Security architecture for mobile E-health applications in medication control

The use of Radio Frequency Identification technology (RFID) in medical context enables not only drug identification, but also a rapid and precise identification of patients, physicians, nurses or any other health caregiver. Combining RFID tag identification with structured and secured Internet of Things (IoT) solutions enable ubiquitous and easy access to medical related records, while providing control and security to all interactions. This paper defines a basic security architecture, easily deployable on mobile platforms, which would allow to establish and manage a medication prescription service in mobility context making use of electronic Personal Health Records. This security architecture is aimed to be used with a mobile e-health application (m-health) through a simple and intuitive interface, supported by RFID technology. This architecture, able to support secured and authenticated interactions, will enable an easy deployment of m-health applications. The special case of drug administration and ubiquitous medication control system, along with the corresponding Internet of Things context, is used as a case study. Both security architecture and its protocols, along with a general Ambient Assisted Living secure service for medication control, is then analyzed in the context of the Internet of Things.FEDER Funds through the Programa Operacional Fatores de Competitividade - COMPETE and by National Funds through the FCT - Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and Technology) within project FCOMP-01-0124-FEDER-022674

A method for making password-based key exchange resilient to server compromise

Abstract. This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dictionary attack to gain any advantage in impersonating a client. (Of course, offline dictionary attacks should be infeasible in the absence of server compromise.) One can see that this is the best security possible, since by definition the password file has enough information to allow one to play the role of the server, and thus to verify passwords in an offline dictionary attack. While some previous PAKE schemes have been proven resilient to server compromise, there was no known general technique to take an arbitrary PAKE scheme and make it provably resilient to server compromise. This paper presents a practical technique for doing so which requires essentially one extra round of communication and one signature computation/verification. We prove security in the universal composability framework by (1) defining a new functionality for PAKE with resilience to server compromise, (2) specifying a protocol combining this technique with a (basic) PAKE functionality, and (3) proving (in the random oracle model) that this protocol securely realizes the new functionality.

Password Authentication Key Exchange Mechanism using Identity Based System

In digital world various authentication techniques are used, password authentication is one of the traditional technique. Many improvements are made in password authentication techniques as only password authentication cannot withstand today?s attack. One of the password authentication technique is two-server password authentication. In two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the password of the client. In case one server is compromised by an adversary, the password of the client is required to remain secure. Research work proposed two servers that stores two shares of identity password in encrypted format. The two shares of passwords will be stored in such a way that identity password will be reformed with the help of any user defined algorithm. Along with password authentication, here idea is to implement identity based on encryption technique to encrypt the documents and messages. Proposed system will prevent dictionary, shoulder surfing, and key logger attacks

PACCE -A Real Genuine Key Swap over Protocols

A Secure protocols for password-based user authentication unit well-studied among the crypto logical literature but have did not see wide-spread adoption on the internet; most proposals up to presently want full modifications to the Transport Layer Security (TLS) protocol, making preparation onerous. Recently many traditional styles square measure projected among that a cryptographically secure countersign-based mutual authentication protocol is run among a confidential (but not primarily authenticated) channel like TLS; the countersign protocol is sure to the established channel to forestall active attacks. Such protocols unit helpful in apply for a ramification of reasons: ability to validate server certificates and can all told likelihood be enforced with no modifications to the secure channel protocol library. It offers a scientific study of such authentication protocols. Building on recent advances in modelling TLS, we've associate inclination to provide a correct definition of the meant security goal, that we've associate inclination to decision password-authenticated and confidential channel institution (PACCE). we've associate inclination to imply generically that combining a secure channel protocol, like TLS, Our prototypes supported TLS unit accessible as a cross-platform client-side Firefox browser extension furthermore as associate golem application and a server-side internet application which will simply be place in on servers

A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments

© 2020 by the authors. This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT 29 requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.Peer reviewe

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Virtualization based password protection against malware in untrusted operating systems

Ministry of Education, Singapore under its Academic Research Funding Tier