A Novel Authentication and Key Agreement Scheme for Countering MITM and Impersonation Attack in Medical Facilities

Authentication is used to enfold the privacy of the patient to implement security onto the communication between patients and service providers. Several types of research have proposed support for anonymity for contextual privacy in medical systems that are still vulnerable to impersonation attack and Man-in-the-middle attack. By using powerful technology that is used in medical facilities, it can help in building an advanced system. However, the same powerful tools can also be used by the attackers to gain personal profits and to cause chaos. The proposed countermeasure that is to be taken to prevent this kind of attacks is by implementing mutual authentication between users, their devices/mobile devices, and the system’s cloud server, and also a key agreement scheme together with the help of Elliptic Curve Cryptography (ECC). A novel authentication scheme which consists of two phases, a signature generation, and authentication process. The ECC implementation is to ensure that the keys are thoroughly secured and is not copy- able, together with a Key generation scheme that shields the system against impersonation attacks. The usage of Elliptic Curve Digital Signature Algorithm (ECDSA), in a signature generation, on the other hand, provides users more secure way to hide the user private key and bring additional security layer before proceeding to authentication phase due to the existence of extra elements of domain parameters. Authentication is still considered as a crucial component in maintaining the security of any critical facilities that require the CIA tried and non- repudiation as a need to maintain their data. It does not only apply to medical centers, but any organizations that possess valuable data that is needed to be protected also requires strong authentication protocols. Thus, the trend for the need of novel authentication protocols will keep on rising as technology gets fancier and fancier

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme

EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability

Today we are moving into a “post-PC” world! Not many people sit in front of custom built PCs to do their businesses any more. Hand held devices such as iPod Touch, iPhone, Galaxy S3, iPad, Galaxy Tab, Airbook, Notepad etc. are bringing in a new paradigm as to how people use and communicate information. These devices can be thought as a theoretical “black-box”. They are for people who want to use it without wanting to know how they work. Such devices have third generation user interfaces – multi touch, physics and gestures (MPG). They need updates, but the user is not worried of how and where the files are stored. When a new application is installed, the user sees the icon and starts using it. The user is not interested in, what files were installed or where it was installed – there is no file management. The post-PC approach to dealing with software is that it’s discovered on an app store, downloaded with a single touch and deleted with another touch. Updates all come at once from the app store and it all happens behind the scene with minimal user involvement. All this is happening and adopted rapidly because people are able to do a number of things without being restricted to one place. They can download apps, watch movies, listen to news, browse the web etc. while on the move.Griffith Sciences, School of Information and Communication TechnologyFull Tex

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements