Lightweight hybrid lattice–based session key agreement protocol for multimedia IoT

The E-health care systems allow patients to gain the health monitoring facility and access medical services remotely. A secure mechanism for mutual authentication and session key agreement is the most important requirements for E-Health Care Systems. Recently, Amin et al.’s proposed a mutual authentication and session key agreement protocol and claimed that their scheme is secure against all possible attacks. In this paper, we show that not only their scheme is vulnerable to privileged-insider attack, replay attack, session key disclosure attack, but also does not provide patient untraceability and backward secrecy. In order to withstand the mentioned security weaknesses, we propose an efficient remote mutual authentication scheme for the systems which are using ECC and Fuzzy Extractor. The proposed scheme not only resists against different security attacks, but it also provides an efficient registration, login, mutual authentication, session key agreement, and password and biometric update phases. During the experimentation, it has been observed that the proposed scheme is secure against various known attacks. Beside, our scheme is robust against privileged-insider attack that it rarely checked in security analysis. The informal analysis will ensure that our scheme provides well security protection against the different security attacks. Furthermore, we analyzed the security of the scheme using AVISPA software and Random Oracle Model. The formal analysis results and performance evaluation vouch that our scheme is also secure and efficient in computation and communication cost.

A new authentication and session key agreement protocol in distributed trusted centers environment is proposed according to the analysis of several key agreement protocols. This protocol is composed by three layers: the layer of management center (MTC0), the layer of trusted centers (TCs), and the layer of users belonging to different TCs. The protocol is performed by two steps. The first step deals with the interrelated tasks among TCs, it includes the user registration in TC, the signature of user's identity, and the generation of user's private key. The next step is the authentication of user's identity between different TCs, and the generation of session key. This paper analyses the rationality and security of this session key agreement protocol. This system is effective in system structure and in system parameters selection. It resolves the problems about the authentication and generation of session key between users in distributed TCs. It prevents the man-in-middle attack, and reduces the disaster that might be brought by the exposing of master key owned by the distributed TCs. It has perfect forward secrecy, key control security, and unknown key share security, etc. At the end of this paper, we analyze the flaws and propose the future works about this protocol.

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

A most prominent and emerging technology namely the Internet of Things (IoT) enables legitimate users to access and monitor the sensors installed in various units of the industry. Such access and monitoring is facilitated using a secure authenticated key agreement (AKA) protocol. However, the complexity arises during the establishment of an effective session key agreement protocol to allow users to communicate securely with the sensors placed in the industrial IoT (IIoT). Few key agreement protocols existing in the literature have proved to perform the task effectively. Nevertheless, such protocols suffer from increased computation and communication cost. Hence, the motivation is to develop an efficient key agreement protocol that could over perform the existing protocols. Therefore, this research paper proposes an efficient key agreement protocol which is computationally and communication efficient. Moreover, the proposed key agreement protocol permits the users to securely communicate with the sensors. The proposed work focuses on twin dimensions. The first dimension is to reduce the computational complexity while sharing the mutual session key among the users and sensors. The second dimension focuses on decreasing the communicational cost. This is achieved by minimizing the amount of information communicated among the users and sensors. Subsequently, the proposed protocol is a hybrid methodology in which there are two working layers through which the session key is established. In the first layer, a mutual secret key is generated using a well-known elliptic curve cryptography (ECC) technique and this is shared among the users and the gateway node (GWN). In the second layer, the key generated in the above layer is used and the user initiates the key agreement process, wherein the GWN and sensors are generating a mutual session key using a group key. The simulated results of the proposed work clearly depicts the substantial reduction of computational and communicational complexities.

Telecare medicine information system (TMIS) has provided an efficient and convenient way for communications of patients at home and medical staffs at clinical centers. To make these communications secure, user authentication by medical servers is considered as a crucial requirement. For this purpose, many user authentication and key agreement protocols have been put forwrad in order to fulfil this vital necessity. Recently, Arshad and Rasoolzadegan have revealed that not only the authentication and key agreement protocols suggested by Amin and Biswas and Giri et al. are defenseless against the replay attack and do not support the perfect forward secrecy, but also Amin and Biswas's protocol is susceptible to the offline password guessing attack. Nonetheless, in this paper, we demonstrate that Arshad and Rasoolzadegan's and the other existing schemes still fail to resist a well-known attack. Therefore, to cover this security gap, a new user authentication and session key agreement protocol is recommended that can be employed effectively for offering secure communication channels in TMIS. Our comparative security and performance analyses reveal that the proposed scheme can both solve the existing security drawback and, same as Arshad and Rasoolzadegan's scheme, has low communication and computational overheads.

SummaryThe telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.

In this paper, a protocol named as Mutual Authentication and Session Key Agreement (MASKA) has been proposed to overcome various network security attacks in the Global Mobility Network (GLOMONET). It is an essential criterion for identifying legitimate mobile users while they roam around from one region to another and make use of the services of different mobile networks. As mobile users avail services in the roaming network, they are prone to face different network security attacks. There are different mobile user authentication protocols already available in the literature on GLOMONET to secure data communication. Several researchers have suggested their protocols to minimize the effect of the attacks. Some of these protocols although resist most of the attacks but fail to overcome insider attack, impersonation attack, stolen smartcard attack and do not provide perfect forward secrecy. Further, Several security issues like mutual authentication, anonymity, resistance from impersonation attacks, the man in middle attacks, replay attacks, etc are taken care of while designing such protocols. In this paper, the Performance analysis of MASKA shows its efficiency concerning different security issues as compared to existing protocols already available in the literature. A trade-off has been made for communicational and computational overheads contrasted with other existing protocols.

