Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme

Seamless connectivity architecture and methods for IoT and wearable devices

Wearable and Internet of Things (IoT) devices have the potential to improve lifestyle, personalize receiving treatments or introduce assisted living for elderly people. However, service delivery depends on maintaining and troubleshooting device connectivity to smartphones, where user engagement and technology proficiency represent a possible barrier that prevents a wider adoption, especially in the elderly and disabled population. Low-cost and low-power wearable and IoT devices face challenges when operating out of range of known home networks or pared devices. We propose an architecture and methods to provide seamless connectivity (Se-Co) between devices and wireless networks while maintaining low-power, low-cost and standards compatibility. Through Se-Co, the devices connect without user interaction both in home and in unknown roaming networks while maintaining anonymity, privacy and security. Roaming networks approve data limited connectivity to unknown devices that are able to provide a valid anonymized certificate of compliance and no harm through a home provider. Se-Co enables shifting data processing, such as pattern processing using artificial intelligence, from a wearable device or smartphone towards the cloud. The proposed Se-Co architecture could provide solutions to increase usability of wearable devices and improve their wider adoption, while keeping low the costs of devices, development and services

LAAP: Lightweight anonymous authentication protocol for D2D-Aided fog computing paradigm

Fog computing is a new paradigm that extends cloud computing and services to the edge of the network. Although it has several distinct characteristics, however, the conventional fog computing model does not support some of the imperative features such as D2D communications, which can be useful for several critical IoT applications and services. Besides, fog computing faces numerous new security and privacy challenges apart from those inherited from cloud computing, however, security issues in fog computing have not been addressed properly. In this article, first we introduce a new privacy-preserving security architecture for fog computing model with the cooperative D2D communication support, which can be useful for various IoT applications. Subsequently, based on the underlying foundation of our proposed security architecture we design three lightweight anonymous authentication protocols (LAAPs) to support three distinct circumstances in D2D-Aided fog computing. In this regard, we utilize the lightweight cryptographic primitives like one-way function and EXCLUSIVE-OR operations, which will cause limited computational overhead for the resource limited edge devices

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

LCDMA: Lightweight Cross-domain Mutual Identity Authentication scheme for Internet of Things

With the widespread popularity of mobile terminals in the Internet of things (IoT), the demand for cross-domain access of mobile terminals between different regions has also increased significantly. The nature of wireless communication media makes mobile terminals vulnerable to security threats in cross-domain access. Identity authentication is a prerequisite for secure data transmission in cross-domain, and it is also the first step to guarantee the credibility of data sources. Most existing authentication schemes are based on bilinear pairing or public key encryption and decryption with high computation overhead, which are not suitable for the resource-limited mobile IoT terminals. Moreover, these schemes have some security drawbacks and cannot meet the security requirements of cross-domain access. In this paper, we propose a lightweight cross-domain mutual identity authentication (LCDMA) for mobile IoT environments. LCDMA uses symmetric polynomials instead of high-complexity bilinear pairing in the traditional schemes. We theoretically analyze the security performance under the random oracle model. Our results show that LCDMA not only resists common attacks but also preserves secure traceability while guaranteeing anonymity. Performance evaluation further demonstrates that our scheme has better performance in terms of computation and communication overhead, compared with other existing representative schemes

BVPSMS: A Batch Verification Protocol for End-to-End Secure SMS for Mobile Users

Short Message Service (SMS) is a widely used communication medium for mobile applications, such as banking, social networking, and e-commerce. Applications of SMS services also include real-time broadcasting messages, such as notification of natural disasters and terrorist attacks, and sharing the current whereabouts to other users, such as notifying urgent business meeting information, transmitting quick information in the battlefield to multiple users, notifying current location to our friends, and sharing market information. However, traditional SMS is not designed with security in mind (e.g. messages are not securely sent). In this paper, we introduce a batch verification Authentication and Key Agreement (AKA) protocol, BVPSMS, which provides end-to-end message security over an insecure communication channel between different Mobile Subscribers (MSs). Specifically, the proposed protocol securely transmits SMS from one MS to multiple MS simultaneously. We then evaluate the performance of the BVPSMS protocol in terms of communication and computation overheads, protocol execution time, and batch and re-batch verification times. The impacts of the user mobility, and the time, space, and cost complexity analysis are also discussed. We present a formal proof of the proposed protocol. To the best of our knowledge, this is the first provably-secure batch verification AKA protocol, which provides end-to-end security to the SMS using symmetric keys

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture