Proposed Authentication Scheme Research Articles

A Novel Authentication Scheme Based on Verifiable Credentials Using Digital Identity in the Context of Web 3.0

This paper explores the concept of digital identity in the evolving landscape of Web 3.0, focusing on the development and implications of a novel authentication scheme using verifiable credentials. The background sets the stage by placing digital identity within the broad context of Web 3.0′s decentralized, blockchain-based internet, highlighting the transition from earlier web paradigms. The methods section outlines the theoretical framework and technologies employed, such as blockchain, smart contracts, and cryptographic algorithms. The results summarize the main findings, including the proposed authentication scheme’s ability to enhance user control, security, and privacy in digital interactions. Finally, the conclusions discuss the broader implications of this scheme for future online transactions and digital identity management, emphasizing the shift towards self-sovereignty and reduced reliance on centralized authorities.

A message verification scheme based on physical layer-enabled data hiding for flying ad hoc network

AbstractThe use of Unmanned Aerial Vehicles (UAVs) for military as well as civilian applications such as search and rescue operations, disaster management, parcel delivery and agriculture, is becoming increasingly popular, mainly due to their versatile nature and relatively inexpensive operating costs. However, one of the most significant barriers in the widespread adoption of UAVs for the aforementioned applications is the increasing concern for wireless communication security within the network. Unfortunately, the nodes that comprise these networks are extremely constrained in terms of storage space, processing power and battery life, which require light-weight security protocols that align with these limitations. The current standards for message authentication and verification predominantly rely on lightweight cryptographic techniques. However, there is continual scope for improvement, particularly in the realm of computational efficiency, to better align with the constraints inherent to UAVs. This paper explores data hiding in a multi-UAV environment, to form a light-weight message verification scheme to confirm the identity of the transmitting node. First, five venues having the potential to hide data are analyzed. Based on the analysis of bit error rate obtained from the simulated multi-UAV environment, both cyclic prefix and padding bits are selected. Next, a codeword is generated for each transmission and it is embedded along with the unique ID key, $$\kappa $$ κ of the transmitting node into each venue respectively, and the output is transmitted as Hello packets. Subsequently, the receiving node extracts and decodes the codeword in order to verify the authenticity of the transmitting node. An evaluation of the proposed scheme has been conducted by using a simulated UAV environment. In the best case scenario, the proposed authentication scheme can achieve a successful verification rate of at least 80% at a maximum hop-count of 10 hops. Through computational cost analysis, in comparison to the conventional methods, the proposed scheme was found to have a significantly lower total execution time of $$1.7\mu s$$ 1.7 μ s . In addition, the security analysis shows that when the proposed scheme is paired with physical unclonable functions (PUFs), it is able to resist common security attacks, including man-in-the-middle, replay and cloning attacks.

A Lightweight and Anonymous Mutual Authentication Scheme for Medical Big Data in Distributed Smart Healthcare Systems.

The rapid development of Big Data technology supports the advancement of many fields like industrial automation, smart healthcare, distributed systems, and many more. Big data is large and heterogeneous data generated from different sources, such as Internet of Things (IoT) devices, weather forecasting, traffic management systems, etc. However, in a distributed smart healthcare industry, unauthorized users or devices can illegally access healthcare Big Data, as well as control the sensor or IoT-enabled devices connected to a patient's body. They can even alter patients' healthcare Big Data by inserting false and misleading data, which may even cause death to the patient. This study presents a lightweight privacy-preserving user authentication scheme to solve the above-said problems in a distributed smart healthcare system. The proposed scheme prevents unauthorized users from getting access to the healthcare system by establishing a secure session for the authorized user. Here, the password protection mechanism allows only a legitimate user to access and modify the patient's healthcare Big Data. The security strength and effectiveness of the proposed authentication scheme is evaluated in this paper, which show that it is more efficient and secure than the state-of-the-art schemes.

Enhancing healthcare data security: a two-step authentication scheme with cloud technology and blockchain

In the modern world, medical data leakage has many external and internal threats. Information systems of medical organizations are constantly subject to various types of cyber-attacks and unauthorized penetration attempts, which leads to the publication of patient medical data online. Existing authentication schemes using blockchain technologies in medical organization systems ensure the integrity of medical data and secure access to patient data. However, one of the serious reasons for unauthorized access to the healthcare system is the human factor, which manifests itself in a negligent attitude towards account security, non-compliance with the rules and policies of information security, and transferring to third parties personal login details to the information system of a medical organization. This paper proposes a solution to this problem through an improved two-step authentication scheme using cloud technology and blockchain. The combined use of cloud technologies and blockchain is a distinctive feature of the proposed authentication scheme since it provides two levels of protection: 1) two-step authentication, the second stage of which includes biometrics through a mobile application. It prevents unauthorized access to the system by third parties; 2) cloud encryption keys for decrypting medical data, which are also accessed through the user's biometrics. The practical part of the paper includes the implementation of biometric login in Python using the OpenCV library. As a result of the practical part, unique fingerprint samples were obtained. The biometric user verification algorithm is designed for a mobile application, which we plan to implement in the future

An Integrated Two-Factor Authentication Scheme for Smart Communications and Control Systems

Fast and reliable authentication is a crucial requirement of communications networks and has various research challenges in an Internet of Things (IoT) environment. In IoT-based applications, as fast and user-friendly access and high security are required simultaneously, biometric identification of the user, such as the face, iris, or fingerprint, is broadly employed as an authentication approach. Moreover, a so-called multi-factor authentication that combines user identification with other identification information, including token information and device identity, is usedto enhance the authentication security level. This paper proposes a novel twofactor authentication scheme for intelligent communication and control systems by utilizing the watermarking technique to incorporate the mobile device authentication component into the user’s facial recognition image. Our proposed scheme offers user-friendliness while improving user security and privacy and reducing authentication information exchange procedures to provide a secure and lightweight schema in real applications. The proposed scheme’s security advantages are validated using the widely accepted Burrows–Abadi–Needham (BAN) logic and experimentally assessed using the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator tool. Finally, our experimental results show that the proposed authentication scheme is an innovative solution for a smarthome control system, such as a smart lock door operation.

ECC based Authentication Approach for Secure Communication in IoT Application

Internet of Things (IoT) is an advanced applied science in recent years that enables communication among humans and smart components or among Internet-based components. Besides, IoT provides affiliation of physical and virtual elements that are fully controlled by different kinds of hardware, software, and interaction advancements. Though numerous methods of IoT offer many advantages to our day-to-day routine, it also possesses huge security weaknesses. The traditional methods are vulnerable to a huge range of attacks. Hence, establishing safe and effective security alternatives for the IoT environment remains as a main challenge and the major risk in this security solution is to transfer significant information in a secure manner. To address such limitations, an effective authentication approach named CHEK-based authentication methodology is devised for secure communication in IoT. The proposed authentication scheme consists of four steps and the authentication approach is developed by considering various security operations like hashing, encryption, secret key pairs, passwords, and so on. Moreover, the CHEK-based authentication scheme provides promising solution with minimum computational cost of 16.541 and minimum memory usage of 72.3MB.

A privacy preserving four-factor authentication protocol for internet of medical things

Medical applications of the Internet of Things (IoT) have gained significant attention, especially in the context of monitoring health-related information for elderly individuals living alone and patients receiving home-based care, especially during the COVID-19 pandemic. These applications offer immense convenience and contribute to the reduction of infection risk. Consequently, safeguarding the privacy of patient data has become increasingly vital. However, the resource limitations inherent to IoT present challenges in implementing complex algorithms. Numerous researchers have proposed authentication schemes based on three factors: passwords, biometric features, and smart cards. While three-factor authentication protocols are generally more secure than two-factor ones, recent studies have unveiled vulnerabilities in existing protocols designed for IoT environments, particularly concerning sensor node capture attack and smart card stolen attack. Only a few protocols provide reliable solutions to address these issues. To tackle this challenge, we propose a lightweight authentication protocol that introduces the Physical Unclonable Function (PUF) as the fourth factor, enhancing the security and privacy of the system. By integrating PUF technology into servers and embedding it into the integrated circuit chips of sensors, our protocol is specifically designed to thwart attacks like sensor node capture and smart card stolen. We validate the security of our proposed protocol using formal BAN logic and ProVerif simulator tool, demonstrating its capability to provide secure mutual authentication. Moreover, through informal analysis, we illustrate that our scheme can withstand multiple attacks. Furthermore, our proposed protocol outperforms existing protocols in terms of computational cost, storage cost, communication cost, and security requirements.

