Showing papers on "Message authentication code published in 2020"

A Hybrid BlockChain-Based Identity Authentication Scheme for Multi-WSN

Abstract: Internet of Things (IoT) equipment is usually in a harsh environment, and its security has always been a widely concerned issue. Node identity authentication is an important means to ensure its security. Traditional IoT identity authentication protocols usually rely on trusted third parties. However, many IoT environments do not allow such conditions, and are prone to single point failure. Blockchain technology with decentralization features provides a new solution for distributed IoT system. In this paper, a blockchain based multi-WSN authentication scheme for IoT is proposed. The nodes of IoT are divided into base stations, cluster head nodes and ordinary nodes according to their capability differences, which are formed to a hierarchical network. A blockchain network is constructed among different types of nodes to form a hybrid blockchain model, including local chain and public chain. In this hybrid model, nodes identity mutual authentication in various communication scenarios is realized, ordinary node identity authentication operation is accomplished by local blockchain, and cluster head node identity authentication are realized in public blockchain. The analysis of security and performance shows that the scheme has comprehensive security and better performance.

Cloud Centric Authentication for Wearable Healthcare Monitoring System

Abstract: Security and privacy are the major concerns in cloud computing as users have limited access on the stored data at the remote locations managed by different service providers. These become more challenging especially for the data generated from the wearable devices as it is highly sensitive and heterogeneous in nature. Most of the existing techniques reported in the literature are having high computation and communication costs and are vulnerable to various known attacks, which reduce their importance for applicability in real-world environment. Hence, in this paper, we propose a new cloud based user authentication scheme for secure authentication of medical data. After successful mutual authentication between a user and wearable sensor node, both establish a secret session key that is used for future secure communications. The extensively-used Real-Or-Random (ROR) model based formal security analysis and the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool based formal security verification show that the proposed scheme provides the session-key security and protects active attacks. The proposed scheme is also informally analyzed to show its resilience against other known attacks. Moreover, we have done a detailed comparative analysis for the communication and computation costs along with security and functionality features which proves its efficiency in comparison to the other existing schemes of its category.

HomeChain: A Blockchain-Based Secure Mutual Authentication System for Smart Homes

Abstract: Increasingly, governments around the world, particularly in technologically advanced countries, are exploring or implementing smart homes, or the related smart facilities for the benefits of the society. The capability to remotely access and control Internet of Things (IoT) devices (e.g., capturing of images, audios, and other information) is convenient but risky, as vulnerable devices can be exploited to conduct surveillance or perform other nefarious activities on the users and organizations. This highlights the necessity of designing a secure and efficient remote user authentication solution. Most of the existing solutions for this problem are generally based on a single-server architecture, which has limitations in terms of privacy and anonymity (leading to users’ daily activities being predicted), and integrity and confidentiality (resulting in an unreliable behavior auditing). While blockchain-based solutions may mitigate these issues, they still face some critical challenges (e.g., providing regulation of behaviors and privacy protection of access policy). Motivated by these facts, in this article, we construct a novel secure mutual authentication system, which can be applied in smart homes and other applications. Specifically, the proposed approach integrates blockchain, group signature, and message authentication code to provide reliable auditing of users’ access history, anonymously authenticate group members, and efficiently authenticate home gateway, respectively. We also prove the security and privacy requirements, including anonymity, traceability, and confidentiality, that the proposed system satisfies, with an implementation and evaluation to demonstrate its practicality.

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd

Abstract: The WPA3 certification aims to secure home networks, while EAP-pwd is used by certain enterprise Wi-Fi networks to authenticate users. Both use the Dragonfly handshake to provide forward secrecy and resistance to dictionary attacks. In this paper, we systematically evaluate Dragonfly’s security. First, we audit implementations, and present timing leaks and authentication bypasses in EAP-pwd and WPA3 daemons. We then study Dragonfly’s design and discuss downgrade and denial-of-service attacks. Our next and main results are side-channel attacks against Dragonfly’s password encoding method (e.g. hash-to-curve). We believe that these side-channel leaks are inherent to Dragonfly. For example, after our initial disclosure, patched software was still affected by a novel side-channel leak. We also analyze the complexity of using the leaked information to brute-force the password. For instance, brute-forcing a dictionary of size 1010 requires less than $1 in Amazon EC2 instances. These results are also of general interest due to ongoing standardization efforts on Dragonfly as a TLS handshake, Password-Authenticated Key Exchanges (PAKEs), and hash-to-curve. Finally, we discuss backwards-compatible defenses, and propose protocol fixes that prevent attacks. Our work resulted in a new draft of the protocols incorporating our proposed design changes.

A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT)

Abstract: Internet of Things (IoT) enables the interconnection of physical and virtual objects that are managed by various types of hardware, software, and communication technologies. The large-scale deployment of IoT is actually enabling smart cities, smart factories, smart health, and many other applications and initiatives all over the world. Indeed, according to a recent Gartner study, 50 billion connected objects will be deployed by 2020. IoT will make our cities and daily applications smart. However, IoT technologies also open up multiple risks and privacy issues. Due to hardware limitations of IoT objects, implementing and deploying robust and efficient security and privacy solutions for the IoT environment remains a significant challenge. One-time password (OTP) is an authentication scheme that represents a promising solution for IoT and smart cities environments. We extend the OTP principle and propose a novel approach of OTP generation that relies on elliptic curve cryptography and isogeny in order to ensure IoT security. We evaluate the efficacy of our approach with a real implementation and compared its performance with two other approaches namely, hash message authentication code-based OTP and time-based OTP. The performance results obtained demonstrate the efficiency and effectiveness of our approach in terms of security and performance.

LPPA: Lightweight Privacy-Preserving Authentication From Efficient Multi-Key Secure Outsourced Computation for Location-Based Services in VANETs

Abstract: Location-based service (LBS) in vehicular ad hoc networks (VANETs) has significantly benefited information acquisition from geographically-based social networking. Authentication guarantees the unforgeability and the effectiveness of the LBS information. Unfortunately, owing to a large quantity of redundant or useless LBS messages disseminated in VANETs, the heavy authentication overhead of the existing work adopting a periodically released authentication key, filtering with message identifiers or exploiting public key (fully) homomorphic encryption (FHE), is either intolerable by resource-constrained on-board units (OBUs) or inappropriate to the realtime controlling requirement for VANETs. In this paper, an efficient multi-key secure outsourced computation scheme MSOC without exploiting public key FHE is first proposed, in the setting of two non-colluding servers, namely the cloud and the cryptographic service provider (CSP). Then, based on MSOC, an efficient and secure comparison protocol LSCP is devised, without the interaction between the server and the users. Furthermore, a lightweight privacy-preserving authentication protocol LPPA for LBS in VANETs is proposed, by eliminating duplicate and useless encrypted LBS messages before authentication is executed, through a newly devised efficient privacy-preserving information filtering system. Both user’s location privacy and interest privacy are well protected against even the collusion between the roadside units (RSUs) serving as the cloud (or CSP) and malicious users. Especially, the property of ciphertext re-encryption of our proposed MSOC also guarantees the interest pattern privacy whether two users accept the same LBS information. Finally, formal security proof and extensive simulation results verify the effectiveness and practicability of our proposed LPPA.

CSEF: Cloud-Based Secure and Efficient Framework for Smart Medical System Using ECC

Abstract: Smart architecture is the concept to manage the facilities via internet utilization in a proper manner. There are various technologies used in smart architecture such as cloud computing, internet of things, green computing, automation and fog computing. Smart medical system (SMS) is one of the application used in architecture, which is based on communication networking along with sensor devices. In SMS, a doctor provides online treatment to patients with the help of cloud-based applications such as mobile device, wireless body area network, etc. Security and privacy are the major concern of cloud-based applications in SMS. To maintain, security and privacy, we aim to design an elliptic curve cryptography (ECC) based secure and efficient authentication framework for cloud-assisted SMS. There are six phases in the proposed protocol such as: patient registration phase, healthcare center upload phase, patient data upload phase, treatment phase, checkup phase and emergency phase. In CSEF, there are four entities like healthecare center, patient, cloud and doctor. In CSEF, mutual authentication establishes between healthcare center and cloud, patient and cloud, doctor and cloud, and patient and healthcare center by the using ECC and hash function. The CSEF is secure against security attacks, and satisfies many security attributes such as man-in-the-middle attack, impersonation attack, data non-repudiation, doctor anonymity, replay attack, known-key security property, message authentication, patient anonymity, data confidentiality, stolen-verifier attack, parallel session attack and session key security. Further, the CSEF is efficient in terms of computation and communication compared to others related frameworks. As a result, CSEF can be utilized in cloud-based SMS.

