An Efficacious and Secure Registration for Internet Protocol Mobility

For the ample development of mobile internet protocol (IP) technology and the recurrent movement of a mobile device, it is necessary for the mobile device to inform their home network where initially registered through an efficient and secured procedure against any sort of attacks. The procedure of registration for IP mobility by the portable system must have a better performance by providing a certain level of security, such as authentication, integrity, replay attack protection, and location privacy. All at once, the extreme security in the registration of IP mobility may cause long registration time, principally for real-time systems. This paper mainly deals with a balanced effort for secure and efficient registration procedure which gives better security and efficiency in terms of registration delay. The proposed work provides an easy and fast registration procedure and lessens the registration delay through the usage of an identity based authenticated key exchange scheme that eliminates expensive pairing operations. The proposed protocol is verified by using AVISPA tool. The performance evaluation reveals that the proposed protocol significantly outperforms the existing protocols in terms of the registration delay.Defence Science Journal, 2013, 63(5), pp.502-507, DOI:http://dx.doi.org/10.14429/dsj.63.400

Some Implementation Issues for Security Services based on IBE

Identity Based Encryption (IBE) is a public key cryptosystem where a unique identity string, such as an e-mail address, can be used as a public key. IBE is simpler than the traditional PKI since certificates are not needed. An IBE scheme is usually based on pairing of discrete points on elliptic curves. An IBE scheme can also be based on quadratic residuosity. This paper presents an overview of these IBE schemes and surveys present IBE based security services. Private key management is described in detail with protocols to authenticate users of Private Key Generation Authorities (PKG), to protect submission of generated private keys, and to avoid the key escrow problem. In the security service survey IBE implementations for smartcards, for smart phones, for security services in mobile networking, for security services in health care information systems, for secure web services, and for grid network security are presented. Also the performance of IBE schemes is estimated

Security for the signaling plane of the SIP protocol

VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

Secure and privacy-aware proxy mobile IPv6 protocol for vehicle-to-grid networks

Vehicle-to-Grid (V2G) networks have emerged as a new communication paradigm between Electric Vehicles (EVs) and the Smart Grid (SG). In order to ensure seamless communications between mobile EVs and the electric vehicle supply equipment, the support of ubiquitous and transparent mobile IP communications is essential in V2G networks. However, enabling mobile IP communications raises real concerns about the possibility of tracking the locations of connected EVs through their mobile IP addresses. In this paper, we employ certificate-less public key cryptography in synergy with the restrictive partially blind signature technique to construct a secure and privacy-aware proxy mobile IPv6 (SP-PMIPv6) protocol for V2G networks. SP-PMIPv6 achieves low authentication latency while protecting the identity and location privacy of the mobile EV. We evaluate the SP-PMIPv6 protocol in terms of its authentication overhead and the information-theoretic uncertainty derived by the mutual information metric to show the high level of achieved anonymity

Footsteps in the fog: Certificateless fog-based access control

The proliferating adoption of the Internet of Things (IoT) paradigm has fuelled the need for more efficient and resilient access control solutions that aim to prevent unauthorized resource access. The majority of existing works in this field follow either a centralized approach (i.e. cloud-based) or an architecture where the IoT devices are responsible for all decision-making functions. Furthermore, the resource-constrained nature of most IoT devices make securing the communication between these devices and the cloud using standard cryptographic solutions difficult. In this paper, we propose a distributed access control architecture where the core components are distributed between fog nodes and the cloud. To facilitate secure communication, our architecture utilizes a Certificateless Hybrid Signcryption scheme without pairing. We prove the effectiveness of our approach by providing a comparative analysis of its performance in comparison to the commonly used cloud-based centralized architectures. Our implementation uses Azure – an existing commercial platform, and Keycloak – an open-source platform, to demonstrate the real-world applicability. Additionally, we measure the performance of the adopted encryption scheme on two types of resource-constrained devices to further emphasize the applicability of the proposed architecture. Finally, the experimental results are coupled with a theoretical analysis that proves the security of our approach

A Study on the Secure Online Examination System

13301甲第4475号博士（工学）金沢大学博士論文本文Full 以下に掲載：IJCANDI (International Journal of Computing and Informatics) 1(3) pp.90-100 2016. Universitas Mulawarman & Universiti Malaysia Sabah. 共著者：Abdul Wahid, Masahiro Mamb