Image based ECC Mutual Authentication Scheme for Cloud Assisted TMIS

In this modern era, cloud-based services like e-commerce, e-gate, and so on provide immense services to humans. Healthcare centers are gradually moving to cloud-based services. In which, both the hospital and patients are connected remotely online and patient gets treatment quickly. Increasing the demand in Telecare Medical Information System (TMIS) needs to ensure the security and privacy of the healthcare centers and patients’ information. In this paper, we have proposed an e?cient and provably secure Elliptic Curve cryptography image based mutual authentication scheme for cloud assisted TMIS. The proposed authentication schemes ensure the secured treatment provided to patients from healthcare center through online. The patient can upload their health condition data to cloud via mobile device for the treatment. The proposed authentication scheme required minimum computational cost with minimum communication overhead. The proposed authentication scheme preserves patient anonymity and withstands the known and chosen plaintext attack. The security analysis for the proposed scheme shows that the proposed authentication scheme is more secure. It shows that the proposed authentication scheme is performing well compare to the related authentication schemes.

Aggregated Zero-Knowledge Proof and Blockchain-Empowered Authentication for Autonomous Truck Platooning

Platooning technologies enable trucks to drive cooperatively and automatically, providing benefits including less fuel consumption, greater road capacity, and safety. To establish trust during dynamic platooning formation, ensure vehicular data integrity, and guard platoons against potential attackers in mixed fleet environments, verifying any given vehicle’s identity information before granting it access to join a platoon is pivotal. Besides, due to privacy concerns, truck owners may be reluctant to disclose private vehicular information, which can reveal their business data to untrusted third parties. To address these issues, this is the first study to propose an aggregated zero-knowledge proof and blockchain-empowered system for privacy-preserving identity verification in truck platooning. We provide the correctness proof and the security analysis of our proposed authentication scheme, highlighting its increased security and fast performance. The platooning formation procedure is re-designed to seamlessly incorporate the proposed authentication scheme, including the 1st catch-up and cooperative driving steps. The blockchain performs the role of verifier within the authentication scheme and stores platooning records on its digital ledger to guarantee data immutability and integrity. In addition, the proposed programmable access control policies enable truck companies to define who is allowed to access their platoon records. We implement the proposed system and perform extensive experiments on the Hyperledger platform. The results show that the blockchain can provide low latency and high throughput, the aggregated approach can offer a constant verification time of 500 milliseconds regardless of the number of proofs, and the platooning formation only takes seconds under different strategies. The experimental results demonstrate the feasibility of our design for use in real-world truck platooning.

An authentication scheme for FANET packet payload using data hiding

Flying ad hoc networks (FANETs) are gaining much traction in recent years due to their wide range of applications, resulting in the emergence of a number of studies on the facilitation of their widespread adoption. One of the key areas being investigated is the establishment of security strategies to combat the large amount and variety of security threats that they inevitably face when they are operating in the field. Since a majority of FANET’s operations involve the transmission of network packets containing both instructions and sensitive data, the protection of these packets is critical. This paper proposes an authentication scheme to protect the payload of the packets being transmitted within the FANET. Since FANETs are highly resource-constrained, we opted for a lightweight and energy-efficient approach. The proposed scheme essentially encodes the payload of a physical layer data frame into a compact bit stream, which is subsequently embedded into the cyclic prefix (CP) at the physical layer. The encoding process includes the XOR-operation and JBIG2 lossless compression. At the receiver’s end, the hidden authentication data is extracted and decoded for comparison against the payload of the received data frame. Two enhancements are introduced to further enhance robustness against masquerade attack. The proposed scheme is evaluated in terms of bit error rate (BER) under different signal-to-noise ratio (SNR) settings. In all considered SNR settings, the proposed authentication scheme achieves BERs of <0.7∗10−4 when 7-bit Hamming code is implemented. Experiment results also confirm that proposed scheme is able to localize the tampered data frames.

Efficient palm vein authentication encryption technique in wireless implantable medical devices

Implantable medical devices (IMD) are commonly utilized to treat chronic illnesses. Many IMD communicate in wireless mode using an external programmer, which raises security concerns. Security of IMD is a critical issue which assaults direct harm to patients. Many researches are carried out on IMD security and challenges when the patient is not in a critical situation. Still, it would be a major issue while the patient is unconscious. In this research, a novel scheme for emergency secure access control of IMD was proposed to improve the security of biometric-based IMD schemes. The proposed authentication scheme uses a combination of palm vein and zero-watermark to generate encrypted credential data for IMDs. Using quantitative assessment for evaluating images, such as the peak signal-to-noise ratio (PSNR), structural similarity index (SSIM), and the mean squared errors (MSE), the suggested framework is shown to be superior to existing methods. Two other study goals are improved efficiency and image quality at a lower computational cost.