Physical Layer based Message Authentication with Secure Channel Codes

Abstract: In this paper, we investigate physical (PHY) layer message authentication to combat adversaries with infinite computational capacity. Specifically, a PHY-layer authentication framework over a wiretap channel ( $W_1,W_2$ W 1 , W 2 ) is proposed to achieve information-theoretic security with the same key. We develop a theorem to reveal the requirements/conditions for the authentication framework to be information-theoretic secure for authenticating a polynomial number of messages in terms of $n$ n . Based on this theorem, we design an authentication protocol that can guarantee the security requirements, and prove its authentication rate can approach infinity when $n$ n goes to infinity. Furthermore, we design and implement a feasible and efficient message authentication protocol over binary symmetric wiretap channel (BSWC) by using Linear Feedback Shifting Register based (LFSR-based) hash functions and strong secure polar code. Through extensive simulations, it is demonstrated that the proposed protocol can achieve high authentication rate, with low time cost and authentication error rate.

IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment

Abstract: With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.

Trust Management Scheme Based on Hybrid Cryptography for Secure Communications in VANETs

Abstract: Vehicular Ad hoc Networks (VANETs) are used to improve traffic management and reduce the number of road accidents by providing safety applications. However, VANETs are susceptible to a number of security attacks from malicious entities. To secure the network against these attacks, most of the researchers have proposed various security schemes based on cryptography and trust management. While both cryptography and trust management are effective to some extent, each scheme has some flaw to fully secure the network. In this paper, we propose a trust management scheme based on hybrid cryptography (TMHC) to secure VANET to a larger extent. As authentication is an integral part of trust establishment and secure communications between vehicles, the proposed TMHC integrates hybrid cryptography based authentication for efficient and robust trust management scheme. The hybrid cryptography includes, asymmetric identity-based (ID-based) digital signature and symmetric hash message authentication code (HMAC). The trusted road-side unit (RSU) evaluates trust-value, whereas, agent trusted authority (ATA) computes trust-value of vehicle based on its reward-points. The results are gained with extensive simulations to validate the proposed scheme. The results show that the proposed scheme meets security requirements and performs effectively. The communication overhead, computation overhead, storage overhead, and end-to-end delay of the proposed scheme were improved by 6% to 15%, 9% to 23%, 7% to 19%, and 4% to 15.85%, respectively, as compared to existing schemes.

Physical Layer Security: Authentication, Integrity and Confidentiality

Abstract: The goal of physical layer security (PLS) is to make use of the properties of the physical layer—including the wireless communication medium and/or the transceiver hardware—to enable critical aspects of secure communications. In particular, PLS can be employed to provide (a) node authentication, (b) message authentication, and (c) message confidentiality. Unlike the corresponding classical cryptographic approaches which are all based on computational security, PLS’s added strength is that it is based on information theoretic security, in which no limitation with respect to the opponent’s computational power is assumed and is therefore inherently quantum resistant. In this survey, we review the aforementioned fundamental aspects of PLS, starting with node authentication, moving to the information theoretic characterization of message integrity, and finally, discussing message confidentiality both in the secret key generation from shared randomness and from the wiretap channel point of view. The aim of this review is to provide a comprehensive road-map on important relevant results by the authors and other contributors and discuss open issues on the applicability of PLS in sixth generation systems.

Using Feature Fusion Strategies in Continuous Authentication on Smartphones

Abstract: With the increasing prevalence of mobile devices, people prefer to use smartphones to make payments, take photos, and collect personal vital information. Due to the high possibility of smartphone illegal access, the security and privacy of the devices become more important and critical. In this article, we present FusionAuth, a sensor-based continuous authentication system leveraging the accelerometer, gyroscope, and magnetometer on smartphones to capture users’ behavioral patterns. In order to improve the authentication performance and enhance system reliability, we are among the first to utilize two feature fusion strategies of serial feature fusion and parallel feature fusion to combine the designed features from the three sensors in the feature extraction module. Based on the trained one-class support vector domain description classifier, we evaluate the authentication performance of FusionAuth in terms of impact of window size and user size, and accuracy on different users. The experimental results demonstrate that FusionAuth reaches 1.47% mean balanced error rate with the serial fusion and achieves 1.79% mean BER with the parallel fusion.

