Security Drawbacks Research Articles

Attribute-based key management for patient-centric and trusted data access in blockchain-enabled IoMT

Internet of Medical Things (IoMT) provides real-time data collection and access services to medical entities by connecting their devices to Internet. However, within such a complex architecture, achieving patient-centric data access still presents trustworthiness challenges of transmission security and usage reliability. Ciphertext-policy attribute-based encryption (CP-ABE) and blockchain are both the promising primitives that support patients with secure access control over their data. Nevertheless, both have their unique key management issues. In this paper, we propose a novel patient-centric and trusted data access (PCT-DA) system in blockchain-enabled IoMT. Firstly, we develop an online/offline encryption and verifiable outsourced decryption CP-ABE scheme to relieve the computation pressure on patients and users. Secondly, we design a flexible attribute-based key management mechanism to overcome the security drawbacks of encryption and attribute keys, such as single point of failure, key escrow and privacy leakage. Finally, we build a trusted integrity audit contract to guarantee the incentive fairness between patients and users in access services. Moreover, theoretical analyses prove that the PCT-DA system not only achieves confidentiality, integrity, traceability and forward/backward security, but also guarantees static security under random oracles. Simulation experiments indicate that our proposal reduces the time cost by approximately 14.10 seconds over state-of-the-art and is more practical in blockchain-enabled IoMT system.

Analysis of Cryptographic Algorithms to Improve Cybersecurity in the Industrial Electrical Sector

This article provides a general overview of the communication protocols used in the IEC61850 standard for the automation of electrical substations. Specifically, it examines the GOOSE and R-GOOSE protocols, which are used for exchanging various types of information. The article then presents real cases of cyber attacks on the industrial sector, highlighting the importance of addressing cybersecurity in the IEC61850 standard. The text presents security drawbacks of the communication protocols mentioned earlier and briefly explains two algorithms defined in the IEC61850 standard to address them. However, the authors suggest that having only a couple of algorithms may not be sufficient to ensure digital security in substations. This article presents a study on the cryptographic algorithms ChaCha20 and Poly1305. The purpose of the study is to experimentally verify their adaptation to the strict time requirements that GOOSE must meet for their operation. These algorithms can operate independently or in combination, creating an Authenticated Encryption with Associated Data (AEAD) algorithm. Both algorithms were thoroughly reviewed and tested using GOOSE and R-GOOSE frames generated by the S-GoSV software. The computational time required was also observed. The frames were analysed using the Wireshark software. It was concluded that the algorithms are suitable for the communication requirements of electrical substations and can be used as an alternative to the cryptographic algorithms proposed under the IEC61850 standard.

LCDMA: Lightweight Cross-Domain Mutual Identity Authentication Scheme for Internet of Things

With the widespread popularity of mobile terminals in the Internet of things (IoT), the demand for cross-domain access of mobile terminals between different regions has also increased significantly. The nature of wireless communication media makes mobile terminals vulnerable to security threats in cross-domain access. Identity authentication is a prerequisite for secure data transmission in cross-domain, and it is also the first step to guarantee the credibility of data sources. Most existing authentication schemes are based on bilinear pairing or public key encryption and decryption with high computation overhead, which are not suitable for the resource-limited mobile IoT terminals. Moreover, these schemes have some security drawbacks and cannot meet the security requirements of cross-domain access. In this paper, we propose a lightweight cross-domain mutual identity authentication (LCDMA) for mobile IoT environment. LCDMA uses symmetric polynomial instead of high-complexity bilinear pairing in the traditional schemes. We theoretically analyze the security performance under the random oracle model. Our results show that LCDMA not only resists common attacks, but also preserves secure traceability while guaranteeing anonymity. Performance evaluation further demonstrates that our scheme has better performance in terms of computation and communication overhead, compared with other existing representative schemes.

A Lightweight Authentication MAC Protocol for CR-WSNs.

Cognitive radio (CR) has emerged as one of the most investigated techniques in wireless networks. Research is ongoing in terms of this technology and its potential use. This technology relies on making full use of the unused spectrum to solve the problem of the spectrum shortage in wireless networks based on the excessive demand for spectrum use. While the wireless network technology node's range of applications in various sectors may have security drawbacks and issues leading to deteriorating the network, combining it with CR technology might enhance the network performance and improve its security. In order to enhance the performance of the wireless sensor networks (WSNs), a lightweight authentication medium access control (MAC) protocol for CR-WSNs that is highly compatible with current WSNs is proposed. Burrows-Abadi-Needham (BAN) logic is used to prove that the proposed protocol achieves secure and mutual authentication. The automated verification of internet security protocols and applications (AVISPA) simulation is used to simulate the system security of the proposed protocol and to provide formal verification. The result clearly shows that the proposed protocol is SAFE under the on-the-fly model-checker (OFMC) backend, which means the proposed protocol is immune to passive and active attacks such as man-in-the-middle (MITM) attacks and replay attacks. The performance of the proposed protocol is evaluated and compared with related protocols in terms of the computational cost, which is 0.01184 s. The proposed protocol provides higher security, which makes it more suitable for the CR-WSN environment and ensures its resistance against different types of attacks.

Defending Industry 4.0: An Enhanced Authentication Scheme for IoT Devices

To address the security concerns of Industry 4.0, recently, Garg <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed a lightweight authentication protocol, and Akram <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> showed some of its security drawbacks. We continue this line by exposing how Garg <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s protocol suffers from noninvasive and invasive attacks. First, we explain that a passive attacker can trace any two communicating nodes to compromise their location privacy. Next, we show that an active though noninvasive adversary can compromise the integrity of the exchanged messages without being detected and run a de-synchronization attack. Besides, the adversary can extract any shared session key from any pair of nodes in the protocol. We named this attack a pandemic session key disclosure attack, and its consequences are more harmful than the impersonation of a compromised node. Finally, we disclose how the proposed scheme does not guarantee the privacy protection for the keys when we assume an honest but curious server. To overcome those existing security flaws, we finally propose a revised protocol called <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TARDIGRADE</monospace> . First, our informal analysis, and then, our formal security analysis using the real-or-random model shows that <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TARDIGRADE</monospace> provides the desired security, and likewise, our performance analysis confirms a reasonable cost compared with Garg <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s protocol.

Secure VANET Authentication Protocol (SVAP) Using Chebyshev Chaotic Maps for Emergency Conditions

It is crucial to support emergency applications provided by vehicular adhoc network (VANET) through enabling vehicles to quickly access to the infrastructure and consequently request rescue services. Additionally, the communication channels between vehicles and the infrastructure lack various security features due to the inferior wireless characteristics of their environment. However, most of the existing authentication schemes which are used to fix the security drawbacks lead to heavy computations and large storage burdens on the vehicle onboard unit (OBU). These schemes utilize secure channels while distributing the network parameters between the various participants. Yet, it is not efficient to establish secure channels during the interactions between entities. Furthermore, lightweight cryptography is an efficient security solution which is adequate for OBU to maintain a reasonable efficiency with low computational and communication costs. Two basic demerits for lightweight authentication protocols are highlighted as follows: Firstly, symmetric key-based authentication protocols dismiss achieving non-repudiation feature, leading to several security attacks in VANET. Secondly, public key-based authentication schemes are relied on elliptic curve cryptography (ECC) which makes the protocol implementation more difficult. Hence, this paper introduces a novel authentication protocol that utilizes Chebyshev chaotic maps to secure connectivity between the vehicles and infrastructure without using secure channels to distribute the network parameters. The new protocol combines the concept of the symmetric key cryptography with the public key signature to satisfy both the lightweight property and non-repudiation feature. Thus, this protocol introduces a novel network model which is the lowest hardware complexity, compared with others. The performance analysis is performed by Wolfram Mathematica, proving that the proposed protocol is superior in terms of security and performance aspects; its computation and storage costs of OBU are enhanced with 24.09&#x0025; and 16.99&#x0025;, respectively, compared to the most competing scheme. Besides, the Scyther simulation confirms the security of the protocol.

Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Federated learning for drone authentication

The ever-rising applications of drones in the Internet of Things (IoT) era is offering many opportunities and challenges. Owing to drone abilities (silent flying, capturing photos and videos, etc.), there is widespread concern about drone authentication and which drones allow to fly. In this regard, there are several machine learning (ML) proposals for authentication in IoT networks. Such ML-based models have drawbacks in data security, privacy-preserving, and scalability when applied in drone authentication. ML-based methods collect all data and centrally train the authentication model, exposing the model to adversarial situations. This paper proposes a federated learning-based drone authentication model with drones’ Radio Frequency (RF) features in IoT networks. In the proposed model, the Deep Neural Network (DNN) architecture is implemented for drone authentication with Stochastic Gradient Descent (SGD) optimization performed locally on drones. Also, Homomorphic encryption and the secure aggregation method are applied to secure model parameters. Experimental results show that the federated drone authentication model gains a high true positive rate (TPR) during drone authentication and better performance compared to other ML-based models.

A Parallelized Database Damage Assessment Approach after Cyberattack for Healthcare Systems

In the current Internet of things era, all companies shifted from paper-based data to the electronic format. Although this shift increased the efficiency of data processing, it has security drawbacks. Healthcare databases are a precious target for attackers because they facilitate identity theft and cybercrime. This paper presents an approach for database damage assessment for healthcare systems. Inspired by the current behavior of COVID-19 infections, our approach views the damage assessment problem the same way. The malicious transactions will be viewed as if they are COVID-19 viruses, taken from infection onward. The challenge of this research is to discover the infected transactions in a minimal time. The proposed parallel algorithm is based on the transaction dependency paradigm, with a time complexity O((M+NQ+N^3)/L) (M = total number of transactions under scrutiny, N = number of malicious and affected transactions in the testing list, Q = time for dependency check, and L = number of threads used). The memory complexity of the algorithm is O(N+KL) (N = number of malicious and affected transactions, K = number of transactions in one area handled by one thread, and L = number of threads). Since the damage assessment time is directly proportional to the denial-of-service time, the proposed algorithm provides a minimized execution time. Our algorithm is a novel approach that outperforms other existing algorithms in this domain in terms of both time and memory, working up to four times faster in terms of time and with 120,000 fewer bytes in terms of memory.

Performance Evaluation of Lightweight Encryption Algorithms for IoT-Based Applications

Today, all smartphones, notebooks, or other communication devices could connect to the cloud, so the data are accessible everywhere. When these devices are interconnected through the internet, they make an Internet of Things (IoT) network that exchanges data among network nodes and other services. IoT has a broad application area from smart applications to various industrial usages. However, the high volume of data transferred in the IoT network makes it crucial to implement mechanisms to transfer the data safe and secure. Enciphering is one of the best techniques to offer end-to-end security. Considering an IoT network, nodes have restricted resources, and applying classical cryptography methods are costly and not efficient, so lightweight block ciphers are one of the sophisticated solutions to overcome security drawbacks in this scope. In this paper, ten lightweight algorithms involve AES, PRESENT, LBlock, Skipjack, SIMON, XTEA, PRINCE, Piccolo, HIGHT, RECTANGLE tested to evaluate their performance for key factors such as memory usage (RAM and ROM), energy consumption, throughput, and execution time for both encryption and decryption modes over cloud transmission. We have done simulations using Raspberry Pi 3 and Arduino Mega 2560 as the leading devices in the IoT scope. As a result, this paper will help IoT developers to choose the right platform and enciphering algorithm to set up a secure network due to multiple factors like energy and memory usage, especially for software platforms.

WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks.

Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.

Secure Deduplication-Based Storage Systems With Resistance to Side-Channel Attacks via Fog Computing

Data deduplication technique could greatly save the storage overhead of the cloud by eliminating duplicated data and retaining one copy. In order to ensure the privacy of the data against an untrusted cloud, many cryptographic schemes have been proposed to make deduplication feasible in ciphertext. A typical scheme is Message-Locked Encryption (MLE), which takes cryptographic hash values of messages as encryption keys. However, MLE is vulnerable to side-channel attacks. Current solutions trying to mitigate these attacks raise either expensive overhead or security drawbacks. In this paper, we propose a secure data deduplication system against an untrusted cloud with resistance to two typical side-channel attacks, namely probe attack and key-cache attack. Our system uses fog computing to devise two new techniques to solve the two side-channel attacks with new security and efficiency trade-offs. The analysis and evaluation show that our system achieves better trade-offs compared with previous works.

Security analysis and improvement of a quantum multi-signature protocol

Recently, Jiang et al. proposed a novel quantum multi-signature protocol based on locally indistinguishable orthogonal product states. Unfortunately, their protocol cannot resist against the forgery attack and disavowal attack. We investigate the security of Jiang et al.’s quantum multi-signature protocol and demonstrate the signature receiver’s forgery attack. What is more, the signature receiver can extend the forgery attack such that anyone can generate the forgery. On the other hand, their protocol is insecure against the signers’ disavowal attack, too. Then, an improved quantum multi-signature protocol is proposed. In the improved protocol, all the signers share the private keys with the signature receiver and the arbitrator. To generate a quantum multi-signature, all the signers perform the unitary operations controlled by the private keys and the message. The improved protocol overcomes all the security drawbacks of Jiang et al.’s quantum multi-signature. What is more, the arbitrator Trent can be semi-trusted, because he cannot forge any quantum signature of the signers, although Trent shares the private keys with all the signers. At the same time, the new protocol has the same quantum efficiency as that of Jiang et al.’s protocol.

Comments on the “Efficient quantum multi-proxy signature”

Recently, a novel quantum multi-proxy signature scheme was proposed by Qin et al. It has flexible proxy delegation and high efficiency. Unfortunately, it is not secure against proxy attacks and forgery attack. In this paper, first, the proxy attacks for the quantum proxy signature scheme are introduced. We demonstrate that every proxy signer can delegate the proxy signing power to a malicious arbitrator, who can sign any message on behalf of all the proxy signers. At the same time, the original signer can also impersonate the proxy signer to generate a quantum proxy signature without being detected. The forgery attacks may also cause some other serious security drawbacks for the quantum proxy signature. Second, the forgery under chosen-signature attack is introduced. We demonstrate that Qin et al.’s quantum multi-proxy signature cannot resist against the signature receiver’s forgery under chosen-signature attack. The proposed proxy attacks and the forgery under chosen-signature attack can be used as the security analysis tools, which are useful for analyzing and improving the security of the quantum proxy signatures. At last, an improved quantum multi-proxy signature scheme was proposed. The improved scheme is secure against the original signer’s proxy attack and the forgery under chosen-signature attack. Its security against the proxy signer’s proxy attack depends on the credibility of the arbitrator.

