Automated Validation Of Internet Security Protocols And Applications Research Articles

Privacy conserving authenticated key settlement approach for remote users in IoT based Telecare Medicine information system

The Fourth Healthcare Industrial Revolution is transforming the traditional healthcare service to Internet of Things (IoT) based smart healthcare system. Telecare medicine information system (TMIS) is one of them which demands 100% electronic transaction. In this situation, User authentication, fortifies the legitimate patients, doctors, medical helper staffs, etc. Not only that, but it also allows them to access the remote medical servers to serve medical services. Robust and Efficient user authentication plays a vital role here. Many researchers proposed different techniques, but all of them have different limitations like computational expenses, huge memory usage, excessive communication overhead, etc. In this article, a very lightweight authentication approach of remote user is demonstrated in IoT based smart healthcare environment. This approach optimizes the use of one-way hash function, exclusive-or operation and extended One-Time-Password which make the authentication approach lighter and effective. The security strength of the recommended protocol is elaborated with the help of informal and formal security analysis. Well known BAN logic and Real-Or-Random (ROR) model are used in to check the correctness of the protocol and ensure the security of the established session key. In addition to that, AVISPA (automated validation of Internet security protocols and applications) and ProVerif software simulation tools are utilized which parade, the proposed protocol is safe and secure against many attacks like Man-In-The-Middle attack and Replay attack, Ephemeral secret leakage attack, Known-session-specific-temporary-information attack, Impersonation attack, etc. and maintain the secrecy of the session key. Furthermore, the recommended protocol is compared with the existing/recently published protocols to exhibit better performance.

Provably Secure PUF-Based Lightweight Mutual Authentication Scheme for Wireless Body Area Networks

Wireless body area networks (WBANs) are used in modern medical service environments for the convenience of patients and medical professionals. Owing to the recent COVID-19 pandemic and an aging society, WBANs are attracting attention. In a WBAN environment, the patient has a sensor node attached to him/her that collects patient status information, such as blood pressure, blood glucose, and pulse; this information is simultaneously transmitted to his/her respective medical professional through a gateway. The medical professional receives and checks the patient’s status information and provides a diagnosis. However, sensitive information, including the patient’s personal and status data, are transmitted via a public channel, causing security concerns. If an adversary intercepts this information, it could threaten the patient’s well-being. Therefore, a secure authentication scheme is essential for WBAN environments. Recently, Chen et al. proposed a two-factor authentication scheme for WBANs. However, we found out Chen et al.’s scheme is vulnerable to a privileged insider, physical cloning, verification leakage, impersonation, and session key disclosure attacks. We also propose a secure physical-unclonable-function (PUF)-based lightweight mutual authentication scheme for WBANs. Through informal security analysis, we demonstrate that the proposed scheme using biometrics and the PUF is safe against various security attacks. In addition, we verify the security features of our scheme through formal security analyses using Burrows–Abadi–Needham (BAN) logic, the real-or-random (RoR) model, and the Automated Validation of Internet Security Protocols and Applications (AVISPA). Furthermore, we evaluate the security features, communication costs, and computational costs of our proposed scheme and compare them with those of other related schemes. Consequently, our scheme is more suitable for WBAN environments than the other related schemes.

A Secure LEACH-PRO Protocol Based on Blockchain.

Wireless Sensor Networks (WSNs) are becoming more popular for many applications due to their convenient services. However, sensor nodes may suffer from significant security flaws, leading researchers to propose authentication schemes to protect WSNs. Although these authentication protocols significantly fulfill the required protection, security enhancement with less energy consumption is essential to preserve the availability of resources and secure better performance. In 2020, Youssef et al. suggested a scheme called Enhanced Probabilistic Cluster Head Selection (LEACH-PRO) to extend the sensors' lifetime in WSNs. This paper introduces a new variant of the LEACH-PRO protocol by adopting the blockchain security technique to protect WSNs. The proposed protocol (SLEACH-PRO) performs a decentralized authentication mechanism by applying a blockchain to multiple base stations to avoid system and performance degradation in the event of a station failure. The security analysis of the SLEACH-PRO is performed using Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, the SLEACH-PRO is evaluated and compared to related protocols in terms of computational cost and security level based on its resistance against several attacks. The comparison results showed that the SLEACH-PRO protocol is more secure and requires less computational cost compared to other related protocols.

A Secure Data Sharing Based on Key Aggregate Searchable Encryption in Fog-Enabled IoT Environment

Cloud server and fog computing have been utilized to manage enormous volumes of data with low service transmission time in Internet of Things (IoT) environment. However, untrustworthy relationships between network entities and cloud server cause a lot of security concerns. Many researches have been studied based on traditional cryptosystems for data sharing systems. But they lead to key management difficulty and do not ensure the data owner's authority by depending on Trusted Third Party (TTP). Therefore, we use key aggregate searchable encryption (KASE), which enables owners to exercise their rights in data management and sharing without the help of TTP and resolves the key management problem. In this paper, we propose a secure data sharing system based on KASE in fog-enabled IoT environment using blockchain. We prove the resistance of the proposed scheme against various attacks through informal analysis and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool. We prove the guarantee of secure mutual authentcation using Burrows-Abadi-Needham (BAN) logic. Furthermore, we compare security features and performance of the proposed scheme with existing schemes through Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL).

Authentication methods for internet of vehicles based on trusted connection architecture

This paper proposes an authentication protocol based on a trusted connection architecture to manage the security and reliability of the cloud service environment during the communication process, improve the trust of the cloud service platform toward vehicles, and ensure that vehicle terminals have reliable access to cloud services. Compared with prior Internet of Vehicle (IoV) authentication schemes, our scheme is the first to include platform identification in the authentication process. Based on the characteristics of the trusted connection architecture, the components that constitute the platform can be assessed for security by verifying the vehicle platform identity and platform integrity metrics, thereby eliminating internal threats. In addition, the protocol proposes an authentication scheme for the IoV environment, in which the trusted authority only needs to generate the user's partial key based on the identity, thereby avoiding the key escrow problem common to identity-based cryptosystems. Finally, the scheme is proven to be highly secure using various approaches, such as Syverson-Van Oorschot (SVO) logical analysis, simulated authentication via automated validation of internet security protocols and applications (AVISPA), and informal security analysis. In the identity authentication step, our method has low computation and communication overhead when compared with other schemes according to the performance analysis results.

Design of Inter-BAN Authentication Protocols for WBAN in a Cloud-Assisted Environment

The Telecare Medical Information System (TMIS) is a technology used in Wireless Body Area Networks (WBAN) that is used efficiently for remote healthcare services. TMIS services can be provided as cloud computing services for storage and processing purposes. TMIS uses wearable sensors to collect patient data and transmit it to the controller node over a public channel. The data is then obtained from the controller node by the medical server and stored in the database for analysis. However, an attacker can attempt to launch attacks on data transferred across an unsecured channel. Several schemes have therefore been proposed to provide mutual authentication however, there are security and performance problems. Therefore, the research aims to design two secure and efficient inter-BAN authentication protocols for WBAN: protocol-I (P-I) for emergency authentication and protocol-II (P-II) for periodic authentication. To analyze the proposed protocols, we conduct an informal security analysis, implement Burrows-Abadi-Needham (BAN) logic analysis, validate the proposed protocols using the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool, and conduct a performance analysis. Consequently, we show that the proposed protocols meet all the security requirements in this research, achieve mutual authentication, prevent passive and active attacks, and have suitable performance for WBAN.

A unique secure multimodal biometrics-based user anonymous authenticated key management protocol (SMUAAKAP) based on block chain mechanism for generic HIoTNs

The concept of blockchain has sparked hopes in the field of communication security between IoT devices. In blockchain, all network nodes need to verify its legitimacy before accepting and recording it. Users of HIoTNs (Hierarchical IoT Networks) want to get real-time data from specific sensors in a specific implementation. Users need authentications at GNs for obtaining their required services. On successful authentications, parties on either sides of communication can create secret session keys for safe communications. Critical issues like this in HIoTNs are addressed in this work by its novel proposed multimodal-biometrics based lightweight user authentications. The scheme based on block chain technologies is called SMUAAKMPs (Secure Multimodal Biometrics-based User Anonymous Authenticated Key Management Protocols). ECDSAs (Elliptic Curve Digital Signature Algorithms) are utilised for devices and GNs, to generate public and private keys. In addition, multimodal biometric verifications are executed using fuzzy commitment approaches. The fuzzy commitment technique is then used to validate the biometric authentication using the segmented face. This work's detailed security analyses use ROR (Real-Or-Random) models where formal security verifications are done by software verification tool AVISPAs (Automated Validation of Internet Security Protocols and Applications). Informal security analyses show that the proposed SMUAAKMPs withstand multiple known attacks. The system also provides improved safety and functionalities at reduced costs in computations and communications when compared to UABKMPs, UAKMPs, and SMBUAKEPs.

Ensure the dynamic identity and PUF based authenticated key settlement approach for the IoT infrastructure

With technological advancements, the dependency on the Internet of things (IoT) has increased. The spectrum of IoT application domain becomes larger day by day. It converts the existing services into smart services. The evolution brings lot of security challenges hand in hand with IoT paradigms. This is due to the limitation of IoT devices like, low computational capabilities, small storage medium, less power back up and low processing speed, etc. To overcome these limitations, a proper authentication technique must be required to do the trust management in a heterogeneous IoT environment and secure all kinds of traffic. In this research document, a dynamic identity-based authentication approach is introduced for IoT environment, which utilizes very lightweight physical unclonable function, one-way hashing function and exclusive-OR(XOR) function to make the scheme lighter. Broadly accepted the Real or Random (RoR) model and the Burrows Abadi Needham logic (BAN logic) are used here, to check the security and the correctness of the devised protocol. In addition to that, the software simulation tool, Automated validation of Internet security protocols and applications (AVISPA) has proved that, the recommended protocol is safe and secure from various attacks. Furthermore, the comparative performance analysis exhibits the supremacy of the recommended scheme over the analogous schemes w.r.t computational power, memory usage, and communication overhead.

Protocols for Secure Remote Access to Vehicle Onboard Diagnostic Systems in Smart Cities

The onboard diagnostic system (OBD) is almost standard on every modern vehicle. By exploiting the availability of wireless OBD dongles, vehicles can be assessed by the transportation authority and drivers to ensure compliance with emissions regulations. A vehicle’s OBD system can be remotely accessed by a fog node to retrieve a variety of the vehicle’s internal status and sensor readings. Such information can be shared with the transportation authority for registration renewal without the need for visiting emission stations. However, such automation comes at the risk of malicious intrusion into the OBD system by an attacker who aims to gain access to a vehicle’s internal network and control the vehicle. This article tackles this serious issue and proposes protocols for mutual authentication and securing the wireless connection between the OBD dongle, fog node, and authority. The robustness of the proposed protocols is verified using the Automated Validation of Internet Security Protocols and Applications (AVISPA) toolset.

A lightweight security framework for electronic healthcare system.

Electronic healthcare systems (EHS) are the most emerging field of today’s digital world which is used for remote health monitoring, evidence-based treatment, disease prediction, modeling, etc. Many internet of things (IoT) devices and body sensors are involved in such systems for data collection. Every time a cloud-based solution is adopted to collect and preserve collected personal health information. Secure data transmission is a big challenge in such an environment as the devices are memory and power-constrained. This research focuses on a lightweight ciphering mechanism that can be used to secure an electronic healthcare system. Traditional cryptographic solutions are not suitable due to the operational complexity. Some popular lightweight block ciphers which includes SIMON, HEIGHT, LEA, etc. are used in IoT device to increase the speed. Hence, in this paper, we have proposed a lightweight security framework with a flexible key structure to protect the data in the electronic healthcare system. The proposed scheme increases the speed by minimum 4% with compared to existing literature. Our experimental analysis shows that the proposed technique also have a low computational and communicational load. The brief security analysis using automated validation of internet security protocols and applications (AVISPA) tool shows that the proposed scheme can withstand all network attacks.

UpHaaR: Blockchain-based charity donation scheme to handle financial irregularities

Non-profit organization raise charity donation through different sources, and raised funds often require a clean traceability. Recently, fake charity fundraisers schemes have raised a social concern, and thus a trusted and auditable approach is necessary to manage charity organizations reputations. Blockchain-based charity (BBC) schemes are proposed with decentralization that ensure trust, transparency, and chronology among donators and beneficiaries. However, the schemes suffer from the high-end complexity of certificate generation. Motivated from this, in this paper, we propose a BBC scheme, UpHaaR, where donators, defined as charity persons (CP), and beneficiaries, defined as charity beneficiaries (CB), register in blockchain, managed for diverse fundraisers by charity organizations (CO). The scheme mitigates fake fundraisers, as the charity scheme data and fund allocations to CP are managed as ledger entries in the blockchain. To maintain the security and privacy of massive CP and CB users, the scheme proposes partial key generations through certificate-less cryptography (CLC), which mitigates expensive digital signing and eliminates certificate generation through key distribution centers. For signature aspects, the scheme proposes a lightweight certificate-less signcryption scheme (CSS) that eliminates collusion against insider attacks and reduces computational costs. The scheme is evaluated for security analysis using automated validation of internet security protocols and applications (AVISPA) tool, and informal attack analysis, and cost evaluations. The proposed results indicate the scheme’s viability against similar conventional approaches.

Privacy Preservation Authentication Model for a Secure Infrastructure over Vehicular Communications

Vehicle Ad-hoc Networks (VANET) are considered among recent wireless communication technologies. Nowadays, vehicles are no more than simple means of transport, they are endowed with a source of intelligence through their interaction with the road environment due to embedded equipment on board vehicles and integrated into stations along roads and highways. The mechanisms of security and protection of messages exchanged in VANET, thus preserving the privacy of users and satisfying the various security requirements, are a prerequisite for the deployment of vehicle networks. Increasingly, several research have been proposed to improve protocols for maintaining security and preserving privacy. This paper presents a hierarchical revocable infrastructure based privacy preservation authentication protocol for vehicles that involves authentication of each vehicle and the corresponding Road Side Unit (RSU) by a Certification Authority (CA). The proposed protocol used Elliptic Curve Diffie Hellman (ECDH) algorithm for reliable key exchange and Edwards-curve Digital Signature Algorithm (EdDSA) to speed up the execution of the authentication process especially at the key management level, message signing and verification of this signature. On the other hand, the creation of sub-lists of revoked certificates based on vehicle type makes it possible to minimize the response time by looking for a certificate if it is revoked or not. Our solution was checked by the security verification tool, Automated Validation of Internet Security Protocols and Applications (AVISPA), which indicated that it is a very secure level. Performance analysis illustrates that the protocol greatly saves computation resources.

MES-FPMIPv6: MIH-Enabled and enhanced secure Fast Proxy Mobile IPv6 handover protocol for 5G networks[Formula: see text

Fast Proxy Mobile IPv6 (FPMIPv6) is an extension of the PMIPv6 mobility management deployed as part of the next-generation internet protocol. It allows location-independent routing of IP datagrams, based on local mobility to IPv6 hosts without involvement of stations in the IP address signaling. A mobile node keeps its IP address constant as it moves from link to link, which avoids signaling overhead and latency associated with changing IP address. Even though local mobility requirements hold, it entails security threats such as Mobile Node, Mobile Access Gateway, as well as Local Mobility Anchor impersonation that go beyond those already exist in IPv6. As mobile station keeps moving across different serving networks, its IP remains constant during handover, and location privacy may not also be preserved. Moreover, homogeneous network dependence of PMIPv6 is one of the gaps, which FPMIPv6 could not mitigate. FPMIPv6 does not support heterogeneous network handover, for which numerous researchers have proposed Media Independent Handover (MIH) enabled FPMIPv6 schemes to allow fast handover among heterogeneous networks, but in the absence of security solutions. As a comprehensive solution, we propose a new handover authentication scheme and a key agreement protocol for the ‘MIH-enabled Network Only FPMIPv6’ model. As one of the basic requirements, mobility management should minimize signaling overhead, handover delay and power consumption of the mobile node. The proposed scheme improves wireless link overhead (mobile node overhead) by 6-86% as cell radius, wireless failure probability and number of hop vary. The security of the proposed scheme has also been analyzed under BAN logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and its performance has numerically been evaluated through a pre-determined performance matrix and found to be effective and preferably applicable compared with other schemes.

