Key Authentication Research Articles

A secure and privacy-preserving key agreement and mutual authentication scheme

The development of manufacturing, communication, and computing technologies has promoted convergence of different network architectures, aiming to make full use of all resources to create valuable information. While heterogeneous integrated networks play a key role in providing highly effective and efficient solutions for medical users, they also raise various security and privacy issues. Strengthen the security and privacy protection and efficiency before transmitting sensitive data is a primary challenge to be addressed. Traditional authentication methods fail to differentiate the privacy sensitivity difference between data collected by distinct devices. We propose a secure and efficient key management scheme based on a key-exposure resistant chameleon hash function. Through adopting the devices' privacy sensitivity and users' attribute credential as two factors to establish trust between different entities, we proposed a secure and anonymous authentication protocol. The security analyses indicate that the proposed protocol can satisfy security requirements.

Bilinear pairings signcryption scheme for user authentication keys in heterogeneous networks

Bilinear pairings signcryption scheme for user authentication keys in heterogeneous networks

Bilinear Pairings Signcryption Scheme For User Authentication Keys In Heterogeneous Networks

Heterogeneous network user authentication keys are vulnerable to plain text attacks, resulting in poor encryption performance. Therefore, a heterogeneous bilinear pairing signcryption scheme is proposed. The symbol frequency detection method is used to detect symbols of user authentication data, establish an ORK user protocol in a heterogeneous network, and perform a pairwise signcryption scheme to linearly encode user cognitive information in a heterogeneous network. Use Ryption technology to authenticate and re-sign users in heterogeneous networks, and use a bilinear pairing signature encryption scheme to control cipher text in user processes to encrypt identity authentication information in heterogeneous networks. Establish a statistical analysis model to encrypt user authentication information in a heterogeneous network to achieve intelligence. Simulation results show that the method has good scrambling ability and strong anti-attack ability. It is used for bilinear pairing signature encryption of user authentication keys in heterogeneous networks.

BAKMP-IoMT: Design of Blockchain Enabled Authenticated Key Management Protocol for Internet of Medical Things Deployment

The Internet of Medical Things (IoMT) is a kind of connected infrastructure of smart medical devices along with software applications, health systems and services. These medical devices and applications are connected to healthcare systems through the Internet. The Wi-Fi enabled devices facilitate machine-to-machine communication and link to the cloud platforms for data storage. IoMT has the ability to make accurate diagnoses, with fewer mistakes and lower costs of care. IoMT with smartphone applications permits the patients to exchange their health related confidential and private information to the healthcare experts (i.e., doctors) for the better control of diseases, and also for tracking and preventing chronic illnesses. Due to insecure communication among the entities involved in IoMT, an attacker can tamper with the confidential and private health related information for example an attacker can not only intercept the messages, but can also modify, delete or insert malicious messages during communication. To deal this sensitive issue, we design a novel blockchain enabled authentication key agreement protocol for IoMT environment, called BAKMP-IoMT. BAKMP-IoMT provides secure key management between implantable medical devices and personal servers and between personal servers and cloud servers. The legitimate users can also access the healthcare data from the cloud servers in a secure way. The entire healthcare data is stored in a blockchain maintained by the cloud servers. A detailed formal security including the security verification of BAKMP-IoMT using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is performed to demonstrate its resilience against the different types of possible attack. The comparison of BAKMP-IoMT with relevant existing schemes is conducted which identifies that the proposed system furnishes better security and functionality, and also needs low communication and computational costs as compared to other schemes. Finally, the simulation of BAKMP-IoMT is conducted to demonstrate its impact on the performance parameters.

LAKE-IoD: Lightweight Authenticated Key Exchange Protocol for the Internet of Drone Environment

A drone is an unmanned aerial vehicle, which is deployed in a particular Fly Zone (FZ), and used to collect crucial information from its surrounding environment to be transmitted to the server for further processing. Generally, a Mobile User (MU) is required to access the real-time information collected by the drone stationed in a specific FZ securely. Therefore, to ensure secure and reliable communications an Authenticated Key Exchange (AKE) protocol is imperative to the Internet of Drone (IoD) environment. An AKE scheme ensures only authentic MU to access IoD network resources. Upon successful authentication, MU and drone can set up a secret session key for secure communication in the future. This paper presents a novel Lightweight AKE Protocol for IoD Environment (LAKE-IoD), which first ensures the authenticity of MU and also renders session key establishment mechanism between MU and drone with the help of a server. LAKE-IoD is an AKE protocol, which is based on an authenticated encryption scheme AEGIS, hash function, and bit-wise XOR operation. Meticulous formal security verification by employing a software tool known as Scyther and informal security analysis demonstrates that LAKE-IoD is protected against different well-known active and passive security attacks. Additionally, Burrows-Abadi-Needham logic is applied to verify the logical completeness of LAKE-IoD. Furthermore, a comparison of LAKE-IoD with the related schemes shows that LAKE-IoD incurs less communication, computational and storage overhead.

Secure Authentication Key Sharing between Personal Mobile Devices Based on Owner Identity

Secure Authentication Key Sharing between Personal Mobile Devices Based on Owner Identity

Authenticated QKD Protocol Based on Single-Photon Interference

As is known, quantum key distribution (QKD) can provide information-theoretic security under some preconditions, one of which is that the identity of each participant has been authenticated. And quantum identity authentication (QIA) can achieve this precondition effectively. However, the adversary still can implement man-in-the-middle attacks on QKD protocols in some situations, such as the protocol in [Quant. Inf. Process, 18, 137 (2019)]. In the above paper, the authors claimed that, after their QIA protocol based on GV95 system (GV95-QIA protocol), the participants could perform GV95-QKD protocol to update and extend the authentication keys. However, this method is not secure in the sense that the adversary could wait for the participants to complete GV95-QIA protocol and then perform the man-in-the-middle attack on the QKD process. In this paper, we solve this problem by mixing GV95-QIA process and GV95-QKD process randomly. Specifically, two authenticated QKD protocols are proposed based on the above idea. The proposed protocols can be used to provide secure identity authentication to GV95-QKD protocol, and also can be used to extend the authentication keys for GV95-QIA protocol.

A novel data sharing model for cloud environment using dual key authentication

In the present world scenario, cloud computing plays a significant role in sharing of data between computing devices in a secure manner. Specifically, data sharing amongst dynamic or static groups has grown as a major factor. For this purpose, the study proposed a dual key authentication-based dynamic group data sharing model in a cloud environment. First, data are encrypted before sharing using AES algorithm. Here, data is stored in the form of string instead of bytes which can reduce the memory size without affecting the original data. Second, the cryptographic approach is applied to overcome the issues of computational load and key length maintenance. A subkey is generated for the private key, wherein each user will receive a different subkey. Third, enabled the prevention of secret data from collusion attack and improved the malicious activity prediction during data transfer. So, that the revoked user unable to violate the data confidentiality. Also, the original data cannot be decrypted by anyone even if they receive it. Finally, this study evaluated the performance of proposed cloud security model with the existing methods, especially PRE, CL-PRE and SaDaSc.

Quantum Data Aggregation Using Secret Sharing and Genetic Algorithm

In the process of data aggregation, intruder nodes and compromised nodes may decrease the system performance. Hence, security plays an important role. Secret sharing is a method to find the compromised nodes. The previous researches in secure data aggregation concentrated on key authentication process and little research is done in N-party secret sharing methods. In this article, we proposed quantum data aggregation using secret sharing and genetic algorithm, where a node forwards data to its most trusted neighbor only. In the proposed method, a node selects n 1-hop neighbors from a list of its m 1-hop neighbors, which well behaved over a period and forwards data to the most trusted amongst them. We simulated quantum teleportation using SimulaQron tool for establishing secure communication. However secured is the communication channel the compromised nodes may decrease the system performance by exposing network to malicious activities. Each node creates n shares of a secret and forwards a share on a secured quantum channel to the n 1-hop neighbors in such a way that from any t neighbors share(t<n) the secret is reconstructed. The data aggregation security increases since a group of t users can reconstruct the key but no single user has the complete authority on the secret. The proposed method ensures that each node will be able to aggregate the captured message securely without any interventions from the compromised/intruder nodes. The proposed system applies genetic method to improve the efficiency of the process of detection of the compromised nodes based on the behavioral history of the node. While detecting the malicious nodes the proposed method accuracy rate is 98.8 and false rate is 0.15, which is almost equal to secure and energy-efficient data aggregation method based on an access control method. However, in terms of the size of the network considered, the percentage of malicious nodes assumed and from the basic principles of quantum teleportation, the proposed method proves to be a better protocol for implementing secure data aggregation.

A novel data sharing model for cloud environment using dual key authentication

A novel data sharing model for cloud environment using dual key authentication

Data privacy preservation in MAC aware Internet of things with optimized key generation

Recently, the progression in Internet of Thing (IoT) has extensively influenced the model of wireless networking. As numerous wireless devices were emerged, the new Medium Access Control (MAC) and routing protocols has been introduced for assuring the end-to-end network efficiency. This paper aims to focus on the IEEE 802.15.4 MAC standards, where the security field is included in MAC header. The sensitive data security authentication on this MAC header is completely based on the method with the introduction of optimum authentication key using partially homomorphic encryption named ElGamal public key cryptosystem. More importantly, in this work, the ElGamal public key cryptosystem for securing IoT data is progressed by generating the optimal private key as well. For this optimal selection of key, this paper aims to establish a new hybrid optimization algorithm that hybrids the concept of Lion Algorithm (LA) and Cuckoo Search Algorithm (CS) named Cuckoo Mated-Lion Algorithm (CM-LA). Finally, the performance of the proposed working strategy is compared over other state-of-the-arts models by concerning various attacks, convergence and key sensitivity analysis, respectively.

Post Quantum Authenticated Key Exchange Protocol Based on Ring Learning with Errors Problem

Post Quantum Authenticated Key Exchange Protocol Based on Ring Learning with Errors Problem

Efficient Mutual Authentication Protocol between Hospital Internet of Things Devices Using Probabilistic Attribute Information

Wearable and portable medical devices are one of the fastest growing sectors in the Internet of Things (IoT) market. However, medical services specialize in the processing of personal health data, which carries issues that are not faced by other industries. In this paper, we propose a multi-dimensional color vector information based IoT device authentication protocol that can provide benefits for medical work, assuming that a hospital has the capability of integrating IoT devices and has access to patient information. The proposed protocol uses multi-dimensional color vectors to help users who use IoT devices to manage their condition in multiple groups, stochastically. In addition, the proposed protocol provides the health and medical service status of users to medical staff in real time using IoT authentication keys generated through the proposed multi-dimensional color vectors. The proposed protocol not only addresses health care problems yet to be tackled in the management of hospital and health services, but also minimizes administrative time and procedures for current medical services. As a result of the performance evaluation, the proposed protocol improved the efficiency of hospital IoT devices by an average of 31.1%, and the time delay for medical services was improved by 19.8%, compared to the existing protocol. By using the proposed protocol and IoT devices, the average overhead of healthcare providers could be reduced by as much as 15.3%.

RANCANG BANGUN APLIKASI DETEKSI KEASLIAN FILE AUDIO MENERAPKAN METODE CRC 32

The authenticity of a digital file is something that must be able to be guaranteed its existence, considering that there are so many devices that can be used to carry out manipulation of the digital file. One of the digital files discussed in this study is an audio file with MP3 file extension. Please note that MP3 audio files are now very easy to obtain, even very easy to manipulate and insert objects in, so we need a safety technique to maintain the authenticity of the audio file. Overcoming the problem that has been explained in the previous paragraph, the appropriate security technique used is the hash cryptographic technique, by applying the CRC 32 algorithm. The application of CRC 32 aims to generate hash codes from MP3 audio files that can be used as key codes for authentication (key authenticity) of MP3 audio files. The results of this study are a representation of the technical explanation of the application of the CRC 32 algorithm in generating MP3 audio file hash codes, which the CRC 32 algorithm is applied to applications that have been designed and built using the help of MATLAB software version 6.1.Keywords: File Authenticity, Audio File, CRC 32, MATLAB 6.1

Polynomial and matrix based key management security scheme in wireless sensor networks

Wireless sensor networks (WSN) due to its constrained resources and wide application in different fields like in military area and battlefield has brought the focus on the implementation of security in network. In this paper a key management scheme is suggested for heterogeneous and hierarchical WSN to provide improved secure key distribution and authentication between base station, cluster head and sensor node while maintaining less complexity. The scheme uses the multivariate symmetric polynomial and matrices for the generation of keys in WSN and is called Hybrid Key Management Security scheme (HKMSS). In this scheme between base station and head, multivariate symmetric polynomial is used while between head to cluster node symmetric matrix is used for key generation which reduces the overhead at the node as it is resource constrained. The matrix mechanism for establishing secret key between head and nodes ensure secure communication between head and node. The proposed scheme has reduced computational and storage overhead with improved security, network lifetime and network connectivity.

A low-cost authentication technology of car key based SIMO-VLC

With the wide application of software radio technology platform, the traditional authentication technology of car key based on radio is no longer reliable. In this paper, a low-cost SIMO-VLC (single input multiple output visible light communication) system is designed to meet the needs of automobile key authentication, which effectively improves the authentication safety performance of automobiles. Furthermore, the hardware platform of the SIMO-VLC system was presented. Finally, we finished the actual test of bit error rate for scenarios with different colours and different distances in the experiment. The experimental results demonstrate that this technology has better communication reliability in the range of 5-180cm with blue light source.

An Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks

The maturity of cloud computing, the Internet of Things technology, and intelligent transportation system has promoted the rapid development of vehicular ad-hoc networks (VANETs). To keep pace with real-world demands (mobility, low latency, etc.) in a practical VANETs deployment, there have been attempts to integrate fog computing with VANETs. To facilitate secure interaction in fog-based VANETs, we design a new authenticated key agreement protocol without bilinear pairing. This protocol achieves mutual authentication, generates a securely agreed session key for secret communication, and supports privacy protection. We also give a strict formal security proof and demonstrate how the proposed protocol meets the security requirements in the fog-based VANETs. We then evaluate the efficiency of the proposed protocol, and it shows the practicality of the protocol.

The Hardware Design and Implementation of a Key Exchange Protocol for Low-cost IoT Devices

The General Data Protection Regulation (GDPR) which was enforced in May 2018 clearly stated that the protection of data by organizations is a mandatory task. Protecting or securing data on data collecting and sensing devices used in the Internet-of-Things (IoT) platform is a challenge for the fact that the devices are resource-constrained in terms of operation frequency, hardware area, computational complexity, and power consumption. The first step to securing data on low-cost IoT devices is to generate keys for subsequent encryption and authentication. This paper, therefore, proposes and implements a lightweight key exchange protocol with the capability of authenticating the generated key without the need for public-key cryptography. The protocol is meant to be simple and make use of minimal hardware resources. It uses components such as the pseudorandom number and bit generators, dot product, XOR gates, shift registers and basic logic gates making it very resource-efficient. The hardware architecture of the protocol was implemented using Verilog Hardware Description Language (HDL) and synthesized using Xilinx ISE 14.7 software which includes XPower Analyzer for power estimation. The protocol was tested on a Field Programmable Gate Array (FPGA) board with a synthesizable Reduced Instruction Set Computer Five (RISC-V) processor core. The synthesis and simulation results which include area, maximum frequency, latency, and power consumption show that the protocol is suitable for IoT low-cost devices as compared to standard public-key primitives.

Secure V2X Communication Network based on Intelligent PKI and Edge Computing

The current remarkable development of communication technology is enabling the intelligent driving system by providing a V2X network to exchange and process transportation data. However, security, as a fundamental requirement, is still lacking in many aspects of current V2X networks. For V2X networks, low latency, as a critical requirement for V2X networks, restrains usage of traditional security functions as security related operations like Public Key Infrastructure (PKI) systems also introduce latency. In this article, we propose an efficient scheme by intelligently distributing keys for authentication in V2X networks. The general design is to distribute key pairs valid according to the location information for vehicles and RoadSide Units (RSUs). Thus, based on this authentication scheme relying on location information, keys can be pre-distributed according to the vehicles’ future locations. Also, we propose to use the Recurrent Neural Network (RNN) to predict the future route and locations which can let the key requests started from the vehicles’ ends. The key idea is to provide an intelligent and efficient key distribution protocol for V2X networks. Some experimental results prove the efficiency with evaluations on our proposal compared with the existing solution.

Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.