03 Mar 2017-IEEE Access (IEEE)-Vol. 5, pp 3376-3392
TL;DR: This work presents a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry and presents a comprehensive heuristic security analysis to show that the protocol is secure against all the possible attacks and provides the desired security features.
Abstract: Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.
TL;DR: A user authentication protocol scheme with privacy protection for IIoT is proposed and the security of the proposed scheme is proved under a random oracle model, and other security discussions show that the proposed protocol is robust to various attacks.
Abstract: Wireless sensor networks (WSNs) play an important role in the industrial Internet of Things (IIoT) and have been widely used in many industrial fields to gather data of monitoring area. However, due to the open nature of wireless channel and resource-constrained feature of sensor nodes, how to guarantee that the sensitive sensor data can only be accessed by a valid user becomes a key challenge in IIoT environment. Some user authentication protocols for WSNs have been proposed to address this issue. However, previous works more or less have their own weaknesses, such as not providing user anonymity and other ideal functions or being vulnerable to some attacks. To provide secure communication for IIoT, a user authentication protocol scheme with privacy protection for IIoT has been proposed. The security of the proposed scheme is proved under a random oracle model, and other security discussions show that the proposed protocol is robust to various attacks. Furthermore, the comparison results with other related protocols and the simulation by NS-3 show that the proposed protocol is secure and efficient for IIoT.
TL;DR: An attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes and conducting a measurement of 44 representative schemes under this evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs.
Abstract: Dozens of two-factor authentication schemes have been proposed to secure real-time data access in industrial wireless sensor networks (WSNs). However, more often than not, the protocol designers advocate the merits of their scheme, but do not reveal (or unconsciously ignoring) the facets on which their scheme performs poorly. Such lack of an objective, comprehensive measurement leads to the unsatisfactory “break-fix-break-fix” cycle in this research area. In this paper, we make an attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes proposed by Wu et al. (2017) and Srinivas et al. (2017) to reveal the challenges and difficulties in designing a sound scheme, and conducting a measurement of 44 representative schemes under our evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs. This work would help increase awareness of current measurement issues and improve the scientific process in our field.
179 citations
Cites background or methods from "Lightweight Three-Factor Authentica..."
...To our knowledge, this work, following the existing works in [14], [43], [44] while introducing new perspectives, is one of the few...
[...]
...More specifically, the criteria set in [86] primarily comprises of our criteria C-2∼C-5, and thus the differences between the schemes proposed in 2010 (see [81]–[83]) and the schemes in 2017 (see [44], [56], [66]) cannot be distin-...
[...]
..., [44], [56], [66]) generally perform much better....
[...]
...’s [44] schemes adopt the “fuzzy-verifier” technique to achieve the criteria C-2, C-4, and C-9 simultaneously (see Section IV-D)....
TL;DR: A new lightweight authentication mechanism in cloud-based IoT environment, called LAM-CIoT, which offers better security, and low communication and computation overheads as compared to the closely related authentication schemes.
TL;DR: This paper proposes a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment that consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node.
Abstract: Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new biometric-based privacy preserving user authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using preestablished key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known real-or-random model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.
TL;DR: A privacy and availability data clustering (PADC) scheme based on a differential privacy algorithm and differential privacy, which enhances the selection of the initial center points and the distance calculation method from other points to center point, and attempts to reduce the outlier effect through detecting outliers during the clustering process.
Abstract: The ever-growing demand for electrical energy of sensing devices in the Internet of Things (IoT) has led to generating large amounts of electricity consumption data. Electricity service providers often use wireless sensor networks to collect sensing devices’ electricity consumption data for statistical analysis, so as to provide sensing devices with improved electrical services. As an important data mining technique, while data clustering excels in dealing with such massive data, it imposes the risk of privacy disclosure in the process of data clustering. In an effort of solving this problem, Blum et al. proposed a differential privacy $ {k}$ -means algorithm, effectively preventing privacy disclosure. However, the availability of data clustering results is reduced due to the data distortion in Blum’s algorithm. In this paper, we propose a privacy and availability data clustering (PADC) scheme based on $ {k}$ -means algorithm and differential privacy, which enhances the selection of the initial center points and the distance calculation method from other points to center point. Moreover, PADC attempts to reduce the outlier effect through detecting outliers during the clustering process. Security analysis indicates that our scheme satisfies the goal of differential privacy and prevents privacy information disclosure. Meanwhile, performance evaluation shows that our scheme, at the same privacy level, improves the availability of clustering results compared to the existing differential privacy $ {k}$ -means algorithms, suggesting that our proposed PADC scheme outperforms others for intelligent electrical service in IoT.
157 citations
Cites background from "Lightweight Three-Factor Authentica..."
...Furthermore, managers can use wireless sensor network (WSN) [5] and device-to-device communications [6]–[8], formed by multiple sensor nodes communicating with one another, to obtain large volumes of electricity data in real time....
[...]
...This layer is essentially a WSN, formed by multiple sensor nodes communicating with one another....
[...]
...Under the IoT framework, the perception layer technology flexibly supports WSNs with various node scales, under which the electricity consumption data is uploaded to the network layer and further passed to the application layer for data integration and analysis....
[...]
...In an effort of providing better electricity services, providers utilize WSNs for collecting electricity consumption data for data clustering analysis....
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Abstract: Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
TL;DR: This work provides formal definitions and efficient secure techniques for turning biometric information into keys usable for any cryptographic application, and reliably and securely authenticating biometric data.
Abstract: We provide formal definitions and efficient secure techniques for
turning biometric information into keys usable for any cryptographic application, and
reliably and securely authenticating biometric data.
TL;DR: In this paper, the authors examined the noise characteristics of the power signals and developed an approach to model the signal-to-noise ratio (SNR) using a multiple-bit attack.
Abstract: This paper examines how monitoring power consumption signals might breach smart-card security. Both simple power analysis and differential power analysis attacks are investigated. The theory behind these attacks is reviewed. Then, we concentrate on showing how power analysis theory can be applied to attack an actual smart card. We examine the noise characteristics of the power signals and develop an approach to model the signal-to-noise ratio (SNR). We show how this SNR can be significantly improved using a multiple-bit attack. Experimental results against a smart-card implementation of the Data Encryption Standard demonstrate the effectiveness of our multiple-bit attack. Potential countermeasures to these attacks are also discussed.
TL;DR: In this article, the authors describe a fuzzy vault construction that allows Alice to place a secret value /spl kappa/ in a secure vault and lock it using an unordered set A of elements from some public universe U. If Bob tries to "unlock" the vault using B, he obtains the secret value if B is close to A, i.e., only if A and B overlap substantially.
Abstract: We describe a simple and novel cryptographic construction that we call a fuzzy vault. Alice may place a secret value /spl kappa/ in a fuzzy vault and "lock" it using an unordered set A of elements from some public universe U. If Bob tries to "unlock" the vault using an unordered set B, he obtains /spl kappa/ only if B is close to A, i.e., only if A and B overlap substantially.
TL;DR: It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.
Abstract: We introduce a new class of public-key functions involving a number n = pq having two large prime factors. As usual, the key n is public, while p and q are the private key used by the issuer for production of signatures and function inversion. These functions can be used for all the applications involving public-key functions proposed by Diffie and Hellman, including digitalized signatures. We prove that for any given n, if we can invert the function y = E (x1) for even a small percentage of the values y then we can factor n. Thus, as long as factorization of large numbers remains practically intractable, for appropriate chosen keys not even a small percentage of signatures are forgeable. Breaking the RSA function is at most hard as factorization, but is not known to be equivalent to factorization even in the weak sense that ability to invert all function values entails ability to factor the key. Computation time for these functions, i.e. signature verification, is several hundred times faster than for the RSA scheme. Inversion time, using the private key, is comparable. The almost-everywhere intractability of signature-forgery for our functions (on the assumption that factoring is intractable) is of great practical significance and seems to be the first proved result of this kind.
1,292 citations
"Lightweight Three-Factor Authentica..." refers background in this paper
...The Rabin cryptosystem [57], [58] is a public key cryptographic primitive based on integer factorization....