On-Demand Anonymous Access and Roaming Authentication Protocols for 6G Satellite-Ground Integrated Networks.

Satellite-ground integrated networks (SGIN) are in line with 6th generation wireless network technology (6G) requirements. However, security and privacy issues are challenging with heterogeneous networks. Specifically, although 5G authentication and key agreement (AKA) protects terminal anonymity, privacy preserving authentication protocols are still important in satellite networks. Meanwhile, 6G will have a large number of nodes with low energy consumption. The balance between security and performance needs to be investigated. Furthermore, 6G networks will likely belong to different operators. How to optimize the repeated authentication during roaming between different networks is also a key issue. To address these challenges, on-demand anonymous access and novel roaming authentication protocols are presented in this paper. Ordinary nodes implement unlinkable authentication by adopting a bilinear pairing-based short group signature algorithm. When low-energy nodes achieve fast authentication by utilizing the proposed lightweight batch authentication protocol, which can protect malicious nodes from DoS attacks. An efficient cross-domain roaming authentication protocol, which allows terminals to quickly connect to different operator networks, is designed to reduce the authentication delay. The security of our scheme is verified through formal and informal security analysis. Finally, the performance analysis results show that our scheme is feasible.

Rotating behind Security: A Lightweight Authentication Protocol Based on IoT-Enabled Cloud Computing Environments.

With the rapid development of technology based on the Internet of Things (IoT), numerous IoT devices are being used on a daily basis. The rise in cloud computing plays a crucial role in solving the resource constraints of IoT devices and in promoting resource sharing, whereby users can access IoT services provided in various environments. However, this complex and open wireless network environment poses security and privacy challenges. Therefore, designing a secure authentication protocol is crucial to protecting user privacy in IoT services. In this paper, a lightweight authentication protocol was designed for IoT-enabled cloud computing environments. A real or random model, and the automatic verification tool ProVerif were used to conduct a formal security analysis. Its security was further proved through an informal analysis. Finally, through security and performance comparisons, our protocol was confirmed to be relatively secure and to display a good performance.

Autonomous Mutual Authentication Protocol in the Edge Networks.

A distinct security protocol is necessary for the exponential growth in intelligent edge devices. In particular, the autonomous devices need to address significant security concern to function smoothly in the high market demand. Nevertheless, exponential increase in the connected devices has made cloud networks more complex and suffer from information processing delay. Therefore, the goal of this work is to design a novel server-less mutual authentication protocol for the edge networks. The aim is to demonstrate an autonomous mutual authentication amongst the connected smart devices within the edge networks. The solution addresses applications of autonomous cars, smart things, and Internet of Things (IoT) devices in the edge or wireless sensor networks (WSN), etc. In this paper, the design proposes use of a public-key system, octet-based balanced-tree transitions, challenge-response mechanism, device unique ID (UID), pseudo-random number generator (PRNG), time-stamps, and event specific session keys. Ultimately, server-less design requires less infrastructure and avoids several types of network-based communication attacks, e.g., impersonating, Man in the middle (MITM), IoT-DDOS, etc. Additionally, the system overhead is eliminated by no secret key requirements. The results provide sufficient evidence about the protocol market competitiveness and demonstrate better benchmark comparison results.

Efficient Authentication Protocol and Its Application in Resonant Inductive Coupling Wireless Power Transfer Systems.

Chaos theory and its extension into cryptography has generated significant applications in industrial mixing, pulse width modulation and in electric compaction. Likewise, it has merited applications in authentication mechanisms for wireless power transfer systems. Wireless power transfer (WPT) via resonant inductive coupling mechanism enables the charging of electronic devices devoid of cords and wires. In practice, the key to certified charging requires the use of an authentication protocol between a transmitter (charger) and receiver (smartphone/some device). Via the protocol, a safe level and appropriate charging power can be harvested from a charger. Devoid of an efficient authentication protocol, a malicious charger may fry the circuit board of a receiver or cause a permanent damage to the device. In this regard, we first propose a chaos-based key exchange authentication protocol and analyze its robustness in terms of security and computational performance. Secondly, we theoretically demonstrate how the protocol can be applied to WPT systems for the purposes of charger to receiver authentication. Finally, we present insightful research problems that are relevant for future research in this paradigm.

Can Formal Security Verification Really Be Optional? Scrutinizing the Security of IMD Authentication Protocols.

