Improving Air Interface User Privacy in Mobile Telephony

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs

Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme

Telecare Medicine Information Systems (TMIS) provides flexible and convenient e-health care. However the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.’s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.’s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.’s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes

Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Enhancements to Secure Bootstrapping of Smart Appliances

In recent times, there has been a proliferation of smart IoT devices that make our everyday life more convenient, both at home and at work environment. Most of these smart devices are connected to cloud-based online services, and they typically reuse the existing Wi-Fi network infrastructure for Internet connectivity. Hence, it is of paramount importance to ensure that these devices establish a robust security association with the Wi-Fi networks and cloud-based servers. The initial process by which a device establishes a robust security association with the network and servers is known as secure bootstrapping. The bootstrapping process results in the derivation of security keys and other connection parameters required by the security associations. Since the smart IoT devices often possess minimal user-interface, there is a need for bootstrapping methods with which the users can effortlessly connect their smart IoT devices to the networks and services. Nimble out-of-band authentication for Extensible Authentication Protocol (EAP-NOOB) is one such secure bootstrapping method. It is a new EAP authentication method for IEEE 802.1X/EAP authentication framework. The protocol does not assume or require any pre-configured authentication credentials such as symmetric keys or certificates. In lieu, the authentication credentials along with the user’s ownership of the device are established during the bootstrapping process. The primary goal of this thesis is to study and implement the draft specification of the EAP-NOOB protocol in order to evaluate the working of EAP-NOOB in real-world scenarios. During our implementation and testing of the initial prototype for EAP-NOOB, we discovered several issues in the protocol. In this thesis, we propose a suitable solution for each of the problems identified and also, verify the solutions through implementation and testing. The main results of this thesis work are various enhancements and clarifications to the EAP-NOOB protocol specification. The results consequently aid the standardisation of the protocol at IETF. We also design and implement several additional features for EAP-NOOB to enhance the user experience

INFORMATION SECURITY: A STUDY ON BIOMETRIC SECURITY SOLUTIONS FOR TELECARE MEDICAL INFORMATION SYSTEMS

This exploratory study provides a means for evaluating and rating Telecare medical information systems in order to provide a more effective security solution. This analysis of existing solutions was conducted via an in-depth study of Telecare security. This is a proposition for current biometric technologies as a new means for secure communication of private information over public channels. Specifically, this research was done in order to provide a means for businesses to evaluate prospective technologies from a 3 dimensional view in order to make am accurate decision on any given biometric security technology. Through identifying key aspects of what makes a security solution the most effective in minimizing risk of a patient’s confidential data being exposed we were then able to create a 3 dimensional rubric to see not only from a business view but also the users such as the patients and doctors that use Telecare medical information systems every day. Finally, we also need to understand the implications of biometric solutions from a technological standpoint

Biometrics for internet‐of‐things security: A review

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions

PROPOSED LIGHTWEIGHT PROTOCOL FOR IOT AUTHENTICATION

The Internet of Things (IoT) alludes to interestingly identifiable items (things) which can communicate with differentquestions through the worldwide framework of remote/wired Internet. The correspondence system among an expansive number of assetobliged gadgets that produce substantial volumes of information affects the security and protection of the included items. In thispaper, we propose a lightweight protocol for IoT authentication which based on two algorithms LA1 and RA1 which is used forauthentication and generating session key that is used for encryption