Lightweight Hash-Based Authentication Protocol for Smart Grids.

Smart grids integrate information and communications technology into the processes of electricity production, transportation, and consumption, thereby enabling interactions between power suppliers and consumers to increase the efficiency of the power grid. To achieve this, smart meters (SMs) are installed in households or buildings to measure electricity usage and allow power suppliers or consumers to monitor and manage it in real time. However, SMs require a secure service to address malicious attacks during memory protection and communication processes and a lightweight communication protocol suitable for devices with computational and communication constraints. This paper proposes an authentication protocol based on a one-way hash function to address these issues. This protocol includes message authentication functions to address message tampering and uses a changing encryption key for secure communication during each transmission. The security and performance analysis of this protocol shows that it can address existing attacks and provides 105,281.67% better computational efficiency than previous methods.

An Improved Lightweight User Authentication Scheme for the Internet of Medical Things.

The Internet of Medical Things (IoMT) is used in the medical ecosystem through medical IoT sensors, such as blood glucose, heart rate, temperature, and pulse sensors. To maintain a secure sensor network and a stable IoMT environment, it is important to protect the medical IoT sensors themselves and the patient medical data they collect from various security threats. Medical IoT sensors attached to the patient's body must be protected from security threats, such as being controlled by unauthorized persons or transmitting erroneous medical data. In IoMT authentication, it is necessary to be sensitive to the following attack techniques. (1) The offline password guessing attack easily predicts a healthcare administrator's password offline and allows for easy access to the healthcare worker's account. (2) Privileged-insider attacks executed through impersonation are an easy way for an attacker to gain access to a healthcare administrator's environment. Recently, previous research proposed a lightweight and anonymity preserving user authentication scheme for IoT-based healthcare. However, this scheme was vulnerable to offline password guessing, impersonation, and privileged insider attacks. These attacks expose not only the patients' medical data such as blood pressure, pulse, and body temperature but also the patients' registration number, phone number, and guardian. To overcome these weaknesses, in the present study we propose an improved lightweight user authentication scheme for the Internet of Medical Things (IoMT). In our scheme, the hash function and XOR operation are used for operation in low-spec healthcare IoT sensor. The automatic cryptographic protocol tool ProVerif confirmed the security of the proposed scheme. Finally, we show that the proposed scheme is more secure than other protocols and that it has 266.48% better performance than schemes that have been previously described in other studies.

A Secure and Lightweight Three-Factor-Based Authentication Scheme for Smart Healthcare Systems.

Internet of Things (IoT) technology has recently been integrated with various healthcare devices to monitor patients' health status and share it with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, healthcare systems must provide a secure user authentication scheme. Recently, Adavoudi-Jolfaei et al. and Sharma and Kalra proposed a lightweight protocol using hash function encryption only for user authentication on wireless sensor systems. In this paper, we found some weaknesses in target schemes. We propose a novel three-factor lightweight user authentication scheme that addresses these weaknesses and verifies the security of the proposed scheme using a formal verification tool called ProVerif. In addition, our proposed scheme outperforms other proposed symmetric encryption-based schemes or elliptic curve-based schemes.

Secure and Efficient Three-Factor Protocol for Wireless Sensor Networks.

Wireless sensor networks are widely used in many applications such as environmental monitoring, health care, smart grid and surveillance. Many security protocols have been proposed and intensively studied due to the inherent nature of wireless networks. In particular, Wu et al. proposed a promising authentication scheme which is sufficiently robust against various attacks. However, according to our analysis, Wu et al.'s scheme has two serious security weaknesses against malicious outsiders. First, their scheme can lead to user impersonation attacks. Second, user anonymity is not preserved in their scheme. In this paper, we present these vulnerabilities of Wu et al.'s scheme in detail. We also propose a new scheme to complement their weaknesses. We improve and speed up the vulnerability of the Wu et al. scheme. Security analysis is analyzed by Proverif and informal analysis is performed for various attacks.

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

On the security of a simple three-party key exchange protocol without server's public keys.

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Password-only authenticated three-party key exchange with provable security in the standard model.

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Association rule extraction from XML stream data for wireless sensor networks.

