The goal of this work is to develop a key exchange solution for IPsec protocol, adapted to the restricted nature of the Internet of Things (IoT) components. With the emergence of IP-enabled wireless sensor networks (WSNs), the landscape of IoT is rapidly changing. Nevertheless, this technology has exacerbated the conventional security issues in WSNs, such as the key exchange problem. Therefore, Tiny Authenticated Key Exchange Protocol for IoT (TAKE-IoT) is proposed to solve this problem. The proposed TAKE-IoT is a secure, yet efficient, protocol that responds to several security requirements and withstands various types of known attacks. Moreover, TAKE-IoT aims to reduce computation costs using lightweight operations for the key generation. The proposed protocol is validated using the automated validation of internet security protocols and applications (AVISPA) tool. Hence, results show that TAKE-IoT can reach a proper level of security without sacrificing its efficiency in the context of IoT.

TAKE-IoT: Tiny Authenticated Key Exchange Protocol for the Internet of Things

Internet of Things is a promising technology but it also increases numerous security threats in data transmission. To secure neighboring sensing devices' communication in an IoT environment, a key agreement protocol is primordial. Various IoT data transmission mechanisms have been proposed in the literature to attain security. However, these propositions are not completely secure against all types of attacks. In this paper, a new certificate-based was proposed lightweight authentication and key agreement protocol for the IoT environment. The proposed protocol uses Elliptic Curves Cryptography and minimizes the number of operations needed to generate secret keys. Moreover, performed a detailed informal security analysis, and formal security verification using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, through which demonstrated that the proposed protocol is resilient against numerous known attacks. The implementation of the proposed protocol using the simulator to evaluate the impact of the proposed protocol on several network parameters.

Device Access Control and Key Exchange (DACK) Protocol for Internet of Things

Performing location-based services in a secure and efficient manner that remains a huge challenge for the Internet of Vehicles with numerous privacy and security risks. However, most of the existing privacy protection schemes are based on centralized location servers, which makes them all have a common drawback of a single point of failure and leaking user privacy. The employment of anonymity and cryptography is a well-known solution to the above problem, but its expensive resource consumption and complex cryptographic operations are difficult problems to solve. Based on this, designing a distributed and privacy-secure privacy protection scheme for the Internet of Vehicles is an urgent issue for the smart city. In this paper, we propose a privacy protection scheme for the Internet of Vehicles based on privacy set intersection. Specially, using privacy set intersection and blockchain techniques, we propose two protocols, that is, a dual authentication protocol and a service recommendation protocol. The double authentication protocol not only ensures that both communicating parties are trusted users, but also ensures the reliability of their session keys; while the service recommendation protocol based on pseudorandom function and one-way hash function can well protect the location privacy of users from being leaked. Finally, we theoretically analyze the security that this scheme has, i.e., privacy security, non-repudiation, and anti-man-in-the-middle attack.

/pdf/privacy-protection-scheme-for-the-internet-of-vehicles-based-d5le5huu.pdf

Privacy Protection Scheme for the Internet of Vehicles Based on Private Set Intersection

In vehicular communications, in-vehicle devices’ mobile and multihoming characteristics bring new requirements for device security authentication. On the one hand, the existing network layer authentication methods rely on the PKI system; on the other hand, key negotiation needs interaction. These two points determine that the traditional security authentication method requires bandwidth consumption and additional delay. It is unsuitable for heterogeneous wireless scenarios with a high packet loss rate and limited bandwidth resources. In addition, the establishment of a security association state is contrary to the original design that the network layer only provides a forwarding function. We proposed a non-interactive multihoming security authentication (NIMSA) scheme, a stateless network layer security authentication scheme triggered by data forwarding. Our scheme adopts an identity-based non-interactive key agreement strategy to avoid the interaction of signaling information, which is lightweight and has good support for mobile and multipath parallel transmission scenarios. The comparison with IKEv2 and its mobility and multihoming extension scheme (MOBIKE) shows that the proposed scheme has shorter authentication and handover delay and data transmission delay and can bring better bandwidth aggregation effect in the scenario of multipath parallel transmission.

NIMSA: Non-Interactive Multihoming Security Authentication Scheme for vehicular communications in Mobile Heterogeneous Networks

In this paper, we cryptanalyze the authentication scheme proposed by Wang et al. [1] by pointing out that their scheme of authentication is vulnerable to several attacks. Afterwards, an Enhanced Secure Authentication Scheme (E-SAS) is presented to solve the security flaws of SAS. The informal security analysis and the formal security verification by the AVISPA tool illustrate that E-SAS is secure face to several active and passive security attacks. Therefore, the performance and security comparisons demonstrate that the E-SAS ensures robust security with less communication and computational overhead.

An Enhanced of Secure Authentication Scheme for the Internet of Things

Security analysis on “Three-factor authentication protocol using physical unclonable function for IoV”

IPSec is a framework of open standards for providing secure communications over internet protocol IP networks. The kernel of the IP security architecture is the internet key exchange protocol IKE. IKE is an automatic method for key exchange and confidential parameters used in AH and ESP encapsulation. However, IKE protocol has a number of weaknesses; the two most important ones are the high complexity of the protocol and the vulnerability to passive and active attacks. To deal with these problems, several improvements have been proposed. In this paper, we propose a new IKE protocol based on elliptic curve cryptography, which aims to achieve a high-security level and efficiency. The security analysis and formal verification using automated validation of internet security protocols and applications AVISPA tools show that our contribution can resist to various attack types such as modification, reflection, replay, DoS and man-in-the-middle. The comparison between our proposed IKE protocol and other IKE protocols shows that our new protocol is more efficient with less computation complexity.

Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol

In the era of the Fourth Industrial Revolution, cybercriminals are targeting critical infrastructures such as traffic light systems and smart grids. A major concern is the security of such systems, which can be broken down into a number of categories, such as the authentication of data collection devices, secure data transmission, and use of the data by authorized and authenticated parties. The majority of research studies in the literature have largely focused on data integrity and user authentication. So far, no published work has addressed the security of a traffic light system from data collection to data access. Furthermore, it is evident that the conventional cloud computing architecture is incapable of analyzing and managing the massive amount of generated data. As a result, the fog computing paradigm combined with blockchain technology may be the best way to ensure data privacy in a decentralized manner while reducing overheads, latency, and maintaining security. This paper presents a blockchain-based authentication scheme named VDAS using the fog computing paradigm. The formal and informal verifications of the proposed solution are presented. The evaluation of the proposed scheme VDAS showed that it has low communication and computation costs compared to existing lightweight authentication techniques.

/pdf/blockchain-based-authentication-scheme-for-collaborative-17uqvdo9.pdf

Marwa Ahmim

Papers

TAKE-IoT: Tiny Authenticated Key Exchange Protocol for the Internet of Things

Security analysis on “Three-factor authentication protocol using physical unclonable function for IoV”

Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol

Blockchain-Based Authentication Scheme for Collaborative Traffic Light Systems Using Fog Computing

An Enhanced of Secure Authentication Scheme for the Internet of Things