SENTINEL: A Secure and Efficient Authentication Framework for Unmanned Aerial Vehicles

Abstract: Extensive use of unmanned aerial vehicles (commonly referred to as a “drone”) has posed security and safety challenges. To mitigate security threats caused by flights of unauthorized drones, we present a framework called SENTINEL (Secure and Efficient autheNTIcation for uNmanned aErial vehicLes) under the Internet of Drones (IoD) infrastructure. SENTINEL is specifically designed to minimize the computational and traffic overheads caused by certificate exchanges and asymmetric cryptography computations that are typically required for authentication protocols. SENTINEL initially generates a flight session key for a drone having a flight plan and registers the flight session key and its flight plan into a centralized database that can be accessed by ground stations. The registered flight session key is then used as the message authentication code key to authenticate the drone by any ground station while the drone is flying. To demonstrate the feasibility of the proposed scheme, we implemented a prototype of SENTINEL with ECDSA, PBKDF2 and HMAC-SHA256. The experiment results demonstrated that the average execution time of the authentication protocol in SENTINEL was about 3.1 times faster than the “TLS for IoT” protocol. We also formally proved the security of SENTINEL using ProVerif that is an automatic cryptographic protocol verifier.

MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks

Abstract: Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN , that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.

Secure and Efficient Privacy-Preserving Authentication Scheme for 5G Software Defined Vehicular Networks

Abstract: Vehicular networks provide various applications for vehicles to improve road safety and traffic efficiency as well as infotainment. Security and privacy are of great importance for the deployment of vehicular networks. However, how to efficiently secure vehicular networks with privacy-preserving remains a big challenge. Many solutions have been proposed in the past decade, but most of them either rely too much on the ideal tamper-proofed devices or not being efficient enough for scenarios with high vehicle density. Meanwhile, in recent years, great progresses have been made in both the Long-Term Evolution (LTE) and the fifth-generation (5G) wireless network based vehicular networks. The 5G enabled vehicular networks are envisioned to support higher data transmission rate and a larger number of connected devices than the 802.11p and LTE based networks. Noting the great potential of 5G technology, in this paper we explore a new architecture of 5G software defined vehicular network and propose a secure and efficient privacy preserving authentication scheme for vehicular networks. The proposed scheme uses elliptic-curve public-key cryptography and a registration list to achieve efficient message authentication and to avoid the usage of ever-growing certificate revocation list. The security analysis shows that the proposed scheme has strong security guarantees without using the ideal tamper-proofed devices. Simulation results exhibit that the proposed scheme has ultra low computational overhead and packet loss ratio.

Using Blockchain for Improved Video Integrity Verification

Abstract: A video record plays a crucial role in providing evidence for crime scenes or road accidents However, the main problem with the video record is that it is often vulnerable to various video tampering attacks Although visual evidence is required to conduct an integrity verification before investigations, it is still difficult for human vision to detect a forgery In this paper, we propose a novel video integrity verification method (IVM) that takes advantage of a blockchain framework The proposed method employs an effective blockchain model in centralized video data, by combining a hash-based message authentication code and elliptic curve cryptography to verify the integrity of a video In our method, video content with a predetermined size (segments) is key-hashed in a real-time manner and stored in a chronologically chained fashion, thus establishing an irrefutable database The verification process applies the same procedure to the video segment and generates a hash value that can be compared with the hash in the blockchain The proposed IVM is implemented on a PC environment, as well as on an accident data recorder-embedded system for verification The experimental results show that the proposed method has better detection capabilities and robustness toward various kinds of tampering, such as copy-move, insert, and delete, as compared to other state-of-the-art methods An analysis based on execution time along with an increase in the number of blocks within the blockchain shows a minimal overhead in the proposed method

