Game-Based Privacy Analysis of RFID Security Schemes for Confident Authentication in IoT

Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy

Breaking Anonymity of Some Recent Lightweight RFID Authentication Protocols

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks (2016). We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, impersonation, DoS, traceability, and forward traceability against the studied protocols. Our attacks are mounted in the Ouafi–Phan RFID formal privacy model which is a modified version of the well-known Juels–Weis privacy model

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

A Survey on Privacy and Security of Internet of Things

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Internet of Things (IoT) has fundamentally changed the way information technology and communication environments work, with significant advantages derived from wireless sensors and nanotechnology, among others. While IoT is still a growing and expanding platform, the current research in privacy and security shows there is little integration and unification of security and privacy that may affect user adoption of the technology because of fear of personal data exposure. The surveys conducted so far focus on vulnerabilities based on information exchange technologies applicable to the Internet. None of the surveys has brought out the integrated privacy and security perspective centred on the user. The aim of this paper is to provide the reader with a comprehensive discussion on the current state of the art of IoT, with particular focus on what have been done in the areas of privacy and security threats, attack surface, vulnerabilities and countermeasures and to propose a threat taxonomy. IoT user requirements and challenges were identified and discussed to highlight the baseline security and privacy needs and concerns of the user. The paper also proposed threat taxonomy to address the security requirements in broader perspective. This survey of IoT Privacy and Security has been undertaken through a systematic literature review using online databases and other resources to search for all articles that meet certain criteria, entering information about each study into a personal database, and then drawing up tables summarizing the current state of literature. As a result, the paper distills the latest development

Energy Saving Mechanisms in the Security of the Internet of Things

Energy consumption is one of the priorities of security on the Internet of Things. It is not easy to find the best solutions that will reduce energy consumption, while ensuring that the security requirements are met. Many of the issues that have been presented so far have covered the basics of security, such as the basic principles of encryption, extension environments, target applications, and so on.This paper examines one of the most effective energy-efficiency mechanisms for providing Internet-based security services. By studying techniques that enable the development of advanced energy-efficient security solutions, we take a closer look at the ideas that have already been introduced in this area. In this study, not only the security issues, but also the energy impacts on solutions have been considered. Initially, the amount of energy related to security services is introduced. Then a classification is proposed for energy efficient mechanisms on the Internet of Things. Finally, the main drivers of the impact of energy saving techniques are analyzed for security solutions

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

Smart campuses : extensive review of the last decade of research and current challenges

Novel intelligent systems to assist energy transition and improve sustainability can be deployed at different scales, ranging from a house to an entire region. University campuses are an interesting intermediate size (big enough to matter and small enough to be tractable) for research, development, test and training on the integration of smartness at all levels, which has led to the emergence of the concept of “smart campus” over the last few years. This review article proposes an extensive analysis of the scientific literature on smart campuses from the last decade (2010-2020). The 182 selected publications are distributed into seven categories of smartness: smart building, smart environment, smart mobility, smart living, smart people, smart governance and smart data. The main open questions and challenges regarding smart campuses are presented at the end of the review and deal with sustainability and energy transition, acceptability and ethics, learning models, open data policies and interoperability. The present work was carried out within the framework of the Energy Network of the Regional Leaders Summit (RLS-Energy) as part of its multilateral research efforts on smart region