TERÖRLE VE DİĞER SUÇLARLA MÜCADELEDE KOLLUĞUN SOSYAL MEDYA KULLANIMININ DEĞERLENDİRİLMESİ

Social media is an internet-based medium where thoughts, ideas, experiences, situations are shared with communication methods such as pictures, messages and videos. Since there is no limit between media and users on social media, everyone participates, contributes and gives feedback by sharing their opinions, ideas and information. Therefore, social movements can be easily planned, started and managed. In addition to many benefits of social media being such a medium, there are security drawbacks in many respects as well because the shares may contain harmful contents depending on the aim of the source. It also carries great risks in terms of social order, stability and security, especially as it mediates the sharing of harmful information without passing through a certain audit. Effective use of technology in the fight against terrorism may reduce the limitation regarding the rights and freedom. Thanks to the recently developing technology social media has started to be used effectively by law enforcement agencies. While the use of internet and social media in the fight against crime and terrorist organizations by law enforcement agencies were carried out with a reactive understanding in the past, a trend towards proactive understanding has started in our country recently. In this study, the current situation regarding the use of social media by law enforcement agencies in the fight against crime including terrorism was revealed. The deficiencies and needs in the use of social media in the fight against crime and in the detection of criminals were examined through qualitative research method. People who had worked or are still working on cyber-crimes in gendarmerie and police organizations were included in the interview of this study. The data was analyzed with descriptive analysis method which is among the qualitative research methods. The results of this study may shed light on the use of social media in the fight against terrorism and crime by the police and gendarmerie.

An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments.

In recent years, the Internet of Things (IoT) has exploded in popularity. The smart home, as an important facet of IoT, has gained its focus for smart intelligent systems. As users communicate with smart devices over an insecure communication medium, the sensitive information exchanged among them becomes vulnerable to an adversary. Thus, there is a great thrust in developing an anonymous authentication scheme to provide secure communication for smart home environments. Most recently, an anonymous authentication scheme for smart home environments with provable security has been proposed in the literature. In this paper, we analyze the recent scheme to highlight its several vulnerabilities. We then address the security drawbacks and present a more secure and robust authentication scheme that overcomes the drawbacks found in the analyzed scheme, while incorporating its advantages too. Finally, through a detailed comparative study, we demonstrate that the proposed scheme provides significantly better security and more functionality features with comparable communication and computational overheads with similar schemes.

Quantum designated verifier signature based on Bell states

Recently, Shi et al. proposed two quantum designated verifier signature (QDVS) schemes. First, we demonstrate the forgery attack and repudiation attack to Shi et al.’s quantum QDVS schemes. Then, a new QDVS scheme based on Bell states is proposed. Our scheme overcomes the security drawbacks of Shi et al.’s scheme. It is secure against forgery attack, repudiation attack, inter-resending attack, impersonation attack and Trojan horse attack. What is more, our scheme has a strong security. It can be proved to be information-theoretically secure. Our scheme also has the properties such as designated verification, non-transferability and hiding source. On the other hand, in our scheme, the partners need not use any quantum one-way function or perform any quantum state comparison algorithm. The qubit efficiency of our scheme can achieve 66.7%. Therefore, our scheme is more secure and efficient than the similar schemes.

IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment

With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.

EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUTING: PANACEA FOR MULTI-CLOUD SECURITY SNAGS

Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been over-viewed in this research paper. The objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.

Identity-based quantum signature scheme with strong security

Recently, Chen et al. proposed an identity-based quantum signature scheme (IDQSS). Their scheme has the advantages of the classical identity-based signature (IDS) scheme. However, Chen et al.’s scheme cannot resist against the private key generator (PKG)’s forgery attack. On the other hand, in their scheme, many rounds of quantum swap tests have to be performed by the verifier during the signature verification phase. To improve the security and efficiency of the IDQSS, a new IDQSS is proposed. In our scheme, the private key of the signer is generated by PKG according to the signer’s identity, which is used as the corresponding public key. The signer generates a quantum signature with her private key and the secret parameters shared with the verifier. Anyone can verify the quantum signature with the identity of the signer. Our scheme overcomes the security drawback of Chen et al.’s scheme and inherits the merits of the classical IDS system. It has the security properties such as information-theoretical security, non-repudiation and unforgeability. At the same time, in our scheme, the verifier need not perform any quantum swap test. Therefore, our IDQSS is more secure and efficient.