Biblio

Designing an authentication method is a crucial component to secure privacy in information systems. Virtual Reality (VR) is a new interaction platform, in which the users can interact with natural behaviours (e.g. hand, gaze, head, etc.). In this work, we propose a novel authentication method in which user can perform hand motion in an eyes-free manner. We evaluate the usability and security between eyes-engage and eyes-free input with a pilot study. The initial result revealed our purposed method can achieve a trade-off between usability and security, showing a new way to behaviour-based authentication in VR.

Internet of Medical Things (IoMT) are getting popular in the smart healthcare domain. These devices are resource-constrained and are vulnerable to attack. As the IoMTs are connected to the healthcare network infrastructure, it becomes the primary target of the adversary due to weak security and privacy measures. In this regard, this paper proposes a security architecture for smart healthcare network infrastructures. The architecture uses various security components or services that are developed and deployed as virtual network functions. This makes the security architecture ready for future network frameworks such as OpenMANO. Besides, in this security architecture, only authenticated and trusted IoMTs serve the patients along with an encryption-based communication protocol, thus creating a secure, privacy-preserving and trusted healthcare network infrastructure.

The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.

Modern learning systems, say a tutoring platform, has many characteristics like digital data presentation with interactivity, mobility, which provides information about the study-content as per the learners understanding levels, intelligent learners behavior, etc. A sophisticated ubiquitous learner system maintains security and monitors the mischievous behavior of the learner, and authenticates and authorizes every learner, which is quintessential. Some of the existing security schemes aim only at single entry-point authentication, which may not suit to ubiquitous tutor platform. We propose a secured authentication scheme which is based on the information utility of the learner. Whenever a learner moves into a tutor platform, which has ubiquitous learner system technology, the system at first-begins with learners' identity authentication, and then it initiates trust evaluation after the successful authentication of the learner. Periodic credential verification of the learner will be carried out, which intensifies the authentication scheme of the system proposed. BAN logic has been used to prove the authentication in this system. The proposed authentication scheme has been simulated and analyzed for the indoor tutor platform environment.

In this paper, an attempt has been made to describe Kerberos authentication with multi factor authentication in context aware systems. Multi factor authentication will make the framework increasingly secure and dependable. The Kerberos convention is one of the most generally utilized security conventions on the planet. The security conventions of Kerberos have been around for a considerable length of time for programmers and other malware to Figure out how to sidestep it. This has required a quick support of the Kerberos convention to make it progressively dependable and productive. Right now, endeavor to help explain this by strengthening Kerberos with the assistance of multifaceted verification.

The recent advancements in ubiquitous sensing powered by Wireless Computing Technologies (WCT) and Cloud Computing Services (CCS) have introduced a new thinking ability amongst researchers and healthcare professionals for building secure and connected healthcare systems. The integration of Internet of Things (IoT) in healthcare services further brings in several challenges with it, mainly including encrypted communication through vulnerable wireless medium, authentication and access control algorithms and ownership transfer schemes (important patient information). Major concern of such giant connected systems lies in creating the data handling strategies which is collected from the billions of heterogeneous devices distributed across the hospital network. Besides, the resource constrained nature of IoT would make these goals difficult to achieve. Motivated by aforementioned deliberations, this paper introduces a novel approach in designing a security framework for edge-computing based connected healthcare systems. An efficient, multi-factor access control and ownership transfer mechanism for edge-computing based futuristic healthcare applications is the core of proposed framework. Data scalability is achieved by employing distributed approach for clustering techniques that analyze and aggregate voluminous data acquired from heterogeneous devices individually before it transits the to the cloud. Moreover, data/device ownership transfer scheme is considered to be the first time in its kind. During ownership transfer phase, medical server facilitates user to transfer the patient information/ device ownership rights to the other registered users. In order to avoid the existing mistakes, we propose a formal and informal security analysis, that ensures the resistance towards most common IoT attacks such as insider attack, denial of distributed service (DDoS) attack and traceability attacks.

The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to reality. Among the other MAR use cases, the incorporation of this MAR technology in the healthcare sector can elevate the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data available in this process, it is also highly vulnerable to all types of security threats. In this paper, an edge-based secure architecture is presented for a MAR healthcare application. Based on the ESSMAR architecture, a secure key management scheme is proposed for both the registration and authentication phases. Then the security of the proposed scheme is validated using formal and informal verification methods.