새로운 무인증서 공개키 배포 방법과 경량 보안 연결 방법

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2017. 2. 권태경.Authenticating the other endpoint and protecting the data communication are the basic and important ways of secure communication. As the penetration of the Internet to the everyday life is getting accelerated, e.g. Internet of Things (IoT), the demand of secure communications increases. However, the aforementioned two ways have been threatened due to the problems of the Public Key Infrastructure (PKI) and the constrained resources of IoT devices. Therefore, this dissertation focuses on enhancing authentication regarding public key distribution and data protection considering resource-limited IoT devices. First, the current PKI has problems like certificate revocations and fraudulent certificates. To address such issues, we propose TwinPeaks, which is a new infrastructure to distribute public keys of named entities online. TwinPeaks leverages certificateless public key cryptography (CL-PKC), which we extend to make the public key of an entity depend on any combination of its networking parametersthus TwinPeaks can mitigate spoofing attacks systematically. TwinPeaks needs public key servers, which constitute a hierarchical tree like Domain Name System (DNS). For each parent-child link in the tree, the parent and the child interact in such a way that every named entity has its own public/secret key pair. TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its IP address and public key up-to-date in its DNS server and key server, respectively. TwinPeaks also achieves scalable distribution of public keys since public keys can be cached long term without elevating security risks. Next, the IoT will be the norm in the foreseeable future. However, the security problem in the Internet will be worsened in IoT services considering the constrained resources of IoT devices. We propose a delegation-based DTLS/TLS framework (D2TLS) for cloud-based IoT services. D2TLS aims to achieve mutual authentication and to lower the burden of setting up secure connections significantly while keeping the private keys of IoT devices secret. Leveraging the session resumption in the DTLS/TLS standard and introducing a security agent, D2TLS achieves these goals with the modifications only within the IoT domain. That is, cloud and PKI systems need no change to deploy D2TLS. Numerical results show that D2TLS can achieve better performance in terms of delay and energy consumption than making a DTLS/TLS connection in standalone mode.1. Introduction 1 1.1 Motivation 1 1.2 Research Contributions 2 1.3 Organization of Dissertation 3 2 TwinPeaks: A New Approach for Certificateless Public Key Distribution 4 2.1 Introduction 4 2.2 Design Rationale 6 2.3 Certificateless Public Key Cryptography (CL-PKC) 8 2.4 How TwinPeaks Works 10 2.4.1 TwinPeaks Overview 11 2.4.2 CL-PKC extension 14 2.4.3 Public Key Update 16 2.4.4 Public Key Caching 17 2.4.5 Deployment: Islands & TLS Variant 18 2.5 Security Analysis 19 2.5.1 Threat Analysis 19 2.5.2 Certificateless Validation of a Public Key 21 2.6 Evaluation 22 2.6.1 Qualitative Comparison 22 2.6.2 Quantitative Comparison 23 2.6.3 Numerical Results 27 2.7 Discussions 33 2.8 Related Work 36 3 D2TLS: Delegation-based DTLS for Cloud-based IoT Services 38 3.1 Introduction 38 3.2 Related Work 41 3.3 Measurement of IoT Products 43 3.3.1 Smart Home Monitoring System 43 3.3.2 Smart Watch 48 3.4 Delegation-based DTLS (D2TLS) 51 3.4.1 D2TLS Framework 53 3.4.2 End-to-End Secure Connection 55 3.5 Security Considerations 56 3.6 Evaluation 59 3.6.1 Evaluation Environments 59 3.6.2 Delay 61 3.6.3 Energy Consumption 63 3.6.4 Code Size and Memory Requirements 65 3.6.5 Expected Session Overhead varying Frequency and Lifetime of a Session 66 3.7 Discussion 68 3.7.1 IoT device as a Server 68 3.7.2 Hardware-assisted IoT Security 69 4 Conclusion 71 Bibliography 73 초록 79Docto

A note on ``SCPUAK: smart card-based secure protocol for remote user authentication and key agreement\u27\u27

We show that the Cherbal-Benchetioui key agreement scheme [Comput. Electr. Eng., 109, 108759 (2023)] fails to keep user anonymity, not as claimed. The scheme simply thinks that user anonymity is equivalent to protecting the user\u27s real identity. But the true anonymity means that the adversary cannot attribute different sessions to target entities, which relates to entity-distinguishable, not just identity-revealable

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism