Securing Heterogeneous Wireless Sensor Networks: Breaking and Fixing a Three-Factor Authentication Protocol

Heterogeneous wireless sensor networks (HWSNs) are employed in many real-time applications, such as Internet of sensors (IoS), Internet of vehicles (IoV), healthcare monitoring, and so on. As wireless sensor nodes have constrained computing, storage and communication capabilities, designing energy-efficient authentication protocols is a very important issue in wireless sensor network security. Recently, Amin et al. presented an untraceable and anonymous three-factor authentication (3FA) scheme for HWSNs and argued that their protocol is efficient and can withstand the common security threats in this sort of networks. In this article, we show how their protocol is not immune to user impersonation, de-synchronization and traceability attacks. In addition, an adversary can disclose session key under the typical assumption that sensors are not tamper-resistant. To overcome these drawbacks, we improve the Amin et al.'s protocol. First, we informally show that our improved scheme is secure against the most common attacks in HWSNs in which the attacks against Amin et al.'s protocol are part of them. Moreover, we verify formally our proposed protocol using the BAN logic. Compared with the Amin et al.'s scheme, the proposed protocol is both more efficient and more secure to be employed which renders the proposal suitable for HWSN networks.This work was partially supported by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices); and by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks)

A Systems Engineering Approach to a Just-In-Time intervention system

Systems Engineering, a diverse engineering field provides tools and processes to develop efficient systems across different domains. Design thinking, and Agile methodologies are some of the commonly used tools in system design. A mobile health solution using Systems Engineering principle is proposed in managing one of the costliest and common chronic diseases, Asthma. Out of many chronic diseases, Asthma is chosen to be studied, since it has shown a multi-fold increase in the last thirty years. Also, one in nine children in the United States is affected by Asthma. There is no cure for this chronic disease, but it can be controlled by proper medication and symptom tracking. The Just-in-Time Asthma Self-Management and Intervention (JASMIN) is a hybrid mobile application that provides efficient ways for patients to track the asthma symptoms, to learn and get educated about Asthma and their allergens, to communicate and get the necessary support from the care team in the long-term asthma control. JASMIN system is built on a Bio-Behavioral model which encourages and enables the use of system including parents, peers, school personnel and health care providers. JASMIN sends text message interventions to the entire care team when the child fails to track the symptom, ensuring the regularity in symptom adherence. The action plan which is rarely used when written in a physical journal has been given a digital form in JASMIN enabling the provider or parent to update it whenever the need arises. JASMIN is proposed to be used in a pilot study at East Tennessee Children Hospital recruiting 60 children who are between 7-17 years old and their parents and the providers treating their asthma

Blockchain and Internet of Things in smart cities and drug supply management: Open issues, opportunities, and future directions

Blockchain-based drug supply management (DSM) requires powerful security and privacy procedures for high-level authentication, interoperability, and medical record sharing. Researchers have shown a surprising interest in Internet of Things (IoT)-based smart cities in recent years. By providing a variety of intelligent applications, such as intelligent transportation, industry 4.0, and smart financing, smart cities (SC) can improve the quality of life for their residents. Blockchain technology (BCT) can allow SC to offer a higher standard of security by keeping track of transactions in an immutable, secure, decentralized, and transparent distributed ledger. The goal of this study is to systematically explore the current state of research surrounding cutting-edge technologies, particularly the deployment of BCT and the IoT in DSM and SC. In this study, the defined keywords “blockchain”, “IoT”, drug supply management”, “healthcare”, and “smart cities” as well as their variations were used to conduct a systematic search of all relevant research articles that were collected from several databases such as Science Direct, JStor, Taylor & Francis, Sage, Emerald insight, IEEE, INFORMS, MDPI, ACM, Web of Science, and Google Scholar. The final collection of papers on the use of BCT and IoT in DSM and SC is organized into three categories. The first category contains articles about the development and design of DSM and SC applications that incorporate BCT and IoT, such as new architecture, system designs, frameworks, models, and algorithms. Studies that investigated the use of BCT and IoT in the DSM and SC make up the second category of research. The third category is comprised of review articles regarding the incorporation of BCT and IoT into DSM and SC-based applications. Furthermore, this paper identifies various motives for using BCT and IoT in DSM and SC, as well as open problems and makes recommendations. The current study contributes to the existing body of knowledge by offering a complete review of potential alternatives and finding areas where further research is needed. As a consequence of this, researchers are presented with intriguing potential to further create decentralized DSM and SC apps as a result of a comprehensive discussion of the relevance of BCT and its implementation.© 2023 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).fi=vertaisarvioitu|en=peerReviewed

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry