Mahdieh Ebrahimi; Majid Bayat; Behnam Zahednejad
Abstract
The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical ...
Read More
The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical information is critical and important, authentication between users and medical servers is an essential issue. Recently, Park et al. proposed an authentication scheme using Shamir's threshold technique for IoT-based medical information system and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Park et al.'s scheme does not achieve user anonymity, forward security, and mutual authentication and it is not resistant to the DoS attacks and then we introduce an improved mutual authentication scheme based on Elliptic Curve Cryptography (ECC) and Shamir 's secret sharing for IoT-based medical information system.In this paper, we formally analyze the security properties of our scheme via the ProVerif. Moreover, we compare our proposed scheme with other related schemes in terms of security and performance.
Aniseh Najafi; Majid Bayat; Hamid Haj Seyyed Javadi
Abstract
The advent of cloud computing in the healthcare system makes accuracy and speed increased, costs reduced, and health services widely used. However, system users are always seriously concerned about the security of outsourced data. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising ...
Read More
The advent of cloud computing in the healthcare system makes accuracy and speed increased, costs reduced, and health services widely used. However, system users are always seriously concerned about the security of outsourced data. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising way to ensure the security of and facilitate access control over outsourced data. However, conventional CP-ABE schemes have security flaws such as lack of attribute privacy and resistance to the keywords guessing attacks as well as the disability to multi-keyword searches. To meet such shortcomings, we present a scheme supporting multi-keyword search and fine-grained access control, simultaneously. The proposed scheme is resistant to the offline keywords guessing attack. Privacy-preserving in the access structure is another feature of the proposed scheme. The security analysis indicates that our scheme is selectively secure in the standard model. Finally, the performance evaluation of the proposed scheme shows the efficiency is reasonable despite the added functionalities.
Majid Bayat; Zahra Zare Jousheghani; Ashok Kumar Das; Pitam Singh; Saru Kumari; Mohammad Reza Aref
Abstract
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important ...
Read More
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. A privacy preserving authentication scheme is a critical element for secure development of smart grid. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. Unfortunately, we found that Mahmood et al.'s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.