Time synchronization is important for many network applications. This paper utilizes the fact that time service is a standard service in almost all kinds of computer networks, and proposes a new session key agreement protocol by building sessions keys based on the locally available time information. A prototype system has been tested in the simulation environment and the results are promising.

In this paper, we propose a secure two-factor remote user authentication protocol using Elliptic curve cryptography. The proposed protocol provides the mutual authentication of participants, session key agreement and user anonymity. The security of our proposed protocol is based on one way hash function and elliptic curve cryptosystem and it is secure against all relevant security attacks. Compared with other relevant protocol, the security analysis and performance evaluation show that our proposed protocol can provide high level of security with less communication and computation cost. In addition, the BAN logic is applied to demonstrate the validity of the proposed protocol.

Through the application of powerful semiconductors and high-speed communication technologies such as 5G, large-scale or even ultra-large-scale Internet of Multimedia Things (IoMT) will soon appear. Secure communication and cooperation in the Multimedia Internet of Things (IoT) will thus increase, and trust between these devices is important. However, existing IoT trust mechanisms either rely on additional trusted third parties or assume that trusted devices exist between trusted domains; these assumptions are difficult to satisfy simultaneously in the IoMT context. Accordingly, this paper utilizes blockchain technology to propose a trust establishment mechanism suitable for the distributed IoMT. Highly secure and scalable trust mechanisms are established without the need to assume that a third party exists or that these CAs (Certification Authorities) are trusted. We design the IoMT node authentication and key agreement protocols across the trust domain. Our experimental results prove that our proposed method reduces the number of trust domain conversions.

Cryptography is the common compelling recommendation for reliable communication of data. A cryptographic key is a meaningful thing in this system. Despite, such key demands to be collected in a secured place or carried through a distributed communication line which, in actuality, poses another alert to safety. As a substitute, researchers affirm the creation of cryptographic key utilizing the biometric features of both sender and receiver throughout the sessions of communication, thus bypassing key sharing through the insecure channel and at the very time without imperiling the power in safety. Nonetheless, the biometric-based cryptographic key formation contains few matters so as the secrecy of biometrics, distributing of biometric data among both communicating users, and creating the revocable key of irrevocable biometric. Aforementioned work discusses the above-mentioned concerns. Here a structure for reliable communication among two users using cancelable fingerprint based session key agreement protocol has been suggested. For this, communication a session key is created by both communicating parties at their end using their cancelable fingerprint biometrics. In this aforementioned method, each original biometric data is converted into a cancelable biometric data and the revocable key for session key agreement protocol is created from the cancelable fingerprint of the communicating parties. For better performance and security purposes, all the actions of this protocol are based on elliptic curve cryptography. Proposed protocol precludes undesired third-parties from requiring a key selection on this agreeing parties. Based on the experimental evaluation across four datasets of FVC2002, the proposed structure is privacy-preserving and is excellently fitting for various real-time biometric-based applicability.

The generation of cryptographic keys using the biometric features of both communicating parties throughout the sessions of communication avoids the process of key sharing through some insecure channel, difficulty in remembering the large key(256 or 1024 bits key), and storing the key in some safe place. At the same time preserving the safety of cryptographic keys. Nonetheless, the biometric-based cryptographic key formation contains few matters so as the secrecy of biometrics, distributing biometric data among both communicating users, and creating the revocable key of irrevocable biometric. The present work discusses the above-mentioned concerns. Here a structure for a reliable session key agreement protocol has been suggested. For this, communication a 256-bit session key is created by both communicating parties at their end. For the generation of the 256-bit key, each of the left and right thumb was captured in each session. The right thumb impressions of the communicating parties are used to generate the cancelable fingerprint biometric s and the left thumb impressions of each communicating parties are used to generate a 64-bit hash value by applying the proposed double hash function. After that both communicating parties generate secret value using elliptic curve cryptography from their cancelable biometrics data and share along with the generated hash value. At the end of the process generated secret value and the hash value are concatenated to generate the revocable key for session key agreement protocol. For better performance and security purposes, all the actions of this protocol are based on elliptic curve cryptography. Proposed protocol precludes undesired third-parties from requiring a key selection on this agreeing parties. Based on the experimental evaluation across four datasets of FVC2002, the proposed structure is privacy-preserving and is excellently fitting for various real-time biometric-based applicability.

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to node-capture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base station.

Today, networks are no longer limited to servers and desktops.A lot of information transfer is done over mobile devices like smart cards, cell phones, PDAs etc. User authentication and session key agreement is an important aspect of a secure information system.In this paper, we propose an efficient password-authenticated protocol for smart cards which provides user authentication and session key agreement.This protocol is based on ECC and has the following merits: 1) The computation and communication cost is low;2) The password can be freely chosen by the user; 3) There is no time synchronisation problem; 4) It prevents the offline dictionary attack even if the information stored in the smart card is compromised; 5) It provides for mutual authentication and session key agreement; 6) All well known attacks are prevented using our protocol; 7) The identity of the user changes dynamically for every new session.

The authentication key agreement is a scheme that generates a session key for encrypted communication between two participants. In the authentication key agreement, to provide the mutual authentication and the robust session key agreement is one of the important security requirements to enhance the security performance of key agreement. Recently Zhou et al. had proposed the key agreement protocol using pseudo-identifiers, but we found that there were weaknesses in their protocol. We have demonstrated that Zhou et al.'s protocol is vulnerable to replay attack, fails to provide mutual authentication, no key control, re-registration with the original identifier and efficiency in the verification of wrong password. We improved their scheme and proposed an improved authentication key agreement protocol that provides robust mutual authentication and the secure session key agreement. We analyzed its security performance using BAN logic and AVISPA tools and compared computational cost, communication overhead and security properties with other related schemes.