An Efficient Authentication Scheme for Internet of Things

The Internet of Things (IoT) is increasingly affecting human lives in multiple profound ways. “Things” have the ability to communicate, generate, transmit and store data over the network connection. During each communication between “Things”, the data transmitted is potentially vulnerable to malicious attacks, loss, distortions and interruption which impair functionality, system efficiency and user satisfaction. Additionally, inappropriate user controls can cause problems in IoT services, such as granting anonymous users access to personal resources and enable legitimate users to access resources in an illegal manner or preventing legitimate users to access resources in an authorized manner. Therefore, communications between things need to be authenticated, authorized, secured and ensured to have high privacy by applying a strong authentication protocol. The aim of this research is to enhance the authentication protocol, starting by reducing the heavy use of storage in “Things”, and eliminating unnecessary messages during authentication steps, taking into consideration the network security analysis. This research represents a security performance analysis and enhancement authentication for the IoT. The results indicate that the enhanced protocol has a positive effect on minimizing packet length and time performance in authenticating users having once obtained access to the visited location area compared with the other two protocols used for comparative purposes, with 33% increased the proposed protocol performance

Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs

A software agent enabled biometric security algorithm for secure file access in consumer storage devices

In order to resist unauthorized access, consumer storage devices are typically protected using a low entropy password. However, storage devices are not fully protected against an adversary because the adversary can utilize an off-line dictionary attack to find the correct password and/or run an existing algorithm for resetting the existing password. In addition, a password protected device may also be stolen or misplaced allowing an adversary to easily retrieve all the stored confidential information from a removable storage device. In order to protect the consumer’s confidential information that has been stored, this paper proposes a mutual authentication and key negotiation protocol that can be used to protect the confidential information in the device. The functionality of the protocol enables the storage device to be secure against relevant security attacks. A formal security analysis using Burrows-Abadi-Needham (BAN) logic is presented to verify the presented algorithm. In addition, a performance analysis of the proposed protocol reveals a significantly reduced communication overhead compared to the relevant literature

Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

A lightweight and secure multilayer authentication scheme for wireless body area networks in healthcare system

Wireless body area networks (WBANs) have lately been combined with different healthcare equipment to monitor patients' health status and communicate information with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, it is important that healthcare systems have a secure way for users to log in and access resources and services. The lack of security and presence of anonymous communication in WBANs can cause their operational failure. There are other systems in this area, but they are vulnerable to offline identity guessing attacks, impersonation attacks in sensor nodes, and spoofing attacks in hub node. Therefore, this study provides a secure approach that overcomes these issues while maintaining comparable efficiency in wireless sensor nodes and mobile phones. To conduct the proof of security, the proposed scheme uses the Scyther tool for formal analysis and the Canetti–Krawczyk (CK) model for informal analysis. Furthermore, the suggested technique outperforms the existing symmetric and asymmetric encryption-based schemes

Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks

Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature

DESIGN AND IMPLEMENTATION OF A SERVER INDEPENDENT THREE LEVEL AUTHENTICATION SYSTEM

As the rapid growth of Internet of Things (IoT) technology in the healthcare sector has led to the emergence of many security threats and risks, the increasing use of sensor objects in the medical field has become quite challenging to ensure full protection. Security and Privacy are among the vital requirements for the IoT (Internet of Things) network domain, which involve data authentication and security. There are numerous approaches to arrange authentication and authorization within information systems. Usually, authentication is utilized for login purposes and essentially acts as a security tool for personal user data. It represents the first level of protection against the disclosure of any system information. Users no longer trust traditional password-based authentication methods, given the increased interaction among online services. Credentials acquired online are frequently utilized to secure additional credentials, and advanced attacks frequently focus on the least secure among a large number of available credentials. One-time passwords and a two-factor authentication mechanism are being investigated by researchers as they seem to present a natural progression from traditional username/password schemes. Authentication is one of the primary ways of establishing and ensuring security in the network. Hence in this work, design and implementation of a server independent three level authentication system is presented. In this system, three levels of authentication such as face recognition, matrix recognition, email and OTP (One Time Password) verification. After successful three level authentications, Hospital Management/administration can access the medical data. This system performs three level authentications which is unique and novel as a result intruder is not able to steal the medical information. Hence, this system will provide greater security