A Multi-Blockchain-Based Cross-Domain Authentication and Authorization Scheme for Energy Internet

The expansion of the scale of the Power Internet of Things stimulated by the development of the Energy Internet makes the growth in demand for the effective authentication and access control technologies in the cross-domain data exchange. Based on the cross-chain technology of the blockchain and the cuckoo filter, this paper proposes a cross-domain authentication scheme for Power Internet of Things. Firstly, a cross-chain authentication architecture is established. Combined with the existing authentication technologies used in intra-domain authentication, a cross-domain authentication process based on the cross-chain technology is proposed to realize the automatic transmission of the authentication credentials from application domain to authentication domain. The cuckoo filter is deployed on the blockchain as smart contracts, and the user certificate fingerprint is inserted into the filter to realize user registration, query, and revocation, which reduces the cost of the user certificate management. Experimental results show the effectiveness and feasibility of our scheme. Based on the proposed authentication scheme, a cross-domain access control scheme based on roles and object classes is presented, by treating the object classes as controlled objects and then applying the role-based access control to the object classes, on the condition that the heterogeneous domains in the Energy Internet have the same kinds of resources.

DP-Authentication: A novel deep learning based drone pilot authentication scheme

Unmanned Aerial Vehicles (UAVs), also known as drones, have recently been proposed as flying base stations for providing reliable service to IoT devices. However, due to the lack of effective authentication schemes, UAVs are often hijacked by adversaries, which raises a high potential for sensitive information leakage. Therefore, designing a real-time authentication scheme is essential to enhance UAV safety. Up to the present, several works exist about pilot authentication by classifying radio-control signals. As propagating through the open environment, radio-control signals can be sniffed, analyzed, and simulated, posing significant threats to UAV security. For this reason, we propose a novel deep learning-based drone pilot authentication scheme, DP-Authentication, to protect UAVs from malicious radio-manipulated attacks. Specifically, we collect UAV flight data from the onboard PX4 flight stack and feed them into the authentication scheme to validate pilot legal status dynamically. As verified by comprehensive experiments, the proposed authentication scheme can authenticate pilots with an accuracy of 95.24% and detect malicious hijacking with an accuracy of 96.82%. Thanks to the low system overhead, it holds great promise for deployment on the UAV side to monitor pilot legal status in real-time.

A Novel Revocable Lightweight Authentication Scheme for Resource-Constrained Devices in Cyber–Physical Power Systems

The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

Lattice-Based Lightweight Quantum Resistant Scheme in 5G-Enabled Vehicular Networks

Both security and privacy are central issues and need to be properly handled because communications are shared among vehicles in open channel environments of 5G-enabled vehicular networks. Several researchers have proposed authentication schemes to address these issues. Nevertheless, these schemes are not only vulnerable to quantum attacks but also use heavy operations to generate and verify signatures of messages. Additionally, these schemes need an expensive component RoadSide Unit (RSU)-aided scheme during the joining phase. To address these issues, we propose a lightweight quantum-resistant scheme according to the lattice method in 5G-enabled vehicular networks. Our proposal uses matrix multiplication instead of operations-based bilinear pair cryptography or operations-based elliptic curve cryptography to generate and verify signatures of messages shared among vehicles. Our proposal satisfies a significant reduction in performance, which makes it lightweight enough to handle quantum attacks. Our proposal is based on 5G technology without using any RSU-aided scheme. Security analysis showed that our proposal satisfies privacy and security properties as well as resists quantum attacks. Finally, our proposal also shows favorable performance compared to other related work.