Analysis of the Security of Internet of Multimedia Things

Abstract: To study the security performance of the Internet of multimedia things on the privacy protection of user identity, behavior trajectory, and preference under the new information technology industry wave, in this study, aiming at the problems of the sharing of Internet of things perception data and the exposure of users’ privacy information, the Anonymous Batch Authentication Scheme (ABAH) for privacy protection is designed. Hash-based Message Authentication Code is used to cancel the list-checking process and analyze its security performance. Compared with the methods of elliptic curve digital signature algorithm, Bayes least-square method, identity-based bulk verification, anonymous batch authentication and key protocol, conditional privacy authentication scheme, and expert message authentication protocol, the transmission delay, packet loss rate, and computation cost are studied without considering the undo list and during the undo check. The results show that with the increase of information size, the transmission delay and packet loss rate also increase, and the transmission delay of ABAH increases by about 15%, while the correlation between speed and transmission delay is small. In the case of the same amount of validation information, ABAH has the highest validation efficiency, and it still has an efficient validation effect in the case of invalid information. The message packet loss rate for ABAH is always 0 when the undo check validation overhead is considered. It can be found that ABAH can avoid the communication overhead and privacy leakage caused by the revocation list, ensure the integrity of batch verification information, meet the security performance of the vehicular ad hoc network under the Internet of Things, and protect the privacy of users from being disclosed.

Distributed Blockchain-Based Message Authentication Scheme for Connected Vehicles

Abstract: Vehicular ad-hoc networks (VANETs) have several security issues such as privacy preservation, secure authentication, and system reliability. In the VANET, a vehicle communicates with other vehicles or infrastructures using broadcasting messages. These messages contain not only normal traffic information, but also identification information of sender. In general, the identification information remains encrypted to ensure privacy. However, the conventional centralized system can decrypt the identification information using private information of the sender vehicle. As a result, the central server can often be targeted by adversaries. We propose a message authentication scheme for anonymity and decentralization of information using blockchain technology. Here, we introduce public-private key and message authentication code (MAC) for secure authentication. In this paper, we adopt consensus algorithms for composing blockchain system such as the proof of work (PoW) and Practical Byzantine Fault Tolerance (PBFT) into the proposed authentication process. Finally, we demonstrate that the proposed method is secure from the attacks which include impersonation from internal attacker as well as typical attacks.

Ensuring user authentication and data integrity in multi-cloud environment

Abstract: The necessity to improve security in a multi-cloud environment has become very urgent in recent years. Although in this topic, many methods using the message authentication code had been realized but, the results of these methods are unsatisfactory and heavy to apply, which, is why the security problem remains unresolved in this environment. This article proposes a new model that provides authentication and data integrity in a distributed and interoperable environment. For that in this paper, the authors first analyze some security models used in a large and distributed environment, and then, we introduce a new model to solve security issues in this environment. Our approach consists of three steps, the first step, was to propose a private virtual network to secure the data in transit. Secondly, we used an authentication method based on data encryption, to protect the identity of the user and his data, and finally, we realize an algorithm to know the integrity of data distributed on the various clouds of the system. The model achieves both identity authentication and the ability to inter-operate between processes running on different cloud’s provider. A data integrity algorithm will be demonstrated. The results of this proposed model can efficiently and safely construct a reliable and stable system in the cross-cloud environment.

Conditional Privacy-Preserving Authentication Protocol with Dynamic Membership Updating for VANETs

Abstract: Existing conditional anonymous authentication protocols to secure the group communication in VANETs (Vehicular Ad hoc Networks) render challenges such as dynamically updating membership in a domain and achieving vehicle user's privacy preservation. This paper elegantly addresses these challenges by proposing a novel conditional privacy-preserving authentication with dynamic membership for VANETs depending on chinese remainder theorem (CRT). Specifically, the CRT is utilized by a trusted authority to securely disseminate a domain key for the authorized vehicles in the same domain, where each vehicle in this domain is able to obtain the domain key by only performing one modulo division operation in case of domain key updating. Distinct from the previous works in this field, our proposed protocol not only achieves message authentication, anonymity and conditional privacy-preserving, but also provides forward security and backward security of vehicles. Theoretical analysis and experiment simulation demonstrate that the proposed protocol is provably secure and highly feasible.