The need for continuous monitoring of physiological information of critical organs of the human body, combined with the ever-growing field of electronics and sensor technologies and the vast opportunities brought by 5G connectivity, have made implantable medical devices (IMDs) the most necessitated devices in the health arena. IMDs are very sensitive since they are implanted in the human body, and the patients depend on them for the proper functioning of their vital organs. Simultaneously, they are intrinsically vulnerable to several attacks mainly due to their resource limitations and the wireless channel utilized for data transmission. Hence, failing to secure them would put the patient's life in jeopardy and damage the reputations of the manufacturers. To date, various researchers have proposed different countermeasures to keep the confidentiality, integrity, and availability of IMD systems with privacy and safety specifications. Despite the appreciated efforts made by the research community, there are issues with these proposed solutions. Principally, there are at least three critical problems. (1) Inadequate essential capabilities (such as emergency authentication, key update mechanism, anonymity, and adaptability); (2) heavy computational and communication overheads; and (3) lack of rigorous formal security verification. Motivated by this, we have thoroughly analyzed the current IMD authentication protocols by utilizing two formal approaches: the Burrows-Abadi-Needham logic (BAN logic) and the Automated Validation of Internet Security Protocols and Applications (AVISPA). In addition, we compared these schemes against their security strengths, computational overheads, latency, and other vital features, such as emergency authentications, key update mechanisms, and adaptabilities.

Highly Efficient Symmetric Key Based Authentication and Key Agreement Protocol Using Keccak.

Efficient authentication and key agreement protocols between two entities are required in many application areas. In particular, for client-server type of architectures, the client is mostly represented by a constrained device and thus highly efficient protocols are needed. We propose in this paper two protocols enabling the construction of a mutual authenticated key ensuring anonymity and unlinkability of the client and resisting the most well known attacks. The main difference between the two proposed protocols is in the storage requirements on the server side. The innovation of our protocols relies on the fact that, thanks to the usage of the sponge construction, available in the newly proposed SHA3 standard with underlying Keccak design, the computation cost can be reduced to only one hash operation on the client side in case of the protocol with storage and two hash operations for the protocol without storage and thus leads to a very efficient solution.

A Lightweight Three-Factor Authentication Scheme for WHSN Architecture.

Wireless Healthcare Sensor Network (WHSN) is a benchmarking technology deployed to levitate the quality of lives for the patients and doctors. WHSN systems must fit IEEE 802.15.6 standard for specific application criteria, unlike some standard criteria that are difficult to meet. Therefore, many security models were suggested to enhance the security of the WHSN and promote system performance. Yu and Park proposed a three-factor authentication scheme based on the smart card, biometric, and password, and their scheme can be easily employed in three-tier WHSN architecture. Furthermore, they claimed that their scheme can withstand guessing attack and provide anonymity, although, after cryptanalysis, we found that their scheme lacks both. Accordingly, we suggested a three-factor authentication scheme with better system confusion due to multiplex parametric features, hash function, and higher key size to increase the security and achieve anonymity for the connected nodes. Moreover, the scheme included initialization, authentication, re-authentication, secure node addition, user revocation, and secure data transmission via blockchain technology. The formal analysis of the scheme was conducted by BAN logic (Burrows Abadi Nadeem) and the simulation was carried out by Tamarin prover to validate that the proposed scheme is resistant to replay, session hijacking, and guessing attacks, plus it provides anonymity, perfect forward secrecy, and authentication along with the key agreement.

Securing IoT-Based RFID Systems: A Robust Authentication Protocol Using Symmetric Cryptography.

Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

IoT Device Security: Challenging "A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function".

With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)-ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses.

1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks.

Thanks to the rapid technological convergence of wireless communications, medical sensors and cloud computing, Wireless Body Area Networks (WBANs) have emerged as a novel networking paradigm enabling ubiquitous Internet services, allowing people to receive medical care, monitor health status in real-time, analyze sports data and even enjoy online entertainment remotely. However, because of the mobility and openness of wireless communications, WBANs are inevitably exposed to a large set of potential attacks, significantly undermining their utility and impeding their widespread deployment. To prevent attackers from threatening legitimate WBAN users or abusing WBAN services, an efficient and secure authentication protocol termed 1-Round Anonymous Authentication Protocol (1-RAAP) is proposed in this paper. In particular, 1-RAAP preserves anonymity, mutual authentication, non-repudiation and some other desirable security properties, while only requiring users to perform several low cost computational operations. More importantly, 1-RAAP is provably secure thanks to its design basis, which is resistant to the anonymous in the random oracle model. To validate the computational efficiency of 1-RAAP, a set of comprehensive comparative studies between 1-RAAP and other authentication protocols is conducted, and the results clearly show that 1-RAAP achieves the best performance in terms of computational overhead.

