Fuzzy Extractor Research Articles

Advancing IoMT security: A two-factor authentication model employing PUF and Fuzzy logic techniques

The rapid integration of Internet of Things technologies in healthcare has catalyzed the development of the Internet of Medical Things, markedly enhanced patient care while posing significant security risks. This paper introduces a comprehensive computational framework to safeguard Internet of Medical Things devices and healthcare providers through a sophisticated registration and authentication process. Our model incorporates cryptographic technologies such as Physical Unclonable Functions, fuzzy extractors, and hash functions to bolster the security during the registration and authentication processes for Internet of Medical Things devices and healthcare providers. The Physical Unclonable Function module enhances device security by producing unique, non-replicable responses for device authentication, significantly reinforcing the system's defense against physical and cloning attacks. Furthermore, the model leverages fuzzy logic for the real-time classification of patient health states, enhancing the decision-making accuracy. A comparative analysis confirms that our model exceeds existing models in communication cost, computational efficiency and security. The proposed scheme has been rigorously tested against various attacks using the Scyther tool. By employing a unique identifier generation method through Physical Unclonable Function and utilizing fuzzy logic for secure data transmission and patient classification, our framework addresses vulnerabilities such as man-in-the-middle, denial of service, impersonation, identity guessing, password guessing and replay attacks, which are prevalent in current Internet of Medical Things frameworks.

Dynamic group fuzzy extractor

The group fuzzy extractor allows group users to extract and reproduce group cryptographic keys from their individual non-uniform random sources. It can be easily used in group-oriented cryptographic applications. However, current group fuzzy extractors are not dynamic, i.e. they spend a large cost when dealing with user revocation. In this work, we propose the formal definition and construction of dynamic group fuzzy extractor (DGFE) to address this issue. For the revocation, DGFE allows unrevoked group users to reproduce updated group keys from the existing group help data. Meanwhile, it prevents any revoked group user from generating new group keys using the previously authorized individual help data. We propose a DGFE construction based on the revocable group signature. Furthermore, we give formal proofs of reusability, anonymity and traceability of our construction.

A novel lightweight multi-factor authentication scheme for MQTT-based IoT applications

The present authentication solutions employed in the Internet of Things (IoT) are either inadequate or computationally intensive, given the resource-constrained nature of IoT devices. This challenges the researchers to devise efficient solutions to embed an important security tenet like authentication. In IoT, the most popular machine-to-machine communication protocol used at the application layer is Message Queuing Telemetry Transport (MQTT). However, the MQTT protocol inherently lacks security-related functions, like authentication, authorization, confidentiality, access control, and data integrity, which is unacceptable for IoT-driven mission-critical applications when connected over public networks. In such a situation, the security is hardened by employing a transport layer security protocol like TLS, which entails significant computational overheads. This paper presents a novel scheme to enhance MQTT security by providing a lightweight multi-factor authentication scheme based on Elliptical curve cryptography. The proposed scheme uses a low-cost signature and a fuzzy extractor to correct errors in imprinted biometrics in noisy environments. This scheme attains mutual authentication, generates a securely agreed-upon session key for secret communication, and guarantees perfect forward secrecy. Furthermore, the rigorous informal security analysis shows the proposed scheme resists cryptographic attacks, including known session critical attacks. Furthermore, an empirical study has been carried out to assess the effectiveness of the proposed scheme in the Cooja simulated environment.

Best of two worlds: Efficient, usable and auditable biometric ABC on the blockchain

In García-Rodríguez et al. 2024, two generic constructions for biometric-based non-transferable Attribute Based Credentials (biometric ABC) are presented, which offer different trade-offs between efficiency and trust assumptions. In this paper, we focus on the second scheme denoted as BioABC-ZK that tries to remove the strong (and unrealistic) trust assumption on the Reader R, and we show that BioABC-ZK has a security flaw for a colluding R and Verifier V. Besides, BioABC-ZK lacks GDPR-compliance, which requires secure processing of biometrics, for instance in form of Fuzzy Extractors, as opposed to (i) storing the reference biometric template aBio in the user’s mobile phone and (ii) processing of biometrics using an external untrusted R, whose foreign manufacturers are unlikely to adjust their products according to GDPR.The contributions of this paper are threefold. First, we review efficient biometric ABC schemes to identify the privacy-by-design criteria for them. In view of these principles, we propose a new architecture for biometric ABC of Sarier 2021 by adapting the recently introduced core/helper setting. Briefly, a user in our modified setting is composed of a constrained core device (a SIM card) inside a helper device (a smart phone with dual SIM and face recognition feature), which – as opposed to García-Rodríguez et al. 2024 – does not need to store aBio. This way, the new design provides Identity Privacy without the need for an external R and/or a dedicated hardware per user such as a biometric smart card reader or a tamper proof smart card as in current hardware-bound credential systems. Besides, the new system maintains minimal hardware requirements on the SIM card – only responsible for storing ABC and helper data –, which results in easy adoption and usability without loosing efficiency, if deep face fuzzy vault and our modified ABC scheme are employed together. As a result, a total overhead of 500 ms to a showing of a comparable non-biometric ABC is obtained instead of the 2.1 s in García-Rodríguez et al. 2024 apart from the removal of computationally expensive pairings. Finally, as different from García-Rodríguez et al. 2024, auditing is achieved via Blockchain instead of proving in zero-knowledge the actual biometric matching by the user to reveal malicious behavior of R and V.

EMAKAS: An efficient three-factor mutual authentication and key-agreement scheme for IoT environment

The adoption of IoT in healthcare revolutionizes remote patient monitoring and healthcare efficiency. Yet, it brings notable security and privacy challenges, particularly in resource-constrained environment. We propose a secure and efficient three-factor lightweight mutual authentication and key agreement scheme, designed for IoT-based smart healthcare systems, addressing these critical concerns. The scheme employs a fuzzy extractor, a one-way hash function, Elliptic Curve Discrete Logarithm and XOR operations for efficient cryptographic transformations, creating a robust framework for secure data handling. The scheme's design focuses on security and privacy while minimizing computational demands, making it ideal for resource-constrained IoT devices. We utilized both informal and formal security analyses to validate our scheme, employing the Random Oracle Model (ROM), Scyther tool and Burrows-Abadi-Needham (BAN) logic. The security and performance analysis showed that our scheme offers more security features across 15 defined criteria with minimal communication and computational costs compared to other related schemes. The scheme is not only robust against security threats but also practical for implementation in IoT healthcare environment, offering a solution for secure IoT communication by achieving mutual authentication and key agreement with minimized computational requirements.

A Secure Authentication Scheme with Local Differential Privacy in Edge Intelligence-Enabled VANET

Edge intelligence is a technology that integrates edge computing and artificial intelligence to achieve real-time and localized model generation. Thus, users can receive more precise and personalized services in vehicular ad hoc networks (VANETs) using edge intelligence. However, privacy and security challenges still exist, because sensitive data of the vehicle user is necessary for generating a high-accuracy AI model. In this paper, we propose an authentication scheme to preserve the privacy of user data in edge intelligence-enabled VANETs. The proposed scheme can establish a secure communication channel using fuzzy extractor, elliptic curve cryptography (ECC), and physical unclonable function (PUF) technology. The proposed data upload process can provide privacy of the data using local differential privacy and symmetric key encryption. We validate the security robustness of the proposed scheme using informal analysis, the Real-Or-Random (ROR) model, and the Scyther tool. Moreover, we evaluate the computation and communication efficiency of the proposed and related schemes using Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) software development kit (SDK). We simulate the practical deployment of the proposed scheme using network simulator 3 (NS-3). Our results show that the proposed scheme has a performance improvement of 10∼48% compared to the state-of-the-art research. Thus, we can demonstrate that the proposed scheme provides comprehensive and secure communication for data management in edge intelligence-enabled VANET environments.

HCFAIUN: A novel hyperelliptic curve and fuzzy extractor-based authentication for secure data transmission in IoT-based UAV networks

IoT-based UAV networks comprise interconnected UAVs outfitted with sensors and microcontrollers to simplify data exchange in environments such as smart cities. In light of open-access communication landscapes, IoT-based UAV networks could pose security challenges, encompassing authentication vulnerabilities and the inadvertent disclosure of location and other confidential information to unauthorised parties. Henceforth, we have proposed a lightweight and secure authentication protocol: Hyperelliptic Curve and Fuzzy Extractor based Authentication in IoT-based UAV networks (HCFAIUN) leveraging Hyperelliptic Curve Cryptography(HCC), Fuzzy Extractor (FE), XOR operations and hash functions. HCC's maximum key size is 80 bits, differing from the 160-bit requirement of the elliptic curve, making it apt for UAVs with limited resources. The proposed scheme utilises biometrics traits of users to avoid exposing data from stealing smart devices using FE. This protocol facilitates the mutual authentication of users and UAVs, allowing them to exchange a session key for secure communication. The Hyperelliptic Curve (HC) scalar multiplication protects the user's private key from attackers, even in public channels. The obfuscation identity of the user and UAVs generated through the hash function and timestamp makes the external user and UAV anonymous. The efficacy of this proposed framework is examined using the Scyther verification tool and Random oracle model-based formal analysis, and informal analysis is also discussed, which validates its robustness against well-known potential physical and logical attacks. The performance analysis shows that the HCFAIUN scheme has lower computation, communication, and storage costs, i.e., 3.832 ms and 1456 bits and 1128 bits, respectively, compared to existing schemes.

Quantum-attack-resilience OTP-based multi-factor mutual authentication and session key agreement scheme for mobile users

Due to rapid advancements in hardware and mobile communication technologies, the usage of various mobile-based online applications is increasing tremendously. However, security and privacy are two of the most essential features of wireless communication. Using a Mutual Authentication and Session Key Agreement (MASK) scheme, an authorized mobile user can login to a remote server over the Internet. In quantum contexts, many of the MASK schemes are not secure. This paper proposes a One-Time Password (OTP) and biometric-based Multi-Factor MASK (OTP-MF-MASK) scheme for mobile users. We used Peikert’s authentication and reconciliation mechanism, defined for the post-quantum environments. The OTP-MF-MASK scheme used a password, mobile device, biometric, and OTP as login credentials. To avoid the biometric acquisition problem, we used the fuzzy extractor in the OTP-MF-MASK scheme. We proved that the OTP-MF-MASK scheme is semantically secure in the Random Oracle Model (ROM) based on the hardness assumption of the Ring Learning With Errors (RLWE) problem. The OTP-MF-MASK scheme is compared with state-of-the-art schemes to justify the attack-resilience and computation efficiencies in quantum environments.

A Privacy-Preserving Three-Factor Authentication System for IoT-Enabled Wireless Sensor Networks

Recently, Sahoo et al. introduced a three-factor authentication scheme for Wireless Sensor Networks (WSNs) based on an elliptic curve cryptosystem. Nonetheless, upon closer examination, we have identified critical vulnerabilities in their scheme, including susceptibility to user impersonation, gateway impersonation, sensor node impersonation attacks, and a breach in the three-factor security aspect. Further, the scheme fails to withstand offline sensor node identity guessing attacks, man-in-the-middle attacks, and known session-specific temporary information attacks. Intending to elevate both security and efficiency, we propose a novel three-factor authentication scheme that capitalizes on the strengths of a fuzzy extractor and a cryptographic one-way hash function. The proposed scheme’s security has been rigorously assessed using the SCYTHER tool, confirming its validity under the real-or-random (ROR) model. Moreover, a heuristic analysis exemplifies that the scheme effectively withstands various known cryptographic attacks. Consequently, the performance comparisons establish the superiority of our scheme over related approaches in terms of security and efficiency. Additionally, its suitability for WSNs is evident due to the minimal overhead on the sensor nodes, making it a highly promising solution for real-world implementation.

Robustly reusable fuzzy extractor from isogeny

Robustly reusable Fuzzy Extractor (rrFE) allows multiple extractions from the same fuzzy source in a reproducible way. The reusability of rrFE asks the pseudo-randomness of the extracted keys, while robustness of rrFE makes sure that active attacks can be detected during the reproduction of the extracted key. With rrFE, we are able to produce cryptographic keys for our cryptosystems from fuzzy sources, like biometrics, physical unclonable functions, etc. There are rrFE schemes from the DDH, LWE and LPN assumptions. However there is no rrFE scheme from isogeny-based assumptions up to now.In this paper, we construct the first rrFE from isogeny. To obtain such an rrFE, we propose a new framework for constructing rrFE with a core technical tool, named Enhanced Effective Group Action (EEGA). EEGA is built upon the basic Effective Group Action (EGA), and is equipped with a sampling algorithm and a derivation algorithm. With such an EEGA, the same random input can be derived to produce different pseudo-random and unpredictable outputs. The EEGA, together with other routine building blocks like secure sketch and extractor, leverages an FE to achieve reusability and robustness. We construct EEGA based on CSI-FiSh, which admits the first rrFE scheme from isogeny. Besides, we also propose another two EEGA instantiations from the DDH assumption, and this provides another approach to DDH-based rrFE, which may be of independent interest.

A PUF and Fuzzy Extractor-Based UAV-Ground Station and UAV-UAV Authentication Mechanism With Intelligent Adaptation of Secure Sessions

It is crucial that communication between an unmanned aerial vehicle (UAV) and the ground station (GS) be secure, and both devices should mutually authenticate each other to ensure that an adversary cannot obtain communicated information. Moreover, dynamically adapting the session time of an authenticated session can decrease the idle time of a session and consequently reduce the window of opportunity for an adversary to interfere with the communication link. In light of these considerations, we design a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">physically unclonable function (PUF)</i> and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">fuzzy extractor</i> -based UAV-GS authentication mechanism called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">UAV Authentication with Adaptive Session (UAAS)</i> . In UAAS, both UAV-GS and UAV-UAV authentication are two-way. We use a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Thompson Sampling (TS)</i> -based approach to intelligently adapt the duration of a session. Both formal and informal security proofs are presented along with a computation and communication cost analysis to analyze the performance of UAAS. It is noted that UAAS is secure against various well-known attacks and has a lower communication cost than several baseline mechanisms. Due to the noise reduction that occurs in PUFs, the computational cost of UAAS is higher than that of baselines that ignore noise. Also, our simulation shows that UAAS significantly outperforms baselines when it comes to network performance.

Securing the Internet of Medical Things with ECG‐based PUF encryption

AbstractThe Internet of Things (IoT) is revolutionizing the healthcare industry by enhancing personalized patient care. However, the transmission of sensitive health data in IoT systems presents significant security and privacy challenges, further exacerbated by the difficulty of exploiting traditional protection means due to poor battery equipment and limited storage and computational capabilities of IoT devices. The authors analyze techniques applied in the medical context to encrypt sensible data and deal with the unique challenges of resource‐constrained devices. A technique that is facing increasing interest is the Physical Unclonable Function (PUF), where biometrics are implemented on integrated circuits' electric features. PUFs, however, demand special hardware, so in this work, instead of considering the physical device as a source of randomness, an ElectroCardioGram (ECG) can be taken into consideration to make a ‘virtual’ PUF. Such an mechanism leverages individual ECG signals to generate a cryptographic key for encrypting and decrypting data. Due to the poor stability of the ECG signal and the typical noise existing in the measurement process for such a signal, filtering and feature extraction techniques must be adopted. The proposed model considers the adoption of pre‐processing techniques in conjunction with a fuzzy extractor to add stability to the signal. Experiments were performed on a dataset containing ECG records gathered over 6 months, yielding good results in the short term and valuable outcomes in the long term, paving the way for adaptive PUF techniques in this context.

BPKEM: A biometric-based private key encryption and management framework for blockchain.

The fundamental technology behind bitcoin, known as blockchain, has been studied and used in a variety of industries especially in finance. The security of blockchain is extremely important as it will affects the assets of the clients as well as it is the lifeline feature of the entire system that needs to be guaranteed. Currently, there is a lack of a methodical approach to guarantee the security and dependability of the private key during its whole life. Furthermore, there is no quick, easy, or secure way to create the encryption key. A biometric-based private key encryption and management framework (BPKEM) for blockchain is proposed not only to solve the private key lifecycle manag- ement problem, but also it maintains compatibility with existing blockchain systems. For the problem of private key encryption, a biometric-based stable key generation method is proposed. By using the relative invariance between facial and fingerprint feature points, this measure can convert feature points into stable and distinguishable descriptors, then using a reusable fuzzy extractor to create a stable key. The correct- ness and efficiency of the newly proposed biometric-based blockchain encryption tech- nique in this paper has been validated in the experiments.

Preliminary Study of Novel Bio-Crypto Key Generation Using Clustering-Based Binarization of ECG Features.

In modern society, the popularity of wearable devices has highlighted the need for data security. Bio-crypto keys (bio-keys), especially in the context of wearable devices, are gaining attention as a next-generation security method. Despite the theoretical advantages of bio-keys, implementing such systems poses practical challenges due to their need for flexibility and convenience. Electrocardiograms (ECGs) have emerged as a potential solution to these issues but face hurdles due to intra-individual variability. This study aims to evaluate the possibility of a stable, flexible, and convenient-to-use bio-key using ECGs. We propose an approach that minimizes biosignal variability using normalization, clustering-based binarization, and the fuzzy extractor, enabling the generation of personalized seeds and offering ease of use. The proposed method achieved a maximum entropy of 0.99 and an authentication accuracy of 95%. This study evaluated various parameter combinations for generating effective bio-keys for personal authentication and proposed the optimal combination. Our research holds potential for security technologies applicable to wearable devices and healthcare systems.

