No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Cryptanalysis and Improvement of an Access Control Protocol for Wireless Body Area Networks
ResearchGate has not been able to resolve any citations for this publication.
Contemporary developments in the Internet of Things (IoT) have been made it highly suitable for many applications like smart city, smart healthcare etc. However, security and privacy are the primary concerns in protecting data as it was highly sensitive. This paper is proposing a new Identity based online/off-line signcryption scheme suitable to provide secure message communication between IoT devices, gateway, and the server. This method is divided into the online and off-line phase, where heavy mathematical computations are carried out in off-line phases and light computations in the online phase. This scheme provides a security solution for integrating Wireless Sensor Networks(WSN) into the IoT. Experimentation was done and finally compared against existing techniques and proved that the proposed mechanism reduces the computation time in online by performing more number of operations in off-line signcryption phase. Further, it provides indistinguishability against adaptive chosen ciphertext attacks and existential unforgeability against adaptive chosen messages attacks.
Wireless body area networks have become popular due to recent technological developments in sensor technology. A sensor can be used to collect data from different environments of interest, process and communicate the data to other nodes in a network. By its very nature, a sensor node is limited in resource usage. Due to these limitations, numerous security challenges have emerged in their applications, hence the need for more efficient and secure cryptosystems. In this paper, we give an efficient certificateless pairing-free signcryption scheme then design a secure access control scheme that can satisfy both the properties of ciphertext authentication and public verifiability using the signcryption scheme. A formal security proof of our scheme in random oracle model is provided. In addition, we compare the efficiency of our access control scheme with other existing schemes that are based on signcryption scheme. The analysis reveals that our scheme achieves better trade-off for computational and communication cost.
The ever-growing number of Internet connected devices poses several cybersecurity risks. Most of the exchanged data between the Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based SignCryption (ABSC) is a powerful cryptographic mechanism suitable for distributed environments, providing flexible access control and data secrecy. However, it imposes high designcryption costs, and does not support access policy update (user addition/revocation). This paper presents PROUD, an ABSC solution, to securely \textit{outsource} data designcryption process to edge servers in order to reduce the computation overhead on the user side. PROUD allows end-users to offload most of the designcryption overhead to an edge server and verify the correctness of the received partially designcrypted data from the edge server. Moreover, PROUD provides the access policy update feature with neither involving a proxy-server, nor re-signcrypting the signcrypted message and re-distributing the users' secret keys. The access policy update feature in PROUD does not affect the size of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical and experimental analysis prove that PROUD outperforms existing schemes in terms of functionality, communication and computation overhead.
This paper introduces and makes concrete the concept of certificateless public key cryptography (CL-PKC), a model for the use of public key cryptography which avoids the inherent escrow of identity-based cryptography and yet which does not require certificates to guarantee the authenticity of public keys. The lack of certificates and the presence of an adversary who has access to a master key necessitates the careful development of a new security model. We focus on certificateless public key encryption (CL-PKE), showing that a concrete pairing-based CL-PKE scheme is secure provided that an underlying problem closely related to the Bilinear Diffie-Hellman Problem is hard.
In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues.
Recently, an infectious disease, coronavirus disease 2019 (COVID-19), has been reported in Wuhan, China, and spread worldwide within a couple of months. There have been seen an outbreak of COVID-19 in many countries, where the infected patients' rate overwhelmed the inadequate medical services. The push of patient-centered interoperability (PCI) from medical institution-centered interoperability may defeat the current and post resultant disease of the COVID-19 pandemic. This paper proposes a state-of-the-art privacy-preserving medical data sharing system based on Hyperledger Fabric (MedHypChain), where each transaction is secured via an Identity-based broadcast group signcryption scheme. We proved that MedHypChain achieves confidentiality, anonymity, traceability, and unforgeability. Besides, we regularize the MedHypChain to implement the PCI healthcare system, where the patient manages its health-related information in the blockchain that can be accessible to the authorized entity. We also use the Hyperledger caliber as a benchmark tool to analyze the performance of MedHypChain in three metrics (latency time, execution time, and throughput) for up to 20 permissioned nodes. Finally, we compare MedHypChain with related blockchain-based healthcare systems and found that the proposed scheme needs the least computation cost and communication cost and achieves all security features, such as authenticity, scalability, and access control.
