A Novel Authentication and Key Agreement Scheme for Countering MITM and Impersonation Attack in Medical Facilities

Authentication is used to enfold the privacy of the patient to implement security onto the communication between patients and service providers. Several types of research have proposed support for anonymity for contextual privacy in medical systems that are still vulnerable to impersonation attack and Man-in-the-middle attack. By using powerful technology that is used in medical facilities, it can help in building an advanced system. However, the same powerful tools can also be used by the attackers to gain personal profits and to cause chaos. The proposed countermeasure that is to be taken to prevent this kind of attacks is by implementing mutual authentication between users, their devices/mobile devices, and the system’s cloud server, and also a key agreement scheme together with the help of Elliptic Curve Cryptography (ECC). A novel authentication scheme which consists of two phases, a signature generation, and authentication process. The ECC implementation is to ensure that the keys are thoroughly secured and is not copy- able, together with a Key generation scheme that shields the system against impersonation attacks. The usage of Elliptic Curve Digital Signature Algorithm (ECDSA), in a signature generation, on the other hand, provides users more secure way to hide the user private key and bring additional security layer before proceeding to authentication phase due to the existence of extra elements of domain parameters. Authentication is still considered as a crucial component in maintaining the security of any critical facilities that require the CIA tried and non- repudiation as a need to maintain their data. It does not only apply to medical centers, but any organizations that possess valuable data that is needed to be protected also requires strong authentication protocols. Thus, the trend for the need of novel authentication protocols will keep on rising as technology gets fancier and fancier

Efficient Dynamic Group Signature Scheme with Verifier Local Revocation and Time-Bound Keys using Lattices

Revocation is an important feature of group signature schemes. Verifier Local Revocation (VLR) is a popular revocation mechanism which involves only verifiers in the revocation process. In VLR, a revocation list is maintained to store the information about revoked users. The verification cost of VLR based schemes islinearly proportional to the size of recvocation list. In many applications, the size of revocation list grows with time, which makes the verification process expensive. In this paper, we propose a lattice based dynamic group signature using VLR and time bound keys to reduce the size of revocation list to speed up the verification process. In the proposed scheme, an expiration date is fixed for signing key of each group member, and verifiers can find out (at constantcost) if a signature is generated using an expired key. Hence revocation information of members who are revoked before signing key expiry date (premature revocation) are kept in revocation list, and other members are part of natural revocation. This leads to a significant saving on the revocation check by assuming natural revocation accounts for large fraction of the total revocation. This scheme also takes care of non-forgeability of signing key expiry date

GTM approach towards engineering a features-oriented evaluation framework for secure authentication in IIoT environment

Industry Internet of Things (IIoT) has become the most evolving area over the last few years. The number of IoT devices connected in industry has sharply elevated but this surge has led to the vulnerability and data breach such as if a malicious entry is made to the secure network, it will forfeit all the network resources. For this purpose a full pledged secure authentication method is essential to safeguard IIoT network. There is a bulky list of number of authentications protocols available to keep network safe with a variety of features so but it becomes herculean task for network administrator to pick the strong and secure authentication method due to huge number of criteria, conflicting objectives and availability of authentication protocols in industry environment. It has become imperative to get the most rational authentication method in devices operating in IIoT. To address this issue, a feature-oriented assessment framework is put forward to provide a ground for ranking and selection of best authentication mechanism. This framework uses a mathematic approach known as Graph Theory Matrix Approach (GTMA) and selects the best authentication method based on the number of features. These features are related to authentication and covers almost every aspect of authentication method and are used as benchmark for selection purposes. This framework takes into account the most important features and helps in selecting the best and most ideal features-oriented authentication method that can be employed in IIoT to keep the integrity and security of connected devices and overall network infrastructure.Qatar National Library and Qatar University - grant No. QUHI-CBE-21/22-1

Securing internet of medical things with friendly-jamming schemes

The Internet of Medical Things (IoMT)-enabled e-healthcare can complement traditional medical treatments in a flexible and convenient manner. However, security and privacy become the main concerns of IoMT due to the limited computational capability, memory space and energy constraint of medical sensors, leading to the in-feasibility for conventional cryptographic approaches, which are often computationally-complicated. In contrast to cryptographic approaches, friendly jamming (Fri-jam) schemes will not cause extra computing cost to medical sensors, thereby becoming potential countermeasures to ensure security of IoMT. In this paper, we present a study on using Fri-jam schemes in IoMT. We first analyze the data security in IoMT and discuss the challenges. We then propose using Fri-jam schemes to protect the confidential medical data of patients collected by medical sensors from being eavesdropped. We also discuss the integration of Fri-jam schemes with various communication technologies, including beamforming, Simultaneous Wireless Information and Power Transfer (SWIPT) and full duplexity. Moreover, we present two case studies of Fri-jam schemes in IoMT. The results of these two case studies indicate that the Fri-jam method will significantly decrease the eavesdropping risk while leading to no significant influence on legitimate transmission