of this new solution is that much less change is required to the operating system kernel of the end point compared to a full HIP implementation. The new step-stone solution allows Mobile IP to use some HIP features to provide better security and handover performance. This dissertation also proposes several new and novel HIP-based wireless communication network architectures. An HIP-based heterogeneous wireless network architecture and handover scheme has been proposed and analysed. These schemes limit the HIP signalling in the wireless network if no communication to external networks is needed. Beside the network architecture modification, the hybrid Session Initial Protocol (SIP) and HIP-based Voice over IP (VoIP) scheme is proposed and analysed. This novel scheme improves the handover latency and security. This dissertation also proposes and analyses a new and novel extension to HIP, a HIP-based micro-mobility management, micro-HIP (mHIP). mHIP provides a new secure framework for micro-mobility management. It is a more complete HIP-based micro-mobility solution than any other proposed in existing studies. mHIP improves the intra-domain handover performance, the security, and the distribution of load in the intra-domain handover signalling. The new work presented opens up a number of very interesting research opportunities

Is DNS Ready for Ubiquitous Internet of Things?

The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Towards a reliable seamless mobility support in heterogeneous IP networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed