Informal Analysis Research Articles

Design of An Authentication Scheme for Cloud-Based IoT Applications*

In recent times, the Internet of Things (IoT) becomes one of the most popular innovations in the field of information and Communication Technology (ICT), and it connects billions or even trillions of devices. Meanwhile, security and privacy stand as a vital issue in the IoT environment, which generates the need for an efficient authentication protocol. In this context, we proposed a lightweight authentication protocol for cloud-based IoT applications. Further, formal security analysis using Burrows-Abadi-Needham (BAN) logic and informal security analysis of the proposed scheme are discussed. A comparative study of the proposed protocol and some existing methods is also demonstrated considering computation, communication, and storage cost. Finally, the proposed scheme is verified using a widely accepted AVISPA tool. The comparative study and verification support the efficiency of the proposed protocol for cloud-based IoT applications.

An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment

Nowadays, Internet of Things (IoT)-based E-healthcare represents an emergent research field due to the fast development of wireless technologies and cloud computing. Radio Frequency Identification (RFID) is an integral technology in IoT thanks to its low cost and autonomous data collection and transfer. These features made it useful in Wireless Body Area Network (WBAN) for healthcare applications. However, data security and patient privacy remain major challenges in WBANs. In this context, many authentication protocols have been designed trying to satisfy both security and implementation requirements. Most recently, Naeem et al. have proposed an RFID authentication scheme for IoT which is claimed to be secure and provides scalability. Unfortunately, we have found that their protocol does not provide authentication and anonymity and it is vulnerable to numerous attacks. To overcome these security issues, we propose, in this paper, an efficient extended and improved IoT-based RFID authentication scheme for WBANs. Our proposed protocol could resist to various attacks and ensure mutual authentication from the tag to the medical server, in addition to patients data security. For this, elliptic curve cryptography (ECC) encryption mechanism and elliptic curve digital signature with message recovery (ECDSMR) have been adopted. Formal and informal analysis have proved that our proposed protocol succeeded to provide many security features and offer reliable data security with a considerably small computational and storage cost compared to existing schemes.

An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment

Multiserver authentication requires users to have only one-time registration for accessing different permissible services securely from various servers over an insecure network. To date, many multiserver authentication protocols have been presented in the literature. Most of them require the registration server’s participation at the time of authentication, leading to increased communication overhead and bandwidth overload of the registration server. Recently, Lee et al. introduced a multiserver authentication protocol using extended chaotic maps that permits registered users and servers to authenticate with each other directly. In this paper, we revisit Lee et al.’s protocol and find that it is insecure against user impersonation and session-specific temporary information attacks. Additionally, the protocol uses timestamps, which may cause serious time synchronization problems. The weaknesses of Lee et al.’s protocol prompted us to propose another protocol based on extended chaotic maps, which is free from serious time synchronization problems, more efficient in terms of computation and communication overheads, and more robust against all known attacks. Furthermore, our protocol adds extra functionality features such as considering the users’ registration expiration, server scalability, and inclusion of two new phases: a deregistration phase and a registration renewal phase for a registered user. Our protocol’s security has been validated using the automated tool ProVerif and proven through formal and informal analyses. With better security protection, fewer complexities, and additional features, the proposed protocol is more suitable for practical use than other related protocols.

Институт Общественной палаты как медиатор между властью, обществом и экспертным сообществом (на примере Кемеровской области – Кузбасса)

The Public Chamber is currently attracting a lot of scientific attention. The present research owes its relevance to the fact that the Public Chamber remains passive, despite claiming an important role in the development of civil society. The research objective was to identify the place and role of the Public Chamber in the regional socio-political life. The article focuses on its ability to act as a mediator between the government and civil society. The author sees the Public Chamber as a communication platform, which allows the scientific community to influence public policy by acting as experts. The empirical study lasted from February to June 2020 and involved former and current members of the Public Chamber of the Kemerovo region, as well as its researchers and experts. The analysis was based on the qualitative approach and the methods of informal expert interviews, comparative analysis, and content analysis. The author identified two main criteria: the model of regional power and the regional political regime. These criteria determine the final configuration, i.e. the influence and role of the Public Chamber in the regional public policy. The Public Chamber appeared to be more of an imitator than a real actor in the field of the local public policy. The paper also introduces a new classification of the development of the Public Chamber in the Kemerovo region.

Explication as a Three-Step Procedure: the case of the Church-Turing Thesis

In recent years two different axiomatic characterizations of the intuitive concept of effective calculability have been proposed, one by Sieg and the other by Dershowitz and Gurevich. Analyzing them from the perspective of Carnapian explication, I argue that these two characterizations explicate the intuitive notion of effective calculability in two different ways. I will trace back these two ways to Turing’s and Kolmogorov’s informal analyses of the intuitive notion of calculability and to their respective outputs: the notion of computorability and the notion of algorithmability. I will then argue that, in order to adequately capture the conceptual differences between these two notions, the classical two-step picture of explication is not enough. I will present a more fine-grained three-step version of Carnapian explication, showing how with its help the difference between these two notions can be better understood and explained.

Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks

In recent years, with the development of cloud computing, the Internet of Things (IoT), and other technologies, mobile intelligent transportation systems, particularly the vehicular ad hoc network (VANET), have been growing quickly. Researchers have attempted to use fog computing in VANETs in order to meet real-world requirements for their deployment. Fog computing is an extension of cloud computing, and thus, it inevitably inherits the same security challenges. Further, because VANETs are in an open network environment, they will also face several other potential security and privacy issues. In this study, to promote secure interaction in fog-based VANETs, a new authentication key exchange (AKE) scheme that uses fog nodes as relay nodes has been designed. The scheme completes mutual authentication and generates a session key for later confidential communication. The automatic verification tool ProVerif and the BAN (Burrows–Abadi–Needham) logic were used to formally verify the security of the scheme, and an informal analysis shows that it can resist multiple known attacks. The simulation and analysis results show that the proposed scheme is successful. Finally, performance evaluation shows the effectiveness of the approach. Compared with the previously proposed privacy protection authentication protocols, the results of the proposed scheme are more computationally efficient.

Design of Secure Decentralized Car-Sharing System Using Blockchain

Car-sharing systems can solve various urban problems by providing shared vehicles to people and reducing the operation of personal vehicles. With the development of the Internet of Things, people can easily use a shared car through simple operations on their mobile devices. However, the car-sharing system has security problems. Sensitive information, such as the user’s identity, location information, and access code, is transmitted through a public channel for car-sharing. Hence, an attacker can access this information for illegal purposes, making the establishment of a secure authentication protocol essential. Furthermore, the traditional car-sharing system is established on the centralized structure, so there is a single point of failure. Thus, the design of a decentralized car-sharing scheme is vital for solving the centralized problem. This study designed a decentralized car-sharing scheme using blockchain. Specifically, blockchain technology was used to provide a decentralization car-sharing service and ensure data integrity. The participant entities of the proposed system can be authenticated anonymously. The proposed car-sharing system can be secured against various attacks and provide mutual authentication using informal analysis, automated validation of internet security protocols and applications (AVISPA) simulation, and BAN logic analysis. The computation costs and communication costs of the proposed scheme were also analyzed.

Lightweight Authentication Protocol Using Self-Certified Public Keys for Wireless Body Area Networks in Health-Care Applications

Health-care centers have been meeting challenges due to the increase in the aging population and chronic diseases that need continuous medical monitoring. Wireless body area network (WBAN) is a non-invasive technology consisting of diverse connected bio-medical sensors placed in the human body, which measure physiological parameters and make the information accessible to health-care professionals ubiquitously. However, a major problem in WBAN is the security and privacy of the patient's medical information. An essential security method to protect the physiological data is authentication. Several authentication protocols have been proposed for WBANs; however, some require many computing resources, and some have security vulnerabilities. In this article, the Two-Party Lightweight Authentication Protocol (TLAP) for WBANs is proposed. It uses self-certified public keys based on Elliptic Curve Cryptography (ECC), scalar point multiplication, symmetric key encryption, and the lightweight operations xor and conventional hash function to reduce the computational cost of the protocol. Formal and informal analyses were made to demonstrate that TLAP provides mutual authentication and resists potential attacks in WBANs. The security and performance of TLAP and similar existing protocols were analyzed and compared. The analyzes showed TLAP supports more security features and has lower execution time and communication cost than the other protocols, which is significant to decrease the energy consumption in WBANs.

A Provably Secure Three‐Factor Authentication Protocol for Wireless Sensor Networks

The wireless sensor network is a network composed of sensor nodes self‐organizing through the application of wireless communication technology. The application of wireless sensor networks (WSNs) requires high security, but the transmission of sensitive data may be exposed to the adversary. Therefore, to guarantee the security of information transmission, researchers propose numerous security authentication protocols. Recently, Wu et al. proposed a new three‐factor authentication protocol for WSNs. However, we find that their protocol cannot resist key compromise impersonation attacks and known session‐specific temporary information attacks. Meanwhile, it also violates perfect forward secrecy and anonymity. To overcome the proposed attacks, this paper proposes an enhanced protocol in which the security is verified by the formal analysis and informal analysis, Burross‐Abadii‐Needham (BAN) logic, and ProVerif tools. The comparison of security and performance proves that our protocol has higher security and lower computational overhead.

Secure Three‐Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short‐ and long‐range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography‐ (ECC‐) based three‐factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world.

Accounting for innovations in value management of companies in the context of globalization

Research background. Given that innovations have a great impact on gaining competitive advantage and long-term growth of the company’s value, it is important to find ways to fully and correctly reflect them in the accounting and reporting system to provide users with the necessary information to make effective decisions. Purpose of the article is to characterize the accounting of innovations in the value management system of the enterprise and determine the form of integrated reporting on innovations to assess their impact on the value of the company and make effective decisions. Methods. The methodological basis of the study consists of informal content analysis of information, systematic approach, deductive method, comparison, abstraction, grouping and systematic generalization. Findings & Value added. The disadvantage of the current accounting system is the attribution of investment in intangible innovations to the company’s costs, which is not considered and is not reflected as a long- term competitive advantage. Thus, not taking into account the intangible non-accounting factors of generating the value of the company, which are associated with innovation, intellectual capital, can significantly underestimate the book value of the company compared to its market value. The value of the company stated in the financial statements may be significantly lower than its market value due to the failure to take into account in the system of accounting for the interaction of innovation with intellectual, environmental and social capital, which is the source of domestic goodwill. Innovation accounting requires the allocation of appropriate facilities and the formation of integrated reporting to provide comprehensive information for decision-making in the management of the company’s value.

An e-healthcare authentication protocol employing cloud computing

Telecare medical information system (TMIS) provides a wide array of medical information to the respective participants (doctor/patient) over insecure networks. The patient medical data is extremely sensitive and confidential along with authentication. This paper presents an architecture for e-healthcare using TMIS system employing a cloud server to store the medical information of registered patients. In addition, the proposed secure authentication protocol comprises a mobile device to ensure secure communication between the participants and contributes a platform for proper communication. To proof authenticity, both formal and informal security analyses have been successfully executed to resist attacks. Moreover, the computation and communication costs of the reported scheme offered better results in comparison to existing literature.

Пространственная диффузия цифровых инноваций: тренды, проблемы и перспективы эмпирических исследований

The aim of the study was to generalize the world experience of studying the spatial diffusion of digital innovations in order to determine trends in changing priorities, existing problems and possible prospects for empirical research. With the help of the author’s semantic search algorithm, approximately eighty journal articles published in the last twenty years were found in eight bibliographic databases. The use of a moving average and biproportional indices for quantitative analysis of the array of articles revealed four upward trends: an increase in the average annual number of publications on the subject under consideration, increased attention to the deployment of broadband communications, the impact of spatial diffusion on economic growth and the use of regions as territorial units for studying diffusion processes. An informal analysis of the articles led to the identification of five key problems of modern research: a significant discrepancy between the year of publication and the last year of the process under study, analysis of a limited number of digital innovations, lack of a comprehensive understanding of the joint spatial diffusion of several innovations, the dominance of the idea of the homogeneity for the initial territorial units and the unexplored system of factors contributing to or hindering the spread of digital innovations. Comparing the existing experience of studying the spatial diffusion of digital innovations with similar studies of other types of innovations allowed identifying five promising areas for further research: the use of big data; expanding the set of models used with the subsequent creation of a system of methods; the study of hierarchical, network and other methods of spatial diffusion; the definition of spatial innovation waves with an explanation of the reasons for the formation of territorial barriers and filters; creation of a theory of the spatiotemporal spread of digital innovations based on the generalization of empirical research. The necessity of determining the scope of application of the results obtained in diffusion studies outside of regional economic policy is noted

A scalable and distributed architecture for secure and privacy-preserving authentication and message dissemination in VANETs

With significant advances in the development of autonomous cars and Internet of Things (IoT) in recent years, Vehicular Ad-hoc NETworks (VANETs) have become a promising technology for Intelligent Transportation Systems (ITS) as well. However, the wireless nature of VANET communication makes it vulnerable to a plethora of attack vectors to otherwise secure vehicles. Authenticated message dissemination plays a key role to avert such security vulnerabilities. Many of the existing Public Key Infrastructure (PKI) based schemes use Certificates for authentication. In such schemes, for authenticating an entity which presents its certificate, Certificate Revocation List (CRL) is used to check if the entity’s certificate has been revoked. But, as the size of the CRL grows, using CRL for authentication can incur computation and storage overhead in VANETs. To overcome this limitation of CRL-based approach for authentication, in this paper, we propose a distributed, scalable, low-overhead, privacy-preserving authentication scheme for VANETs. The proposed scheme uses a Merkle Hash Tree (MHT) for authenticating Road Side Units (RSUs) and Modified Merkle Patricia Trie (MMPT) for authenticating vehicles. We also present an informal analysis as well as formal correctness proof of the proposed scheme.

Mutual authentication with multi-factor in IoT-Fog-Cloud environment

Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. According to previous studies, the development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge. The present work aims to improve a method of mutual authentication with multi-factor using an adjustable variable response time, challenge-response function, and nonce. With these factors, the same method can be regulated for both the Fog and Cloud Computing contexts. We compared the present method with the evaluations carried out in related works, achieving a satisfactory result regarding the cost of computing and communication. The code developed in Java showed a better average processing time, low energy consumption than other studies, and a linear complexity metric. Finally, using the Proverif tool and an informal analysis to provide the security assessment, it was demonstrated that it is impossible to derive the discovery of keys, keeping the proposed method safe.

A continuidade entre os métodos formais e informais de demonstração na filosofia

O papel da lógica na filosofia é fundamentalmente metodológico já que é fazendo uso das diferentes estruturas de demonstração que teses filosóficas são estabelecidas. Por isso, no contexto da prática filosófica, a lógica deve ser tomada seu sentido mais largo, abarcando tanto a lógica formal quanto a informal. Dada a variação das formas de demonstração na filosofia e dado, portanto, o uso metodológico que a filosofia faz da lógica, argumento que, neste sentido, há uma continuidade entre os métodos formais e informais de demonstração. Para mostrar esta continuidade, partirei da noção fundamental de inferência lógica para estabelecer os critérios de diferenciação entre o formal e o informal, e reconstruirei brevemente a história filosófica da lógica para mostrar suas transformações e seu distanciamento progressivo do lugar metodológico na filosofia.Finalmente, considerando a literatura recente sobre lógica formal e informal, aponto os problemas relativos à suas diferenças e, partindo do reconhecimento de que lógica cumpre um papel metodológico na filosofia, argumento que a lógica formal e informal são práticas que estão em continuidade e se beneficiam mutuamente. No que diz respeito ao modo como a lógica informal se beneficia da lógica formal, o artigo investigará as vantagens e limitações em se tomar os sistemas de dedução natural como instrumento de análise de demonstrações em linguagem natural. No que diz respeito aos modos como a lógica formal pode se beneficiar da lógica informal, procuraremos mostrar que avanços na lógica formal decorrem, além dos esforços de formalização de provas informais, de uma análise informal das estratégias de cálculo e dos princípios segundos os quais uma certa linguagem lógica opera.

Informal sector housing Scenario Analysis for Chattogram, Bangladesh: A Way Forward

Bangladesh is a densely populated developing country and is facing housing shortage due to different reasons Khaled, Sultana...

Smart Contract Centric Inference Engine For Intelligent Electric Vehicle Transportation System.

The provision of electric vehicles (EVs) is increasing due to the need for ecological green energy. The increment in EVs leads to an intelligent electric vehicle transportation system’s need instead of cloud-based systems to manage privacy and security issues. Collecting and delivering the data to current transportation systems means disclosing personal information about vehicles and drivers. We have proposed a secure and intelligent electric vehicle transportation system based on blockchain and machine learning. The proposed method utilizes the state of the art smart contract module of blockchain to build an inference engine. This system takes the sensors’ data from the vehicle control unit of EV, stores it in the blockchain, makes decisions using an inference engine, and executes those decisions using actuators and user interface. We have utilized a double-layer optimized long short term memory (LSTM) algorithm to predict EV’s stator temperature. We have also performed an informal analysis to demonstrate the proposed system’s robustness and reliability. This system will resolve the security issues for both information and energy interactions in EVs.

A secure and improved multi server authentication protocol using fuzzy commitment

The advancement in communication and computation technologies has paved a way for connecting large number of heterogeneous devices to offer specified services. Still, the advantages of this advancement are not realized completely due to inherent security issues. Most of the existing authentication mechanisms ensure the legitimacy of requesting user thorough single server leading towards multiple registrations and corresponding credentials storage on user side. Intelligent multimedia networks (IMN) may encompass wide range of networks and applications. However, the privacy and security of IMN cannot be apprehended through traditional multi sign on/single server authentication systems. The multi-server authentication systems can enable a user to acquire services from multiple servers using single registration and with single set of credentials (i.e.Password/smart card etc.) and can be accomplish IMN security and privacy needs. In 2018, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.’s protocol is still vulnerable to anonymity violation attack and impersonation based on stolen smart card attack; moreover, it has incomplete login request and is prone to scalability issues. We then propose an enhanced protocol to overcome the security weaknesses of Barman et al.’s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensure the robustness of the scheme against all known attacks.

Breast Cancer Immunotherapy: From Biology to Current Clinical Applications

Therapeutic strategies for the treatment of breast cancer have historically been determined by the presence or absence of hormone receptors and HER2 amplification and/or protein expression. For patients with breast cancer that lack these biomarkers, the so-called ‘triple-negative’ subtype, chemotherapy has been the cornerstone of cure and palliation. However, with the recent successful development of immune checkpoint molecules that target cytotoxic T-lymphocyte antigen-4, programmed cell death-1 (PD-1), and PD-ligand 1 (PD-L1), improved survival has been reported across a range of tumour types including melanoma, lung, and bladder cancer. In metastatic breast cancer, trials of single-agent immune checkpoint inhibitors (ICI) have resulted in limited overall response rates; however, strategies that combine local or systemic therapies with ICI have improved response rates and, in some cases, improved survival. For example, the addition of an anti-PD-L1 inhibitor, atezolizumab, to nab-paclitaxel chemotherapy for newly diagnosed metastatic triple-negative breast cancer demonstrated an improvement in overall survival in an informal analysis of the PD-L1-positive subset in a recently reported Phase III clinical trial. These results ultimately led to U.S. Food and Drug Administration (FDA) approval for an ICI for the treatment of breast cancer, with numerous other health authorities following suit. Herein, the authors describe the biology behind ICI, the rationale for ICI administration in breast cancer, the related clinical trial data reported to date, and promising future strategies.