In order to realize the security authentication of information transmission between vehicle nodes in the vehicular ad hoc network, based on the certificateless public key cryptosystem and aggregate signature, a privacy-protected certificateless aggregate signature scheme is proposed, which eliminates the complicated certificate maintenance cost. This solution also solves the key escrow problem. By Communicating with surrounding nodes through the pseudonym of the vehicle, the privacy protection of vehicle users is realized. The signature scheme satisfies the unforgeability of an adaptive selective message attack under a random prophetic machine. The scheme meets message authentication, identity privacy protection, resistance to reply attacks.

Due to the low latency and high speed of 5G networks, the Internet of Vehicles (IoV) under the 5G network has been rapidly developed and has broad application prospects. The Third Generation Partnership Project (3GPP) committee has taken remote diagnosis as one of the development cores of IoV. However, how to ensure the security of remote diagnosis and maintenance services is also a key point to ensure vehicle safety, which is directly related to the safety of vehicle passengers. In this paper, we propose a secure and efficient authentication scheme based on extended chebyshev chaotic maps for remote diagnosis and maintenance in IoVs. In the proposed scheme, to provide strong security, anyone, such as the vehicle owner or the employee of the Vehicle Service Centre (VSC), must enter the valid biometrics and password in order to enjoy or provide remote diagnosis and maintenance services, and the vehicle and the VSC should authenticate each other to ensure that they are legitimate. The security analysis and performance evaluation results show that the proposed scheme can provide robust security with ideal efficiency.

With the rapid technological advancement of the universal internet of vehicles (UIoV), it becomes crucial to ensure safe and secure communication over the network, in an effort to achieve the implementation objective of UIoV effectively. A UIoV is characterized by highly dynamic topology, scalability, and thus vulnerable to various types of security and privacy attacks (i.e., replay attack, impersonation attack, man-in-middle attack, non-repudiation, and modification). Since the components of UIoV are constrained by numerous factors (e.g., low memory devices, low power), which makes UIoV highly susceptible. Therefore, existing schemes to address the privacy and security facets of UIoV exhibit an enormous scope of improvement in terms of time complexity and efficiency. This paper presents a lightweight authentication and batch verification scheme (LABVS) for UIoV using a bilinear map and cryptographic operations (i.e., one-way hash function, concatenation, XOR) to minimize the rate of message loss occurred due to delay in response time as in single message verification scheme. Subsequently, the scheme results in a high level of security and privacy. Moreover, the performance analysis substantiates that LABVS minimizes the computational delay and has better performance in the delay-sensitive network in terms of security and privacy as compared to the existing schemes.

Ensuring secure transmission over the communication channel is a fundamental responsibility to achieve the implementation objective of universal internet of vehicles (UIoV) efficiently. Characteristics like highly dynamic topology and scalability of UIoV makes it more vulnerable to different types of privacy and security attacks. Considerable scope of improvement in terms of time complexity and performance can be observed within the existing schemes that address the privacy and security aspects of UIoV. In this paper, we present an improvised authentication and lightweight batch verification method for security and privacy in UIoV. The suggested method reduces the message loss rate, which occurred due to the response time delay by implementing some low-cost cryptographic operations like one-way hash function, concatenation, XOR, and bilinear map. Furthermore, the performance analysis proves that the proposed method is more reliable that reduces the computational delay and has a better performance in the delay-sensitive network as compared to the existing schemes. The experimental results are obtained by implementing the proposed scheme on a desktop-based configuration as well as Raspberry Pi 4.

With the development of 5G communication technology, the status of the Internet of Vehicles in people's lives is greatly improved in the general trend of intelligent transportation. The combination of vehicles and Radio Frequency Identification (RFID) makes the application prospects of vehicle networking gradually expand. However, the wireless network of the Internet of Vehicles is open and mobile, so it can be easily stolen or tampered with by attackers. Moreover, it will cause serious traffic security problems and even threat people's lives. In this paper, we propose a lightweight authentication protocol for the Internet of Vehicles based on a mobile RFID system and give corresponding security requirements for modeling potential attacks. The protocol is based on the three-party mutual authentication, and uses bit-operated left-cycle shift operations and hetero-oriented operations to generate encrypted data. The simultaneous inclusion of triparty shared key information and random numbers makes the protocol resistant to counterfeit attacks, violent attacks, replay attacks and desynchronization attacks. Finally, a simulation analysis of the security protocol using the ProVerif tool shows that the protocol secures is not accessible to attackers during the data transfer, and achieve the three-party authentication between sensor nodes (SN), vehicle nodes (Veh) and backend servers.

Fog computing is a new distributed computing paradigm that extends the cloud to the network edge. Fog computing aims at improving quality of service, data access, networking, computation and storage. However, the security and privacy issues persist, even if many cloud solutions were proposed. Indeed, Fog computing introduces new challenges in terms of security and privacy, due to its specific features such as mobility, geo-distribution and heterogeneity etc. Blockchain is an emergent concept bringing efficiency in many fields. In this paper, we propose a new access control scheme based on blockchain technology for the fog computing with fault tolerance in the context of the Internet of Things. Blockchain is used to provide secure management authentication and access process to IoT devices. Each network entity authenticates in the blockchain via the wallet, which allows a secure communication in decentralized environment, hence it achieves the security objectives. In addition, we propose to establish a secure connection between the users and the IoT devices, if their attributes satisfy the policy stored in the blockchain by smart contract. We also address the blockchain transparency problem by the encryption of the users attributes both in the policy and in the request. An authorization token is generated if the encrypted attributes are identical. Moreover, our proposition offers higher scalability, availability and fault tolerance in Fog nodes due to the implementation of load balancing through the Min-Min algorithm.

The Fog is an emergent computing architecture that will support the mobility and geographic distribution of Internet of Things (IoT) nodes and deliver context-aware applications with low latency to end-users. It forms an intermediate layer between IoT devices and the Cloud. However, Fog computing brings many requirements that increase the cost of security management. It inherits the security and trust issues of Cloud and acquires some of the vulnerable features of IoT that threaten data and application confidentiality, integrity, and availability. Several existing solutions address some of the security challenges following adequate adaptation, but others require new and innovative mechanisms. These reflect the need for a Fog architecture that provides secure access, efficient authentication, reliable and secure communication, and trust establishment among IoT devices and Fog nodes. The Fog might be more convenient to deploy decentralized authentication solutions for IoT than the Cloud if appropriately designed. In this short survey, we highlight the Fog security challenges related to IoT security requirements and architectural design. We conduct a comparative study of existing Fog architectures then perform a critical analysis of different authentication schemes in Fog computing, which confirms some of the fundamental requirements for effective authentication of IoT devices based on the Fog, such as decentralization, less resource consumption, and low latency.

This paper describes an approach to the security fault tolerance of access control in which the security breaches of an access control are tolerated by means of a security fault tolerant (SFT) access control. Though an access control is securely designed and implemented, it can contain faults in development or be contaminated in operation. The threats to an access control are analyzed to identify possible security breaches. To tolerate the security breaches, an SFT access control is made to be semantically identical to an access control. Our approach is described using role-based access control (RBAC) and extended access control list (EACL). A healthcare system is used to demonstrate our approach.

As the hottest frontier technology in the field of artificial intelligence, machine learning is subverting various industries step by step. In the future, it will penetrate all aspects of our lives and become an indispensable technology around us. Among them, network security is an area where machine learning can show off its strengths. Among many network security problems, privacy protection is a more difficult problem, so it needs more introduction of new technologies, new methods and new ideas such as machine learning to help solve some problems. The research contents for this include four parts: an overview of machine learning, the significance of machine learning in network security, the application process of machine learning in network security research, and the application of machine learning in privacy protection. It focuses on the issues related to privacy protection and proposes to combine the most advanced matching algorithm in deep learning methods with information theory data protection technology, so as to introduce it into biometric authentication. While ensuring that the loss of matching accuracy is minimal, a high-standard privacy protection algorithm is concluded, which enables businesses, government entities, and end users to more widely accept privacy protection technology.

Controller Area Network is the prominent communication protocol in automotive systems. Its salient features of arbitration, message filtering, error detection, data consistency and fault confinement provide robust and reliable architecture. Despite of this, it lacks security features and is vulnerable to many attacks. One of the common attacks over the CAN communication is the replay attack. It can happen even after the implementation of encryption or authentication. This paper proposes a methodology of supressing the replay attacks by implementing authenticated encryption embedded with timestamp and pre-shared initialisation vector as a primary key. The major advantage of this system is its flexibility and configurability nature where in each layer can be chosen with the help of cryptographic algorithms to up to the entire size of the keys.