Physical Layer Authentication for Non-Coherent Massive SIMO-Enabled Industrial IoT Communications

Abstract: Achieving ultra-reliable, low-latency and secure communications is essential for realizing the industrial Internet of Things (IIoT). Non-coherent massive multiple-input multiple-output (MIMO) is one of promising techniques to fulfill ultra-reliable and low-latency requirements. In addition, physical layer authentication (PLA) technology is particularly suitable for secure IIoT communications thanks to its low-latency attribute. A PLA method for non-coherent massive single-input multiple-output (SIMO) IIoT communication systems is proposed in this paper. This method realizes PLA by embedding an authentication signal (tag) into a message signal, referred to as “message-based tag embedding”. It is different from traditional PLA methods utilizing uniform power tags. We design the optimal tag embedding and optimize the power allocation between the message and tag signals to characterize the trade-off between the message and tag error performance. Numerical results show that the proposed message-based tag embedding PLA method is more accurate than the traditional uniform tag embedding method which has an unavoidable tag error floor close to 10%.

Efficient Lattice-Based Ring Signature for Message Authentication in VANETs

Abstract: In this article, we propose an efficient lattice-based ring signature scheme for message authentication in vehicular ad-hoc networks (VANETs). It provides unconditional identity privacy preservation, message authentication, and location privacy for the sender vehicle. The authentication of messages is extremely vital as it gives motivation for vehicles to accept, act, and further transmit messages to other vehicles in the network as well as remain a member of the network. Any unauthorized vehicle cannot transmit fraud messages into the network if messages are authenticated. The public key cryptography-based methods are more relevant for message authentication because of their easy key management and local derivation of keys. However, they add complexity to the whole network and require significant storage and computational power. Also, the predictable mobility characteristics of vehicles moving on the road make them vulnerable to tracking. This requires an additional mechanism to preserve location privacy. The proposed scheme provides unconditional identity privacy and location privacy. It is more efficient than the existing ring signature schemes in case of signature generation and verification process. Theoretical analysis and experimental results show that the proposed scheme provides security and unconditional privacy to vehicles in VANETs.

Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication

Abstract: As automotive embedded systems comprised of electronic control units (ECUs) connected via a controller area network (CAN) have continued to develop, the volume of information these systems are required to handle has also rapidly increased. Cyber attacks targeting vulnerable points of automotive embedded systems in particular are on the rise to hinder normal operation of a vehicle. However, adding security mechanisms to defend against attacks cannot neglect timing requirements in terms of vehicle safety. This is because it may lead to a violation of automobile safety. In short, both sides of this issue must be addressed from the outset of the system design stage to provide optimal security and safety. As a response to this pressing issue, we propose a novel and efficient scheme. The design optimization during the system design phase not only ensures all the real-time applications are executed within their deadline but also reduces the number of transmitted messages over the CAN bus. After optimization, we apply a hash message authentication code (HMAC) to specific messages, providing secure communication between ECUs and protecting against cyber attacks. Security analysis and experimental results prove that the proposed scheme can counter attacks on the CAN bus while meeting timing requirements. Therefore, our proposed scheme is effective in satisfying improvement of both safety and security.

Reliable and Efficient Content Sharing for 5G-Enabled Vehicular Networks

Abstract: Conditional privacy preservation and message authentication serve as the primary research issues in terms of security in vehicular networks. With the arrival of 5G era, the downloading speed of network services and the message transmission speed have significantly improved. Consequently, the content exchanged by users in vehicular networks is not limited to traffic information, and vehicles moving at high speeds can share a wide variety of contents. However, sharing content reliably and efficiently remains challenging owing to the fast-moving character of vehicles. To solve this problem, we propose a reliable and efficient content sharing scheme in 5G-enabled vehicular networks. The vehicles with content downloading requests quickly filter the adjacent vehicles to choose capable and suitable proxy vehicles and request them for content services. Thus, the purpose of obtaining a good hit ratio, saving network traffic, reducing time delay, and easing congestion during peak hours can be achieved. The security analysis indicates that the proposed scheme meets the security requirements of vehicular networks. Our cryptographic operations are based on the elliptic curve, and finally, the proposed scheme also displays favorable performance compared to other related schemes.