BAKA: Biometric Authentication and Key Agreement Scheme Based on Fuzzy Extractor for Wireless Body Area Networks

BAKA: Biometric Authentication and Key Agreement Scheme Based on Fuzzy Extractor for Wireless Body Area Networks

A lightweight and robust authentication scheme for the healthcare system using public cloud server.

Cloud computing is vital in various applications, such as healthcare, transportation, governance, and mobile computing. When using a public cloud server, it is mandatory to be secured from all known threats because a minor attacker's disturbance severely threatens the whole system. A public cloud server is posed with numerous threats; an adversary can easily enter the server to access sensitive information, especially for the healthcare industry, which offers services to patients, researchers, labs, and hospitals in a flexible way with minimal operational costs. It is challenging to make it a reliable system and ensure the privacy and security of a cloud-enabled healthcare system. In this regard, numerous security mechanisms have been proposed in past decades. These protocols either suffer from replay attacks, are completed in three to four round trips or have maximum computation, which means the security doesn't balance with performance. Thus, this work uses a fuzzy extractor method to propose a robust security method for a cloud-enabled healthcare system based on Elliptic Curve Cryptography (ECC). The proposed scheme's security analysis has been examined formally with BAN logic, ROM and ProVerif and informally using pragmatic illustration and different attacks' discussions. The proposed security mechanism is analyzed in terms of communication and computation costs. Upon comparing the proposed protocol with prior work, it has been demonstrated that our scheme is 33.91% better in communication costs and 35.39% superior to its competitors in computation costs.

Anonymous and robust biometric authentication scheme for secure social IoT healthcare applications

In the era of rapid technological advancement, the Internet of Things (IoT) has revolutionised healthcare through systems like the Telecare Medicine Information System (TMIS), designed to streamline patient-doctor interactions and enhance medical treatment. However, the transmission of sensitive patient data over inherently insecure Internet channels exposes it to a spectrum of security risks. Protecting patient medical privacy and ensuring system reliability necessitate mutual authentication between both patients and medical servers. TMIS relies on robust authentication mechanisms, and combining passwords and smart cards has been a recognised approach for mutual authentication. This research introduces an innovative three-factor authentication technique with perfect forward secrecy by leveraging the power of Elliptic Curve Cryptography (ECC) in tandem with smart cards. Additionally, we have incorporated biometric authentication with a Fuzzy Extractor technology to enhance the security and reliability of the system, setting a new standard for user authentication within the realm of Social IoT healthcare. The use of ECC in the method is justified due to its compact key size and robust security measures, making the solution both efficient and secure. The proposed method safeguards user privacy by permitting registered users to change their passwords without divulging their identity to the server. The Burrows–Abadi–Needham logic (also known as the BAN logic) serves as a proof-of-concept for the proposed scheme’s security. Our system provides privacy protection along with mutual authentication and session key negotiation at a considerably low computation cost and communication cost of up to 71.03% compared to the other four relevant techniques, making it more useful in real-world scenarios.

A Reliable Physical Layer Key Generation Scheme Based on RSS and LSTM Network in VANET

With the rapid development of information and communication technology, Vehicular AD hoc Networks (VANET) has attracted more and more attention. In order to provide traffic safety services, vehicles frequently share information related to road traffic, such as vehicle motion data and traffic flow data. Reliable key generation is the basis of VANET security system construction. At present, most key generation schemes rely on a trusted third-party, so there are security risks. Traditional key agreement protocols have high overhead, and is not suitable for the latency-sensitive requirements of VANET. The physical layer security technology extracts the fingerprint of the wireless channel and the identity of the device, and generates the key quickly and in real time without the third party distribution. A physical layer key generation scheme based on Received Signal Strength (RSS) is proposed to realize Vehicle-to-Vehicle (V2V) secure communications. Firstly, a network model based on Long Short-Term Memory (LSTM) network and Kalman Filtering is proposed to effectively enhance the reciprocity of physical layer information in dynamic environment. Secondly, a lossless quantization scheme is proposed, which achieves a lower bit disagreement rate and a higher bit generation rate. Thirdly, the inconsistent bits are corrected by fuzzy extractor, the confidentiality of the key exchange process is enhanced by zero knowledge proof, and the security of the key is improved by using hash function for privacy amplification. Finally, the experimental results show that the proposed scheme has great improvements in data correlation, bit disagreement rate, bit generation rate and bit distribution randomness.

Biometrics-Based Authenticated Key Exchange With Multi-Factor Fuzzy Extractor

Biometrics-Based Authenticated Key Exchange With Multi-Factor Fuzzy Extractor

Sample Recoverable Fuzzy Extractors

Sample Recoverable Fuzzy Extractors