Applications of Multi-Channel Safety Authentication Protocols in Wireless Networks.

People can use their web browser or mobile devices to access web services and applications which are built into these servers. Users have to input their identity and password to login the server. The identity and password may be appropriated by hackers when the network environment is not safe. The multiple secure authentication protocol can improve the security of the network environment. Mobile devices can be used to pass the authentication messages through Wi-Fi or 3G networks to serve as a second communication channel. The content of the message number is not considered in a multiple secure authentication protocol. The more excessive transmission of messages would be easier to collect and decode by hackers. In this paper, we propose two schemes which allow the server to validate the user and reduce the number of messages using the XOR operation. Our schemes can improve the security of the authentication protocol. The experimental results show that our proposed authentication protocols are more secure and effective. In regard to applications of second authentication communication channels for a smart access control system, identity identification and E-wallet, our proposed authentication protocols can ensure the safety of person and property, and achieve more effective security management mechanisms.

A Novel Secure Authentication Protocol for e-Health Records in Cloud with a New Key Generation Method and Minimized Key Exchange.

In wake of covid19, many countries are shifting their paper-based health record management from manual processes to digital ones. The major benefit of digital health record is that data can be easily shared. As health data is sensitive, more security is to be provided to gain the trust of stakeholders. In this paper, a novel secure authentication protocol is planned for digitalizing personal health record that will be used by the user. While transacting data, a key is used to secure it. Many protocols used elliptic curve cryptography. In this proposed protocol, at an initial stage, an asymmetric and quantum-resistant crypto-algorithm, Kyber is used. In further stages, symmetric crypto-algorithm, Advanced Encryption Standard in Galois/Counter mode (AES-GCM) is used to secure transferred data. For every session, a new key is generated for secure transactions. The more interesting fact in this protocol is that transactions are secured without exchanging actual key and also minimized the key exchange. This protocol not only verified the authenticity of user but also checked rightful citizenship of user. This protocol is analyzed for various security traits using ProVerif tool and provided better results relating to security provisioning, cost of storage, and computation as opposed to related protocols.

A Novel RFID Authentication Protocol Based on Reconfigurable RRAM PUF.

Radio frequency identification technology (RFID) has empowered a wide variety of automation industries. Aiming at the current light-weight RFID encryption scheme with limited information protection methods, combined with the physical unclonable function (PUF) composed of resistive random access memory (RRAM), a new type of high-efficiency reconfigurable strong PUF circuit structure is proposed in this paper. Experimental results show that the proposed PUF shows an almost ideal value (50%) of inter-chip hamming distance (HD) (µ/σ = 0.5001/0.0340) among 1000 PUF keys, and intra-chip HD results are very close to the ideal value (0). The bit error rate (BER) is as low as 3.8×10-6 across one million challenges. Based on the RRAM PUF, we propose and implement a light weight RFID authentication protocol. By virtue of RRAM's model ability, the protocol replaces the One-way Hash Function with a response chain mutual encryption algorithm. The results of test and analysis show that the protocol can effectively resist multiple threats such as physical attacks, replay attacks, tracking attacks and asynchronous attacks, and has good stability. At the same time, based on RRAM's unique resistance variability, PUF also has the advantage of being reconfigurable, providing good security for RFID tags.

Computationally efficient mutual authentication protocol for remote infant incubator monitoring system.

Internet of Things (IoT), cloud computing and wireless medical sensor networks have significantly improved remote healthcare monitoring. In a healthcare monitoring system, many resource-limited sensors are deployed to sense, process and communicate the information. However, continuous and accurate operations of these devices are very important, especially in the infant incubator monitoring system. Because important decisions are made on the received information. Therefore, it is necessary to ensure the authenticity between the incubator monitoring system and doctors. In this work, a public key encryption based computationally efficient mutual authentication protocol is proposed for secure data transmission between incubator monitoring systems and doctors or administrators. The proposed protocol improves performance and reduces the computational cost without compromising the security. The security analysis part shows the strength of the proposed protocol against various attacks, performance analysis part shows that the proposed protocol performs better than other existing protocol based on Rivest-Shamir-Adleman and elliptic-curve cryptography schemes.