With the advances of wireless sensor networks, they yield massive volumes of disparate, dynamic and geographically-distributed and heterogeneous data. The data mining community has attempted to extract knowledge from the huge amount of data that they generate. However, previous mining work in WSNs has focused on supporting simple relational data structures, like one table per network, while there is a need for more complex data structures. This deficiency motivates XML, which is the current de facto format for the data exchange and modeling of a wide variety of data sources over the web, to be used in WSNs in order to encourage the interchangeability of heterogeneous types of sensors and systems. However, mining XML data for WSNs has two challenging issues: one is the endless data flow; and the other is the complex tree structure. In this paper, we present several new definitions and techniques related to association rule mining over XML data streams in WSNs. To the best of our knowledge, this work provides the first approach to mining XML stream data that generates frequent tree items without any redundancy.

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

A provably-secure ECC-based authentication scheme for wireless sensor networks.

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

MES-FPMIPv6: MIH-Enabled and enhanced secure Fast Proxy Mobile IPv6 handover protocol for 5G networks[Formula: see text].

Fast Proxy Mobile IPv6 (FPMIPv6) is an extension of the PMIPv6 mobility management deployed as part of the next-generation internet protocol. It allows location-independent routing of IP datagrams, based on local mobility to IPv6 hosts without involvement of stations in the IP address signaling. A mobile node keeps its IP address constant as it moves from link to link, which avoids signaling overhead and latency associated with changing IP address. Even though local mobility requirements hold, it entails security threats such as Mobile Node, Mobile Access Gateway, as well as Local Mobility Anchor impersonation that go beyond those already exist in IPv6. As mobile station keeps moving across different serving networks, its IP remains constant during handover, and location privacy may not also be preserved. Moreover, homogeneous network dependence of PMIPv6 is one of the gaps, which FPMIPv6 could not mitigate. FPMIPv6 does not support heterogeneous network handover, for which numerous researchers have proposed Media Independent Handover (MIH) enabled FPMIPv6 schemes to allow fast handover among heterogeneous networks, but in the absence of security solutions. As a comprehensive solution, we propose a new handover authentication scheme and a key agreement protocol for the 'MIH-enabled Network Only FPMIPv6' model. As one of the basic requirements, mobility management should minimize signaling overhead, handover delay and power consumption of the mobile node. The proposed scheme improves wireless link overhead (mobile node overhead) by 6-86% as cell radius, wireless failure probability and number of hop vary. The security of the proposed scheme has also been analyzed under BAN logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and its performance has numerically been evaluated through a pre-determined performance matrix and found to be effective and preferably applicable compared with other schemes.

Absolute configuration-dependent epoxide formation from isoflavan-4-ol stereoisomers by biphenyl dioxygenase of Pseudomonas pseudoalcaligenes strain KF707.

Biphenyl dioxygenase from Pseudomonas pseudoalcaligenes strain KF707 expressed in Escherichia coli was found to exhibit monooxygenase activity toward four stereoisomers of isoflavan-4-ol. LC-MS and LC-NMR analyses of the metabolites revealed that the corresponding epoxides formed between C2' and C3' on the B-ring of each isoflavan-4-ol substrate were the sole products. The relative reactivity of the stereoisomers was found to be in the order: (3S,4S)-cis-isoflavan-4-ol > (3R,4S)-trans-isoflavan-4-ol > (3S,4R)-trans-isoflavan-4-ol > (3R,4R)-cis-isoflavan-4-ol and this likely depended upon the absolute configuration of the 4-OH group on the isoflavanols, as explained by an enzyme-substrate docking study. The epoxides produced from isoflavan-4-ols by P. pseudoalcaligenes strain KF707 were further abiotically transformed into pterocarpan, the molecular structure of which is commonly found as part of plant-protective phytoalexins, such as maackiain from Cicer arietinum and medicarpin from Medicago sativa.

Lightweight user authentication scheme for roaming service in GLOMONET with privacy preserving.

With the development of information technology and the Internet, users can conveniently use roaming services without time and space restrictions. This roaming service is initiated by establishing a session key between a home node, which exists in a home network, and a mobile node, which exists in a foreign network. However, in the process of verifying a legitimate user and establishing a session key, various security threats and privacy exposure issues can arise. This study demonstrates that the authentication scheme for the roaming service proposed in the existing Global Mobility Network (GLOMONET) environment has several vulnerabilities and, hence, is impractical. In addition, the scheme does not satisfy the privacy of the session key or user's identity or password. Accordingly, we propose a new lightweight authentication scheme to compensate for these vulnerabilities and secure a high level of privacy, such as non-traceability. In addition, formal and informal analyses are conducted to examine the safety of the proposed scheme. Based on the results of our analyses, we prove that the proposed scheme is highly secure and applicable to the actual GLOMONET environment.