Efficient Group Authentication Protocol for Secure 5G Enabled Vehicular Communications

Abstract: The fifth generation (5G) networks exhibit extremely low latency, extremely high bandwidth, and high density connections that are salient features for the support of vehicle to everything (V2X) services. Although a lot of research efforts have been directed towards addressing 5G technical issues for the support of V2X communications, these researches only concentrate on synchronization, physical layer structure or resource allocation. Very little research has been carried out on how to uphold message security as well as user privacy in V2X networks and as such, these networks still face a number challenges relating to privacy and secure payload exchanges. For instance, to facilitate cooperative driving, road conditions as well as vehicle status is shared among all neighbor autonomous vehicles. This is accomplished via periodical generation of notification messages. As such, message authentication is essential to prevent attacks and boost reliability in an autonomous platoon. Unfortunately, existing authentication protocols incur high computational and communication costs during the authentication process. Moreover, although novel access validation and key agreement schemes have been suggested, secure and efficient mobility management still faces many challenges owing to the high number of recurrent handovers and massive vehicular communications. To address these challenges, this paper sought to develop an efficient and secure protocol that was shown to have average communication and computational costs and also robust against impersonation, MitM, replay and eavesdropping attacks.

A secure electronic medical record authorization system for smart device application in cloud computing environments

Abstract: As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

An ADS-B Message Authentication Method Based on Certificateless Short Signature

Abstract: The automatic dependent surveillance—broadcast (ADS-B) system adopts an open communication mode, and the lack of designed-in security measures in the ADS-B system makes it vulnerable to various types of attacks (jamming, spoofing, etc.). In view of the low-bandwidth and less-data-bit features of the ADS-B, this paper studies the integrity and authenticity of information by signing messages and proposes an ADS-B message authentication method based on certificateless short signature. This method uses short signature and does not require certificate management and has efficient performance. Compared with the existing approach, the computation costs of the proposed method in the signature phase are reduced by 1/2, and the signature length is reduced by 3/4. Additionally, we used the extended NS2 simulation platform to simulate 1090ES data link in different scenarios of the network; the simulation results show that our solution is suitable for minimum operational performance standard of ADS-B.

SCER Spoofing Attacks on the Galileo Open Service and Machine Learning Techniques for End-User Protection

Abstract: Spoofing attacks pose a clear cybersecurity risk for all systems relying on Global Navigation Satellite Systems (GNSS) for time synchronization or positioning. Secure Code Estimation and Replay (SCER) spoofing attacks are the most challenging type of spoofing attacks, as these may be problematic even for future GNSS protection systems, like Navigation Message Authentication (NMA) or Spreading Code Authentication (SCA). This is one of the reasons that make the development of complementary protection techniques, like the one proposed in this work, necessary. In the first part of the paper, the spoofing SCER attacks are analyzed in detail for GPS and, particularly, for Galileo. The role of the Galileo Pseudorandom Noise (PRN) intra-satellite non-orthogonality distortion term in hindering the attacks is discussed and a detailed comparison between GPS and Galileo expected quality curves for the SCER attack is provided. A complementary detection method for end-user receivers (assuming NMA is used) against SCER attacks is proposed, based on the application of machine learning and a proposed set of features extracted from the receiver search space, assuming the attacker was not able to null the satellite signal.

Signature Image Hiding in Color Image using Steganography and Cryptography based on Digital Signature Concepts

Abstract: Data Transmission in network security is one of the most vital issues in today's communication world. The outcome of the suggested method is outlined over here. Enhanced security can be achieved by this method. The vigorous growth in the field of information communication has made information transmission much easier. But this type of advancement has opened up many possibilities of information being snooped. So, day-by-day maintaining of information security is becoming an inseparable part of computing and communication. In this paper, the authors have explored techniques that blend cryptography & steganography together. In steganography, information is kept hidden behind a cover image. In this paper, approaches for information hiding using both cryptography & steganography is proposed keeping in mind two considerations - size of the encrypted object and degree of security. Here, signature image information is kept hidden into cover image using private key of sender & receiver, which extracts the information from stego image using a public key. This approach can be used for message authentication, message integrity & non-repudiation purpose.