Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

BVPSMS: A Batch Verification Protocol for End-to-End Secure SMS for Mobile Users

Short Message Service (SMS) is a widely used communication medium for mobile applications, such as banking, social networking, and e-commerce. Applications of SMS services also include real-time broadcasting messages, such as notification of natural disasters and terrorist attacks, and sharing the current whereabouts to other users, such as notifying urgent business meeting information, transmitting quick information in the battlefield to multiple users, notifying current location to our friends, and sharing market information. However, traditional SMS is not designed with security in mind (e.g. messages are not securely sent). In this paper, we introduce a batch verification Authentication and Key Agreement (AKA) protocol, BVPSMS, which provides end-to-end message security over an insecure communication channel between different Mobile Subscribers (MSs). Specifically, the proposed protocol securely transmits SMS from one MS to multiple MS simultaneously. We then evaluate the performance of the BVPSMS protocol in terms of communication and computation overheads, protocol execution time, and batch and re-batch verification times. The impacts of the user mobility, and the time, space, and cost complexity analysis are also discussed. We present a formal proof of the proposed protocol. To the best of our knowledge, this is the first provably-secure batch verification AKA protocol, which provides end-to-end security to the SMS using symmetric keys

Access Authentication Via Blockchain in Space Information Network

These authors contributed equally to this work. Abstract Space Information Network (SIN) has significant benefits of providing communication anywhere at any time. This feature offers an innovative way for conventional wireless customers to access enhanced internet services by using SIN. However, SIN's characteristics, such as naked links and maximum signal latency, make it difficult to design efficient security and routing protocols, etc. Similarly, existing SIN authentication techniques can't satisfy all of the essentials for secure communication, such as privacy leaks or rising authentication latency. The article aims to develop a novel blockchain-based access authentication mechanism for SIN. The proposed scheme uses a blockchain application, which has offered anonymity to mobile users while considering the satellites' limited processing capacity. The proposed scheme uses a blockchain application, which offers anonymity to mobile users while considering the satellites' limited processing capacity. The SIN gains the likelihood of far greater computational capacity devices as technology evolves. Since authenticating in SIN, the technique comprises three entities: low Earth orbit, mobile user, and network control centre. The proposed mutual authentication mechanism avoids the requirement of a ground station, resulting in less latency and overhead during mobile user authentication. Finally, the new blockchain-based authentication approach is being evaluated with AVISPA, a formal security tool. The simulation and performance study results illustrate that the proposed technique delivers efficient security characteristics such as low authentication latency, minimal signal overhead and less computational cost with group authentication

Authentication Protocols for Internet of Things: A Comprehensive Survey

In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT) is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1) Machine to Machine Communications (M2M), (2) Internet of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed

State-of-the-art authentication and verification schemes in VANETs:A survey

Vehicular Ad-Hoc Networks (VANETs), a subset of Mobile Ad-Hoc Networks (MANETs), are wireless networks formed around moving vehicles, enabling communication between vehicles, roadside infrastructure, and servers. With the rise of autonomous and connected vehicles, security concerns surrounding VANETs have grown. VANETs still face challenges related to privacy with full-scale deployment due to a lack of user trust. Critical factors shaping VANETs include their dynamic topology and high mobility characteristics. Authentication protocols emerge as the cornerstone of enabling the secure transmission of entities within a VANET. Despite concerted efforts, there remains a need to incorporate verification approaches for refining authentication protocols. Formal verification constitutes a mathematical approach enabling developers to validate protocols and rectify design errors with precision. Therefore, this review focuses on authentication protocols as a pivotal element for securing entity transmission within VANETs. It presents a comparative analysis of existing protocols, identifies research gaps, and introduces a novel framework that incorporates formal verification and threat modeling. The review considers key factors influencing security, sheds light on ongoing challenges, and emphasises the significance of user trust. The proposed framework not only enhances VANET security but also contributes to the growing field of formal verification in the automotive domain. As the outcomes of this study, several research gaps, challenges, and future research directions are identified. These insights would offer valuable guidance for researchers to establish secure authentication communication within VANETs

Secured Scheme for Privacy Preserving and Node Authentication Mechanism for a Special Mobile Ad hoc Network

Opportunistic networks are a special type of Mobile Ad hoc network which are wirelessly interlinked nodes with the absence of end to end connectivity. All nodes in an opportunistic network are free to move in an environment. Due to the high degree of mobility of nodes, opportunistic networks differ significantly from the existing traditional networks and it works on store, carry &forward mechanism in which, each node has a communication range. Within its proximity, if any node comes, it can send and receive messages. In an opportunistic network, there is no proper infrastructure available for communication and node have limited storage and computational capabilities. The major problem being faced in an opportunistic network is the identification of normal and malicious nodes because due to the open nature of the opportunistic network, malicious nodes also can join the network and perform some malicious activities like Sybil attack. We propose a remedy to address the authentication and privacy issue that can arise in an opportunistic network. According to the findings of the simulation, the proposed research work satisfies the authentication and privacy criteria of an opportunistic network

A signature-based data security and authentication framework for internet of things applications

Internet of things (IoT) is the next big revolution in modernized network technologies connecting a massive number of heterogeneous smart appliances and physical objects. Owing to these technologies' novelty, various issues are characterized by security concerns are the most prioritized issue. A review of existing security approaches highlights that they are very particular about the solution towards a specific attack and cannot resist any unknown attacker. Therefore, this manuscript presents a novel computational model that introduces a unique authentication process using a simplified encryption strategy. The simulated study outcome shows that the proposed system offers efficient security and efficient data transmission performance in the presence of an unknown adversary. Hence, the study outcome exhibits better effects than frequently used security solutions when implemented in a vulnerable IoT environment

Dynamic Reciprocal Authentication Protocol for Mobile Cloud Computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.A combination of mobile and cloud computing delivers many advantages such as mobility, resources, and accessibility through seamless data transmission via the Internet anywhere at any time. However, data transmission through vulnerable channels poses security threats such as man-in-the-middle, playback, impersonation, and asynchronization attacks. To address these threats, we define an explicit security model that can precisely measure the practical capabilities of an adversary. A systematic methodology consisting of 16 evaluation criteria is used for comparative evaluation, thereby leading other approaches to be evaluated through a common scale. Finally, we propose a dynamic reciprocal authentication protocol to secure data transmission in mobile cloud computing (MCC). In particular, our proposed protocol develops a secure reciprocal authentication method, which is free of Diffie–Hellman limitations, and has immunity against basic or sophisticated known attacks. The protocol utilizes multifactor authentication of usernames, passwords, and a one-time password (OTP). The OTP is automatically generated and regularly updated for every connection. The proposed protocol is implemented and tested using Java to demonstrate its efficiency in authenticating communications and securing data transmitted in the MCC environment. Results of the evaluation process indicate that compared with the existing works, the proposed protocol possesses obvious capabilities in security and in communication and computation costs