Integrating identity-based cryptography in IMS service authentication

Nowadays, the IP Multimedia Subsystem (IMS) is a promising research field. Many ongoing works related to the security and the performances of its employment are presented to the research community. Although, the security and data privacy aspects are very important in the IMS global objectives, they observe little attention so far. Secure access to multimedia services is based on SIP and HTTP digest on top of IMS architecture. The standard deploys AKA-MD5 for the terminal authentication. The third Generation Partnership Project (3GPP) provided Generic Bootstrapping Architecture (GBA) to authenticate the subscriber before accessing multimedia services over HTTP. In this paper, we propose a new IMS Service Authentication scheme using Identity Based cryptography (IBC). This new scheme will lead to better performances when there are simultaneous authentication requests using Identity-based Batch Verification. We analyzed the security of our new protocol and we presented a performance evaluation of its cryptographic operationsComment: 13Page

Two secure non-symmetric role Key-Agreement protocols

Recently, some two-party Authenticated Key Agreement protocols over elliptic curve based algebraic groups, in the context of Identity-Based cryptography have been proposed. The main contribution of this category of protocols is to reduce the complexity of performing algebraic operations through eliminating the need to using Bilinear Pairings. In this paper, we proposed two novel Identity-Based Authenticated Key Agreement protocols over non-symmetric role participants without using Bilinear Pairings. The results show that our proposed schemes beside of supporting security requirements of Key Agreement protocols, require a subset of operations with low complexity in compare with related protocols in this scientific area

Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions

Certificateless Algorithm for Body Sensor Network and Remote Medical Server Units Authentication over Public Wireless Channels

Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements

Secure pairing-free two-party certificateless authenticated key agreement protocol with minimal computational complexity

Key agreement protocols play a vital role in maintaining security in many critical applications due to the importance of the secret key. Bilinear pairing was commonly used in designing secure protocols for the last several years; however, high computational complexity of this operation has been the main obstacle towards its practicality. Therefore, implementation of Elliptic-curve based operations, instead of bilinear pairings, has become popular recently, and pairing-free key agreement protocols have been explored in many studies. A considerable amount of literatures has been published on pairing-free key agreement protocols in the context of Public Key Cryptography (PKC). Simpler key management and non-existence of key escrow problem make certificateless PKC more appealing in practice. However, achieving certificateless pairing-free two-party authenticated key agreement protocols (CL-AKA) that provide high level of security with low computational complexity, remains a challenge in the research area. This research presents a secure and lightweight pairingfree CL-AKA protocol named CL2AKA (CertificateLess 2-party Authenticated Key Agreement). The properties of CL2AKA protocol is that, it is computationally lightweight while communication overhead remains the same as existing protocols of related works. The results indicate that CL2AKA protocol is 21% computationally less complex than the most efficient pairing-free CL-AKA protocol (KKC-13) and 53% less in comparison with the pairing-free CL-AKA protocol with highest level of security guarantee (SWZ-13). Security of CL2AKA protocol is evaluated based on provable security evaluation method under the strong eCK model. It is also proven that the CL2AKA supports all of the security requirements which are necessary for authenticated key agreement protocols. Besides the CL2AKA as the main finding of this research work, there are six pairing-free CL-AKA protocols presented as CL2AKA basic version protocols, which were the outcomes of several attempts in designing the CL2AKA

Privacy-preserving communication and power injection over vehicle networks and 5G smart grid slice

tru

An Efficacious and Secure Registration for Internet Protocol Mobility

For the ample development of mobile internet protocol (IP) technology and the recurrent movement of a mobile device, it is necessary for the mobile device to inform their home network where initially registered through an efficient and secured procedure against any sort of attacks. The procedure of registration for IP mobility by the portable system must have a better performance by providing a certain level of security, such as authentication, integrity, replay attack protection, and location privacy. All at once, the extreme security in the registration of IP mobility may cause long registration time, principally for real-time systems. This paper mainly deals with a balanced effort for secure and efficient registration procedure which gives better security and efficiency in terms of registration delay. The proposed work provides an easy and fast registration procedure and lessens the registration delay through the usage of an identity based authenticated key exchange scheme that eliminates expensive pairing operations. The proposed protocol is verified by using AVISPA tool. The performance evaluation reveals that the proposed protocol significantly outperforms the existing protocols in terms of the registration delay.Defence Science Journal, 2013, 63(5), pp.502-507, DOI:http://dx.doi.org/10.14429/dsj.63.400

A Decentralized SDN Framework and Its Applications to Heterogeneous Internets

Motivated by the internets of the future, which will likely be considerably larger in size as well as highly heterogeneous and decentralized, we propose Decentralize- SDN, a Software-Defined Networking (SDN) framework that enables both physical- as well as logical distribution of the SDN control plane. D-SDN accomplishes network control distribution by defining a hierarchy of controllers that can "match" an internet's organizational and administrative structure. By delegating control between main controllers and secondary controllers, DSDN is able to accommodate administrative decentralization and autonomy, as well as possible disruptions that may be part of the operation of future internets. D-SDN specifies the protocols used for communication between main controllers as well as for main controller secondary controller- and secondary controller-secondary controller communication. Another distinguishing feature of D-SDN is that it incorporates security as an integral part of the framework and its underlying protocols. This paper describes our D-SDN framework as well as its protocols. It also presents our prototype implementation and proof-of-concept experimentation on a real testbed in which we showcase two use cases, namely network capacity sharing and public safety network services

Blockchain-assisted lightweight authenticated key agreement security framework for smart vehicles-enabled Intelligent Transportation System

Intelligent Transportation Systems (ITS) supported by smart vehicles have revolutionized modern transportation, offering a wide range of applications and services, such as electronic toll collection, collision avoidance alarms, real-time parking management, and traffic planning. However, the open communication channels among various entities, including smart vehicles, roadside infrastructure, and fleet management sys- tems, introduce security and privacy vulnerabilities. To address these concerns, we propose a novel security framework, named blockchain-assisted lightweight authenticated key agreement se- curity framework for smart vehicles-enabled ITS (BASF-ITS), which ensures data protection both during transit and while stored on cloud servers. BASF-ITS employs a combination of efficient cryptographic primitives, including hash functions, XOR operator, ASCON, elliptic curve cryptography, and physical unclonable functions (PUF), to design authenticated key agree- ment schemes. The inclusion of PUF significantly enhances the system’s resistance to physical attacks, preventing tampering attempts. To ensure data integrity when stored on the cloud, our framework incorporates blockchain technology. By leveraging the immutability and decentralization of the blockchain, BASF-ITS effectively safeguards data at rest, providing an additional layer of security. We rigorously analyze the security of BASF-ITS and demonstrate its strong resistance against potential security ass aults, making it a robust and reliable solution for smart vehicle- enabled ITS. In a comparative analysis with contemporary competing schemes, BASF-ITS emerges as a promising approach, offering superior functionality traits, enhanced security features, and reduced computation, communication, and storage costs. Furthermore, we present a practical implementation of BASF- ITS using blockchain technology, showcasing the computational time versus the “transactions per block” and the “number of mined blocks”, confirming its efficiency and viability in real- world scenarios