Wireless Body Area Networks (WBAN) is often envisioned as a paradigm shift from the traditional healthcare system to the modern E-Healthcare system. The patient's vitals sensed by the sensors are highly sensitive, confidential, and susceptible to various attacks from adversaries. For the WBAN being a concrete application of the healthcare system, it is paramount to ensure that the data sensed by the WBAN sensors is safe and not exposed to unauthorised entities and security threats. In light of this, strong security solutions and authentication schemes are needed for the success and large scale adoption of the WBANs. To this end, a plethora of security solutions and authentication schemes have been suggested by the researchers over the last two decades. However, the absence of a clear and cohesive study in view of security and authentication does not serve the bigger goal of providing a bird-eye view of the domain. To fulfill the objectives mentioned above, we approach in the following manner. Firstly, an extensive review of the security essentials, security threats, attackers, and attack techniques, and current existing solutions are provided with a detailed classification of security mechanisms in the WBANs. Secondly, a detailed discussion on authentication, design, and development of the authentication scheme and its classification, adversary models and security protocol verifiers is provided. Furthermore, this work outlines the applications, open research issues, recommendations for future authentication schemes and future trends for the WBANs. All in all, this survey elaborates the functionality of WBAN, its technologies, building blocks, and a much wider view of WBAN in terms of security and authentication.
Certificateless public key cryptography (CL-PKC) promises a practical resolution in establishing practical schemes, since it addresses two fundamental issues, namely the necessity of requiring certificate managements in traditional public key infrastructure (PKI) and the key escrow problem in identity-based (ID-based) setting concurrently. Signcryption is an important primitive that provides the goals of both encryption and signature schemes as it is more efficient than encrypting and signing messages consecutively. Since the concept of certificateless signcryption (CL-SC) scheme was put forth by Barbosa and Farshim in 2008, many schemes have been proposed where most of them are provable in the random oracle model (ROM) and only a few number of them are provable in the standard model. Very recently, Luo and Wan (Wireless Personal Communication, 2018) proposed a very efficient CL-SC scheme in the standard model. Furthermore, they claimed that their scheme is not only more efficient than the previously proposed schemes in the standard model, but also it is the only scheme which benefits from known session-specific temporary information security (KSSTIS). Therefore, this scheme would indeed be very practical. The contributions of this paper are 2-fold. First, in contrast to the claim made by Luo and Wan, we show that unfortunately Luo and Wan made a significant error in the construction of their proposed scheme. While their main intention is indeed interesting and useful, the failure of their construction has indeed left a gap in the research literature. Hence, the second contribution of this paper is to fill this gap by proposing a CL-SC scheme with KSSTIS, which is provably secure in the standard model.
Wireless body area networks (WBANs) is a critical research focus at present, providing a reliable and smart healthcare system to monitor the physical condition of the patient. Only the authorized user can access the WBANs since the collected data is very personal and sensitive. In this paper, we present a certificateless signcryption scheme based on RSA and then design an efficient data access control scheme for WBANs using the proposed signcryption scheme. The system does not have the certificate management and the key escrow problems. The most striking one is that it is based only on the widely used RSA cryptosystem without the bilinear pairing, which is advantageous to its realization in industry. The analysis shows that the scheme is secure in the random oracle model and simultaneously satisfies confidentiality, authentication, integrity, non-repudiation, and public ciphertext verification. Besides, it has reasonable computational and communication costs. To our knowledge, this is the first certificateless signcryption scheme based on RSA to date.