Nowadays, Internet Of Everything (IOE) has demanded for a wide range of applications areas. IOE is started to replaces an Internet Of things (IOT). IOE is a combination of massive number of computing elements and sensors, people, processes and data through the Internet infrastructure. Device to Device communication and interfacing of Wireless Sensor network with IOE can makes any system as a Smart System. With the increased the use of Internet and Internet connected devices has opportunities for hackers to launch attacks on unprecedented scale and impact. The IOE can serve the varied security in the various sectors like manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare and industrial ecosystems. To secure connections among people, process, data, and things, is a major challenge in Internet of Everything.. This paper focuses on various security Issues and Authentication Schemes in the IOE systems.

Modern verifiers for cryptographic protocols can analyze sophisticated designs automatically, but require the entire code of the protocol to operate. Compositional techniques, by contrast, allow us to verify each system component separately, against its own guarantees and assumptions about other components and the environment. Compositionality helps protocol design because it explains how the design can evolve and when it can run safely along other protocols and programs. For example, it might say that it is safe to add some functionality to a server without having to patch the client. Unfortunately, while compositional frameworks for protocol verification do exist, they require non-trivial human effort to identify specifications for the components of the system, thus hindering their adoption. To address these shortcomings, we investigate techniques for automated, compositional analysis of authentication protocols, using automata-learning techniques to synthesize assumptions for protocol components. We report preliminary results on the Needham-Schroeder-Lowe protocol, where our synthesized assumption was capable of lowering verification time while also allowing us to verify protocol variants compositionally.

The time-varying properties of the wireless channel are a powerful source of information that can complement and enhance traditional security mechanisms. Therefore, we propose a cross-layer authentication mechanism that combines physical layer channel information and traditional authentication mechanism in LTE. To verify the feasibility of the proposed mechanism, we build a cross-layer authentication system that extracts the phase shift information of a typical UE and use the ensemble learning method to train the fingerprint map based on OAI LTE. Experimental results show that our cross-layer authentication mechanism can effectively prompt the security of LTE system.

In today's world privacy is paramount in everyone's life. Alongside the growth of IoT (Internet of things), wearable devices are becoming widely popular for real-time user monitoring and wise service support. However, in contrast with the traditional short-range communications, these resource-scanty devices face various vulnerabilities and security threats during the course of interactions. Hence, designing a security solution for these devices while dealing with the limited communication and computation capabilities is a challenging task. In this work, PUF (Physical Unclonable Function) and lightweight cryptographic parameters are used together for performing two-way authentication between wearable devices and smartphone, while the simultaneous verification is performed by providing yoking-proofs to the Cloud Server. At the end, it is shown that the proposed scheme satisfies many security aspects and is flexible as well as lightweight.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Due to the mobility and openness of wireless body area networks (WBANs), the security of WBAN has been questioned by people. The patient's physiological information in WBAN is sensitive and confidential, which requires full consideration of user anonymity, untraceability, and data privacy protection in key agreement. Aiming at the shortcomings of Li et al.'s protocol in terms of anonymity and session unlinkability, forward/backward confidentiality, etc., a new anonymous mutual authentication and key agreement protocol was proposed on the basis of the protocol. This scheme only uses XOR and the one-way hash operations, which not only reduces communication consumption but also ensures security, and realizes a truly lightweight anonymous mutual authentication and key agreement protocol.

Emerging device-to-device (D2D) communication in 5th generation (5G) mobile communication networks and internet of things (loTs) provides many benefits in improving network capabilities such as energy consumption, communication delay and spectrum efficiency. D2D group communication has the potential for improving group-based services including group games and group discussions. Providing security in D2D group communication is the main challenge to make their wide usage possible. Nevertheless, the issue of security and privacy of D2D group communication has been less addressed in recent research work. In this paper, we propose an authentication and key agreement tree group-based (AKATGB) protocol to realize a secure and anonymous D2D group communication. In our protocol, a group of D2D users are first organized in a tree structure, authenticating each other without disclosing their identities and without any privacy violation. Then, D2D users negotiate to set a common group key for establishing a secure communication among themselves. Security analysis and performance evaluation of the proposed protocol show that it is effective and secure.

Nowadays, Vehicular Ad hoc Networks (VANETs) are popularly known as they can reduce traffic and road accidents. These networks need several security requirements, such as anonymity, data authentication, confidentiality, traceability and cancellation of offending users, unlinkability, integrity, undeniability and access control. Authentication of the data and sender are most important security requirements in these networks. So many authentication schemes have been proposed up to now. One of the well-known techniques to provide users authentication in these networks is the authentication based on the smartcard (ASC). In this paper, we propose an ASC scheme that not only provides necessary security requirements such as anonymity, traceability and unlinkability in the VANETs but also is more efficient than the other schemes in the literatures.