Secure access microcontroller system based on fingerprint template with hyperchaotic encryption

Authentication systems based on biometric and microcontroller systems are used around the world to control the access of users in restricted sites such as in offices, banks, or hospitals. Moderns authentication systems use cloud connectivity using the Internet. Nevertheless, biometric data are considered confidential, which is susceptible to hacker attacks with the aim of fraud, extortion or identity theft. In this work, we propose a low-cost secure control access microcontroller system that uses the Secure Hash Algorithm 1 (SHA-1) and hyperchaotic encryption of fingerprint template to increase the security against cybernetic attacks. The main findings can be briefly described as (1) chaotic encryption of the fingerprint template provides strong security by using the hyperchaotic 2D Lotka–Volterra map with just one round of diffusion–confusion; (2) the fingerprint template injected to SHA-1 increases the robustness against differential attack by combining a unique 160-bit hash key with the personal key; (3) the authentication system implemented in a low-cost embedded system based on 32-bit microcontroller provides high security at low cost; (4) several security analysis of data generated in the embedded authentication system validates the effectiveness of proposed scheme. Based on the high security level achieved in proposed authentication scheme, the system provides double padlock in secure access biometric systems providing robustness against malicious attacks, avoid identity theft and the unauthorized access in highly restricted areas.

Lightweight and efficient privacy‐preserving mutual authentication scheme to secure Internet of Things‐based smart healthcare

AbstractIn recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

A Trustworthy, Reliable, and Lightweight Privacy and Data Integrity Approach for the Internet of Things

Data integrity and authenticity are among the key challenges faced by the interacting devices of Internet of Things (IoT). The resource-constrained nature of sensor-embedded devices makes it even more difficult to design lightweight security schemes for these networks. In view of limited resources of the IoT devices, this article proposes a lightweight and trustworthy device-to-server mutual authentication scheme for edge-enabled IoT networks. Initially, a trusted authority generates and assigns identities (IDs) and mask them to servers and clients, also known as member devices, in an offline phase. These IDs are utilized to prevent possible infiltration of the adversary device(s). Next, every device ensures the authenticity of requesting devices using a sophisticated challenge, which is encrypted using a 128-b secret key, <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\lambda _{i}$</tex-math></inline-formula> . Each device expects a reply from the intended destination device for resolving the encrypted challenge within the defined timeframe, <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$i.e., \bigtriangleup T$</tex-math></inline-formula> . Moreover, authenticity of the requesting device is verified through the stored IDs, which are shared in the offline phase. Simulation results have verified the exceptional performance of the proposed authentication scheme against field proven approaches in terms of computational and communication costs.

Blockchain Enabled Anonymous Privacy-Preserving Authentication Scheme for Internet of Health Things.

The Internet of Health Things (IoHT) has emerged as an attractive networking paradigm in wireless communications, integrated devices and embedded system technologies. In the IoHT, real-time health data are collected through smart healthcare sensors and, in recent years, the IoHT has started to have an important role in the Internet of Things technology. Although the IoHT provides comfort in health monitoring, it also imposes security challenges in maintaining patient data confidentiality and privacy. To overcome such security issues, in this paper, a novel blockchain-based privacy-preserving authentication scheme is proposed as an approach for achieving efficient authentication of the patient without the involvement of a trusted entity. Moreover, a secure handover authentication mechanism that ensures avoiding the patient re-authentication in multi-doctor communication scenarios and revoking the possible malicious misbehavior of medical professionals in the IoHT communication with the patient is developed. The performance of the proposed authentication and handover scheme is analyzed concerning the existing state-of-the-art authentication schemes. The results of the performance analyses reveal that the proposed authentication scheme is resistant to different types of security attacks. Moreover, the results of analyses show that the proposed authentication scheme outperforms similar state-of-the-art authentication schemes in terms of having lower computational, communication and storage costs. Therefore, the novel authentication and handover scheme has proven practical applicability and represents a valuable contribution to improving the security of communication in IoHT networks.

PHY-layer authentication exploiting CFO for smart healthcare systems with mmWave communication technology

In this paper we study the problem of validating the legitimacy of devices collecting health data from patients for a smart healthcare system with millimeter wave (mmWave) communication technique, and propose a cost-effective physical layer (PHY-layer) scheme, which utilizes the intrinsic hardware fingerprinting features in terms of carrier frequency offset (CFO). In particular, we first extract the CFO feature caused by the oscillator mismatch in mmWave hardware architecture supporting ultra-high data rates by using the maximum likelihood estimation and parabolic interpolation method, and then formulate the problem of authenticating devices as a binary hypothesis test based on the resulting feature. With the help of statistical signal processing, the analytical expressions for false alarm and detection probabilities are further derived statistically. Finally, extensive simulations are conducted to verify the theoretical results for modeling of the two probabilities. In addition, we also examine the impact of various system parameters on the efficiency of the proposed authentication scheme.