Dozens of two-factor authentication schemes have been proposed to secure real-time data access in industrial wireless sensor networks (WSNs). However, more often than not, the protocol designers advocate the merits of their scheme, but do not reveal (or unconsciously ignoring) the facets on which their scheme performs poorly. Such lack of an objective, comprehensive measurement leads to the unsatisfactory “break-fix-break-fix” cycle in this research area. In this paper, we make an attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes proposed by Wu et al. (2017) and Srinivas et al. (2017) to reveal the challenges and difficulties in designing a sound scheme, and conducting a measurement of 44 representative schemes under our evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs. This work would help increase awareness of current measurement issues and improve the scientific process in our field.

Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks

Consider the well-known oracle attack: somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits from this oracle attack, unless suitable checkings are carried out. In this paper we present a key recovery attack on various discrete log-based schemes working in a prime order subgroup. Our attack may reveal part of, or the whole secret key in most Diffie-Hellman-type key exchange protocols and some applications of ElGamal encryption and signature schemes.

A key recovery attack on discrete log-based schemes using a prime order subgroup

In one embodiment, a layered file system of a storage input/output (I/O) stack executes on one or more nodes of a cluster. The layered file system includes a flash-optimized, log-structured layer configured to provide sequential storage of data and metadata (i.e., a log-structured layout) on solid state drives (SSDs) of storage arrays in the cluster to reduce write amplification, while leveraging a data de-duplication feature of the storage I/O stack. An extent store layer of the file system performs and maintains mappings of the extent keys to SSD storage locations, while a volume layer of the file system performs and maintains mappings of the LUN offset ranges to the extent keys. Separation of the mapping functions between the volume and extent store layers enables different volumes with different offset ranges to reference a same extent key (and thus a same extent).

Global in-line extent-based deduplication

Recently, cellular phone networks have begun allowing third-party applications to run over certain open-API phone operating systems such as Windows Mobile, Iphone and Google’s Android platform. However, with this increased openness, the fear of rogue programs written to propagate from one phone to another becomes ever more real. This chapter proposes a counter-mechanism to contain the propagation of a mobile worm at the earliest stage by patching an optimal set of selected phones. The counter-mechanism continually extracts a social relationship graph between mobile phones via an analysis of the network traffic. As people are more likely to open and download content that they receive from friends, this social relationship graph is representative of the most likely propagation path of a mobile worm. The counter-mechanism partitions the social relationship graph via two different algorithms, balanced and clustered partitioning and selects an optimal set of phones to be patched first as those have the capability to infect the most number of other phones. The performance of these partitioning algorithms is compared against a benchmark random partitioning scheme. Through extensive trace-driven experiments using real IP packet traces from one of the largest cellular networks in the US, we demonstrate the efficacy of our proposed counter-mechanism in containing a mobile worm.

/pdf/a-social-network-based-patching-scheme-for-worm-containment-3rn85j5pef.pdf

A Social Network Based Patching Scheme for Worm Containment in Cellular Networks

A platform for secure monitoring and sharing of generic health data in the Cloud

In this paper, we propose a simple security framework for MQTT (for short, AugMQTT) by incorporating the AugPAKE protocol [16]. As a distinguishing feature, AugMQTT does not require any certificate validation checks and certificate revocation checks on both publishers/subscribers and broker sides. Also, we discuss several aspects of AugMQTT followed by performance overhead of the AugPAKE protocol. Finally, we explain implementation details of AugMQTT that makes use of MQTT open source project Mosquitto 1.4.9 [8] in order to incorporate the AugPAKE protocol.

A security framework for MQTT

An authentication system wherein a terminal apparatus (1) uses a master key generator (36) to generate, based on an input password and a predetermined calculation, a value MK, and further uses an authentication result judging part (37) to calculate, from the value MK, values V1 and V2, and wherein the terminal apparatus (1) transmits the value V1 to a server (2) The server (2) uses a master key generator (45) to generates, based on a password of server registration of the terminal apparatus (1) shared and stored in advance through safe communication means and based on a predetermined calculation, a value MK, and further uses an authentication result judging part (46) to calculate, from the value MK, values V1 and V2 The server (2) transmits the value V2 to the terminal apparatus (1) Mutual authentications are performed dependently on whether these values can be calculated based on the predetermined calculations

Authentication system, and remotely distributed storage system

Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review AKE protocols from a little bit different point of view, i.e. the relationship between information a client needs to possess (for authentication) and immunity to the respective leakage of stored secrets from a client side and a server side. Since the information leakage would be more conceivable than breaking down the underlying cryptosystems, it is desirable to enhance the immunity to the leakage. First and foremost, we categorize AKE protocols according to how much resilience against the leakage can be provided. Then, we propose new AKE protocols that have immunity to the leakage of stored secrets from a client and a server (or servers), respectively. And we extend our protocols to be possible for updating secret values registered in server(s) or password remembered by a client.

/pdf/leakage-resilient-authenticated-key-establishment-protocols-47hlibm0f1.pdf

Leakage-Resilient Authenticated Key Establishment Protocols

This document describes an efficient augmented password-only
authentication and key exchange (AugPAKE) protocol where a user
remembers a low-entropy password and its verifier is registered in the
intended server. In general, the user password is chosen from a small
set of dictionary words that allows an attacker to perform exhaustive
searches (i.e., off-line dictionary attacks). The AugPAKE protocol
described here is secure against passive attacks, active attacks, and
off-line dictionary attacks (on the obtained messages with
passive/active attacks), and also provides resistance to server
compromise (in the context of augmented PAKE security). In addition,
this document describes how the AugPAKE protocol is integrated into
the Internet Key Exchange Protocol version 2 (IKEv2). This document
defines an Experimental Protocol for the Internet community.

Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2

Network mobility introduces far more complexity than host mobility. Therefore, host mobility protocols such as Mobile IPv6 (MIPv6) need to be extended to support this new type of mobility. To address the extensions needed for network mobility, the IETF NEMO working group has recently standardized the network mobility basic support protocol in RFC 3963. However, in this RFC, it is not mentioned how authentication authorization and accounting (AAA) issues are handled in NEMO environment. Also, the use of IPsec to secure NEMO procedures does not provide robustness against leakage of stored secrets. To address this security issue and to achieve AAA with mobility, we propose new handover procedures to be performed by mobile routers and by visiting mobile nodes. This new handover procedure is based on leakage resilient-authenticated key establishment (LR-AKE) protocol. Using analytical models, we evaluate the proposed handover procedure in terms of handover delay which affects the session continuity. Our performance evaluation is based on transmission, queueing and encryption delays over wireless links

SeongHan Shin

Papers

A security framework for MQTT

Authentication system, and remotely distributed storage system

Leakage-Resilient Authenticated Key Establishment Protocols

Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2

LR-AKE-Based AAA for Network Mobility (NEMO) Over Wireless Links