Design of Blockchain-Based Lightweight V2I Handover Authentication Protocol for VANET

Connected vehicle means providing different services, such as advanced driver-assistance systems (ADAS) from vehicles connected to the network. Vehicular ad-hoc networks (VANETs) can support vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications to realize connected vehicle. In VANETs, secure communication must be ensured, as otherwise it can lead to traffic accidents and human injuries. Recently, many studies on V2I authentication have been conducted to guarantee the security of V2I communications. However, recent V2I authentication protocols do not consider the handover situation, and it causes unnecessary computations. As vehicles have limited computing resources, unnecessary computation can lead to overload to the vehicles. In recent years, blockchain-based VANET is an active field of research because it can provide decentralization, data integrity and transparency. Using the strength of the blockchain technology, we design a blockchain-based handover authentication protocol for VANETs. In the proposed protocol, vehicles only perform lightweight computations in handover situations for efficiency of the network. We also conduct the formal analysis such as Burrows–Abadi–Needham (BAN) logic, Real-Or-Random (ROR) oracle model, and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation to the proposed protocol. We simulate the proposed protocol using network simulator 3 (NS-3) to verify that the proposed protocol is practical. Finally, we compare the computational cost and security features of the proposed protocol with existing protocols to show that the proposed protocol is more secure and efficient.

An Efficient Online/Offline Signcryption Scheme for Internet of Things in Smart Home

The delivery of unified intelligent services is accomplished through a networked environment comprised of a wide array of electronic devices. Through the use of Internet of Things (IoT) technology, smart homes collect data from their surroundings and use it to improve their tenants’ lives. Remote control, real-time monitoring, and a fire alarm are all characteristics of smart home security. Since smart homes hold personally identifying information about their residents, security is critical to ensure their reliability and prevent data breaches. In this paper, a certificateless online/offline signcryption (COOS) technique for IoT-enabled smart homes is proposed. The proposed solution takes advantage of a resource-constrained smart home device–friendly algorithm known as the Hyperelliptic Curve Cryptosystem (HCC). The suggested approach satisfies the security requirements of unforgeability, confidentiality, resistance to replay attacks, and non-repudiation. The complexity analysis in terms of communicational and computational costs demonstrates the efficiency of the proposed scheme. Finally, we validate the security against Man-In-The-Middle-Attack (MITM) and anti-reply attacks using Automated Validation of Internet Security Protocols and Applications (AVISPA). The data imply that the recommended course of action is safe.

A Hyperelliptic Curve Cryptosystem Based Proxy Promised Signcryption Scheme

Signcryption is the method of combining a digital signature with encryption in a single logical step to get the cryptographic primitives of a public key. However, in addition to signcryption, we sometimes require anonymity and delegation of rights. In this paper, we propose a scheme called proxy promised signcryption to address all of these objectives simultaneously. In this scheme, the actual sender or signer delegates authority to an agent known as signcrypter for signcryption of the actual ciphertext. The agent entity is facilitated to generate a promised signcrypted text. The signcrypted text is then communicated to the intended recipient. The proposed work aims to reduce computation and communication costs, which has been tested by comparing it to existing schemes. The results obtained from this comparison support the aims of our scheme. The proposed scheme’s security has also been evaluated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The results validate that our scheme resists well-known cyberattacks.

Lightweight and Secure Authentication Model for Vehicle to Everything (V2X) Communication Based on 5G Networks

Integrating the cellular network infrastructure into Intelligent Transport Systems (ITS) received attention from the research community and standards groups. This technology allows the invention and development of new applications, as well as the development of new vehicle mobility solutions and the enhancement of driver mobility in terms of safety, reliability, capacity, and quality. Cellular communications networks such as LTE-V2X and 5G NR, integrated into the Vehicle to Everything (V2X) architecture designed to support vehicular communications and deployed on a large scale, appear in particular to be a relevant solution. They could indeed guarantee reliable geographic distribution and acceptable performance (latency, bandwidth, packet loss). In this context, we propose a secure authentication scheme for 5G-based V2X communication. To achieve security requirements, our approach aims to provide a high degree of security in different vehicular communication (V2V, V2I, V2N) by using lightweight cryptographic algorithms in order to safely receive all keys and messages from RSU, vehicles, and the network. To validate our approach, we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to achieve the security goals, also evaluate the performance according to the operational cost which demonstrates that our model has a less computational cost.

Design of a secure and privacy preserving authentication protocol for telecare medical information systems

AbstractWith the advancement of communication technology, Telecare Medicine Information Systems (TMIS) provides convenient healthcare services for patients, doctors, and health organizations over the insecure Internet. As a result, when accessing sensitive medical data over an insecure connection, user privacy, data security, and user authentication is very crucial. A secure authentication protocol plays a crucial role in securing communications over TMIS, these environments are very vulnerable to numerous attacks due to resource constraints and the nature of the communication medium. Recently, an efficient authentication framework has been introduced for TMIS to address various security issues. However, the existing mutual authentication and key agreement protocols are vulnerable to replay attacks, insider attacks, impersonation attacks, and password guessing attacks. Furthermore, the current authentication systems do not guarantee user privacy and the fair key agreement between the patient and the medical server. We propose a more robust authentication approach for healthcare information systems to address these security issues. To assess the authentication protocol's security strength, we employ formal verification tools like Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, a thorough performance analysis demonstrates that the proposed mutual authentication framework not only ensures privacy but also maintains a low computing overhead. As a result, when compared to other related systems, the proposed authentication protocol is both secure and computationally efficient.

WSN node access authentication protocol based on trusted computing

Although wireless sensor networks (WSNs) are widely used in many fields, such as industrial production, medical studies, and environmental monitoring, they are vulnerable to various security problems. This study proposes a WSN node access authentication protocol based on trusted connection architecture to prevent easy node capture and various malicious attacks as well as to address the limited energy and computing power and different levels of node credibility in WSNs. First, each node of a WSN is configured using a trusted platform module to ensure complete key generation and safe storage, and thus provides security for the access protocol. Second, an alarm mechanism is introduced to avoid cluster node issues, such as not forwarding data, forwarding part of the data, and forwarding wrong data. This mechanism enhances the troubleshooting capability. Finally, during node access, bidirectional node identity authentication, platform identity authentication, and platform integrity verification are performed to achieve trusted node access. Our protocol is formally verified using Syverson-Van Oorschot (SVO) logic. The security features are applied to analyze the protocol, and back-end analysis modules such as On-the-fly Model-Checker (OFMC) and Constraint Logic based Attack Searcher (CL-AtSe) of the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool are used to test the protocol. The theoretical analysis and test results show that the established security target of the protocol can resist network attacks in real application scenarios. In addition, the implementation efficiency of the protocol is sufficiently analyzed and evaluated. The results show that the protocol has high execution efficiency. In particular, the protocol is suitable for WSNs with high security requirements and limited computing power.

Device Access Control and Key Exchange (DACK) Protocol for Internet of Things

Internet of Things is a promising technology but it also increases numerous security threats in data transmission. To secure neighboring sensing devices' communication in an IoT environment, a key agreement protocol is primordial. Various IoT data transmission mechanisms have been proposed in the literature to attain security. However, these propositions are not completely secure against all types of attacks. In this paper, a new certificate-based was proposed lightweight authentication and key agreement protocol for the IoT environment. The proposed protocol uses Elliptic Curves Cryptography and minimizes the number of operations needed to generate secret keys. Moreover, performed a detailed informal security analysis, and formal security verification using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, through which demonstrated that the proposed protocol is resilient against numerous known attacks. The implementation of the proposed protocol using the simulator to evaluate the impact of the proposed protocol on several network parameters.