Mahdieh Ebrahimi; Majid Bayat; Behnam Zahednejad
Abstract
The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical ...
Read More
The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical information is critical and important, authentication between users and medical servers is an essential issue. Recently, Park et al. proposed an authentication scheme using Shamir's threshold technique for IoT-based medical information system and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Park et al.'s scheme does not achieve user anonymity, forward security, and mutual authentication and it is not resistant to the DoS attacks and then we introduce an improved mutual authentication scheme based on Elliptic Curve Cryptography (ECC) and Shamir 's secret sharing for IoT-based medical information system.In this paper, we formally analyze the security properties of our scheme via the ProVerif. Moreover, we compare our proposed scheme with other related schemes in terms of security and performance.
Vahid Chegeni; Hamid Haj Seyyed Javadi; Mohammad Reza Moazami Goudarzi; Afshin Rezakhani
Abstract
Today, the Internet of Things (IoT) is one of the emerging technologies that enable the connection and transfer of information through communication networks. The main idea of the IoT is the widespread presence of objects such as mobile devices, sensors, and RFID. With the increase in traffic volume ...
Read More
Today, the Internet of Things (IoT) is one of the emerging technologies that enable the connection and transfer of information through communication networks. The main idea of the IoT is the widespread presence of objects such as mobile devices, sensors, and RFID. With the increase in traffic volume in urban areas, the existing intelligent urban traffic management system based on IoT can be vital. Therefore, this paper focused on security in urban traffic based on using RFID. In our scheme, RFID tags chose as the purpose of this article. We, in this paper, present a mutual authentication protocol that leads to privacy based on hybrid cryptography. Also, an authentication process with RFID tags is proposed that can be read at high speed. The protocol has attempted to reduce the complexity of computing. At the same time, the proposed method can withstand attacks such as spoofing of tag and reader, tag tracking, and replay attack.
Saadi Hadjer; Yagoub Mustapha C.E.; Rachida TOUHAMI
Abstract
The Internet of Things (IoT) is a very encouraging and fast-growing area that brings together the benefits of wireless systems, sensor networks, actuators, etc.A wide range of IoT applications have been targeted and several aspects of this field have been identified to address specific issues, ...
Read More
The Internet of Things (IoT) is a very encouraging and fast-growing area that brings together the benefits of wireless systems, sensor networks, actuators, etc.A wide range of IoT applications have been targeted and several aspects of this field have been identified to address specific issues, as well as technologies and standards developed in various domains such as in radio frequency identification(RFID), sensors, and mobile telephony, to name a few. This article aims to talk specifically about the RFID technology and its accompanying communication, authentication, risk, and security concerns while applied to the IoT field. An important part of this work is indeed focused on security aspects that derive from the use of RFID in IoT, especially in IoT networks. The results of our research work highlighted an excellent integration of RFID in the field of Internet of things, particularly in healthcare systems.
Majid Bayat; Zahra Zare Jousheghani; Ashok Kumar Das; Pitam Singh; Saru Kumari; Mohammad Reza Aref
Abstract
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important ...
Read More
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. A privacy preserving authentication scheme is a critical element for secure development of smart grid. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. Unfortunately, we found that Mahmood et al.'s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.
J. Alizadeh; M. R. Aref; N. Bagheri
Abstract
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, ...
Read More
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the inverse of the permutation in the decryption function, which causes the resource efficiency. Artemia permutations have an efficient and a simple structure and are provably secure against the differential and linear cryptanalysis. In the permutations, MDS recursive layers are used that can be easily implemented in both software and hardware.
R. Ramezanian
Abstract
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role ...
Read More
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authentication for parallel multiple session's execution. To model the authentication, two main notions called 1. agent's scope and 2. agent's recognizability are introduced, which consider the difference of ability of agents due to their different roles in the protocol and different access to keys and secrets. To formalize above notions, a process algebra provided by some primitives for manipulating cryptographic messages is used. We formalize some security protocols and examine our definition of authentication for them. We just discuss the symmetric key case.