Provable Privacy Preserving Authentication Solution for Internet of Things Environment

The Internet of Things (IoT) has become an important technology which permits different devices and machines to interconnect with each other using heterogeneous networks. The integration of numerous techniques is expected to offer extraordinary growth in future and current promising applications of IoT. In these days, the secure communication among interconnected IoT components has become an important issue of concern. Therefore, it has become a foremost need to design such authentication protocol which can make the secure communication among IoT components. In this article, we proposed an identity-based authentication and key agreement protocol for the IoT environment in order to offer the secure communication between various IoT entities. The devised protocol utilizes the physically unclonable function which helps to robustly resist the physical attack on IoT components. We analyze the proposed protocol informally which clearly shows that the proposed protocol offers the perfect forward secrecy, device anonymity and untraceability and also resists the desynchronization, IoT node impersonation and server impersonation attacks. The security features of proposed protocol are also analyzed formally using well known Random Oracle Model (ROM). Moreover, the performance of the devised protocol has also been determined in terms of communication and computational overhead. The performance and security analysis shows the supremacy of the devised protocol over the various related protocols

An efficient inter-fpga routing exploration environment for multi-fpga systems

Field programmable gate arrays (FPGAs) have seen a huge evolution since their inception almost three decades ago. Multi-FPGA boards continuously receive an increasing attention by the research community as efficient solutions for complex system prototyping. This is due to reliable high-speed, low-cost, and real-life exploration environment they offer. Although multi-FPGA platforms offer better frequency compared to other prototyping alternatives, expanding logic resource to I/O ratio in FPGAs is causing an increase in time multiplexing ratio of inter-FPGA signals (logical signals) to inter-FPGA tracks (physical resources), which causes a decline in overall system frequency. This paper introduces a generic testing platform for multi-FPGA modeling. With this platform, users will be able to experience overall prototyping cycle of a digital system. The cycle will start from benchmark generation and will go all the way to interFPGA routing. Using generic tools of this platform, we explore the effect of three different inter-FPGA routing approaches on the frequency of final prototyped design. Each routing approach is applied on generic as well as custom multi-FPGA boards. Results obtained through experimentation show that, for generic FPGA board, routing approach better exploiting two- and multi-point tracks of target FPGA board gives better average frequency results as compared to other two routing approaches

Resistance against brute-force attacks on stateless forwarding in information centric networking

Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allowing forwarding nodes to statelessly verify if packets have been previously authorized, thus preventing attacks on the forwarding mechanism. Analysis of the probability of attack, derived analytically, demonstrates that the technique is highly-resistant to brute-force attacks

Selecting Bloom-filter header lengths for secure information centric networking

Information-centric networking (ICN) is a new communication paradigm that shifts the focus from end hosts to information objects. Recent studies have shown that ICN can provide more efficient mobility support and multicast/anycast content delivery compared to traditional host-centric solutions. Nevertheless, the ICN solutions proposed so far are not very mature from the security viewpoint. In this paper, we study one of the most important Bloom-filter based ICN forwarding mechanisms and discuss its security vulnerabilities. Next, we propose some enhancements to this mechanism, which aim at increasing its resistance to brute-force attacks. Our proposed solutions are supported by simulation studies

An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices

Two party authentication schemes can be good candidates for deployment in Internet of Things (IoT)-based systems, especially in systems involving fast moving vehicles. Internet of Vehicles (IoV) requires fast and secure device-to-device communication without interference of any third party during communication, and this task can be carried out after registration of vehicles with a trusted certificate issuing party. Recently, several authentication protocols were proposed to enable key agreement in two party settings. In this study, we analyze two recent protocols and show that both protocols are insecure against key compromise impersonation attack (KCIA) as well as both lack of user anonymity. Therefore, this paper proposes an improved protocol that does not only resist KCIA and related attacks, but also offers comparable computation and communication. The security of proposed protocol is tested under formal model as well as using well known Burrows–Abadi–Needham (BAN) logic along with a discussion on security features. While resisting the KCIA and related attacks, proposed protocol also provides comparable trade-of between security features and efficiency and completes a round of key agreement in just 13.42 ms, which makes it a promising candidate to be deployed in IoT environments

A Privacy Preserving Authentication Scheme for Roaming in IoT-Based Wireless Mobile Networks

The roaming service enables a remote user to get desired services, while roaming in a foreign network through the help of his home network. The authentication is a pre-requisite for secure communication between a foreign network and the roaming user, which enables the user to share a secret key with foreign network for subsequent private communication of data. Sharing a secret key is a tedious task due to underneath open and insecure channel. Recently, a number of such schemes have been proposed to provide authentication between roaming user and the foreign networks. Very recently, Lu et al. claimed that the seminal Gopi-Hwang scheme fails to resist a session-specific temporary information leakage attack. Lu et al. then proposed an improved scheme based on Elliptic Curve Cryptography (ECC) for roaming user. However, contrary to their claim, the paper provides an in-depth cryptanalysis of Lu et al.’s scheme to show the weaknesses of their scheme against Stolen Verifier and Traceability attacks. Moreover, the analysis also affirms that the scheme of Lu et al. entails incorrect login and authentication phases and is prone to scalability issues. An improved scheme is then proposed. The scheme not only overcomes the weaknesses Lu et al.’s scheme but also incurs low computation time. The security of the scheme is analyzed through formal and informal methods; moreover, the automated tool ProVerif also verifies the security features claimed by the proposed scheme

A low-cost privacy preserving user access in mobile edge computing framework

The computational offloading from conventional cloud datacenter towards edge devices sprouted a new world of prospective applications in pervasive and Mobile Edge Computing (MEC) paradigm, leading to substantial gains in the form of increased availability, bandwidth with low latency. The MEC offers real-time computing and storage facility within the proximity of mobile user-access network, hence it is imperative to secure communication between end user and edge server. The existing schemes do not fulfill real time processing and efficiency requirements for using complex crypto-primitives. To this end, we propose a novel two-factor biometric authentication protocol for MEC enabling efficient and secure combination of Physically Unclonable Functions (PUFs) with user-oriented biometrics employing fuzzy extractor-based procedures. The performance analysis depicts that our scheme offers resistance to known attacks using lightweight operations and supports 30% more security features than comparative studies. Our scheme is provably secure under Real-or-Random (ROR) formal security analysis model