User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless signcryption-based user access control for the IoT environment (hereafter referred to as CSUAC-IoT). Specifically, in our scheme, a user U’s password, personal biometrics and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user (U) and a designated smart device (Si) can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells and each cell will contain a certain number of IoT devices along with a GN. With the established session key between U and Si, both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the “Real-Or-Random (ROR) model”, and demonstrate that it can resist several common attacks found in a typical IoT environment using AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better trade-off for security and functionality, and computational and communication costs, in comparison to five other competing approaches.
Smart grid utilizes intelligent metering and other monitoring devices that frequently collect and send a customer’s usage report of energy consumption to an energy service provider (ESP). By mere behavioral inference from usage reports, its viable to adjudge the daily routine, location and the kind of electrical devices of a customer. The collection and transmission of such data raises security concerns. Hence, its vital to secure ESP’s access to a customer’s data. In perspective of this, we introduce a data access control scheme which is suitable for smart grids with secure customer data access. In our scheme, the customer is a data owner while an ESP or other third party stakeholder (TPS) is the data user. A data user can have secure access to a customer’s data via a gateway device such as energy service interface (ESI). The ESI fits in as proxy that re-encrypts data for authorized data users based on the delegation command from the data owner. Here, ESI is unable to acquire plaintext information on the data. Moreover, only authorized data users are eligible for decrypting and verifying the integrity and authentication of data. We achieve the data access control via a certificateless signcryption with proxy re-encryption (CLSPRE) scheme. Detailed security analysis shows that our CLSPRE scheme is secure in the random oracle model (ROM). Moreover, extensive performance evaluation indicates its efficiency with respect to communication overhead and computation complexity.
Signcryption can realize encryption and signature simultaneously with lower computational costs and communication overhead than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. So far there have been some certificateless signcryption schemes proposed in the standard model. However, they are either insecure or inefficient. They need long system public parameters, making it hard to deploy them in the limited storage environments. Based on the Gentry's identity-based encryption scheme, the authors propose a certificateless signcryption scheme in the standard model. Compared with previous schemes, the proposed scheme has not only much higher computational efficiency, but also shorter public parameters. The authors also give rigorous proof of its security.
This paper introduces and makes concrete the concept of certificateless public key cryptography (CL-PKC), a model for the use of public key cryptography which avoids the inherent escrow of identity-based cryptography and yet which does not require certificates to guarantee the authenticity of public keys. The lack of certificates and the presence of an adversary who has access to a master key necessitates the careful development of a new security model. We focus on certificateless public key encryption (CL-PKE), showing that a concrete pairing-based CL-PKE scheme is secure provided that an underlying problem closely related to the Bilinear Diffie-Hellman Problem is hard.
As electronic devices become smaller, lower in power requirements, and less expensive, we have begun to adorn our bodies with personal information and communication appliances. Such devices include cellular phones, personal digital assistants (PDAs), pocket video games, and pagers. Currently there is no method for these devices to share data. Networking these devices can reduce functional I/O redundancies and allow new conveniences and services. The concept of Personal Area Networks (PANs) is presented to demonstrate how electronic devices on and near the human body can exchange digital information by capacitively coupling picoamp currents through the body. A low-frequency carrier (less than 1 megahertz) is used so no energy is propagated, minimizing remote eavesdropping and interference by neighboring PANs. A prototype pan system allows users to exchange electronic business cards by shaking hands.
Certificateless cryptography inherits a solution to the certificate management problem in public-key encryption from identity-based techniques, whilst removing the secret key escrow functionality inherent to the identity-based setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining public-key encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and non-repudiation.
Certificateless signcryption has both the advantage of certificateless publick key cryptography, which overcome the escrow problem inherited from identity based cryptography without the use of certificates as in traditional public key cryptography, and signcryption which can fulfill both the functions of signature and encryption in a logical single step. In this paper, we explicit the security model for certificateless signcryption and propose an efficient certificateless signcryption scheme from Weil pairings. The new scheme not only can be proved to be secure in our model but also can simultaneously provide public verifiability and forward security. Furthermore, compared with existing schemes, the new scheme is more efficient.
Secure and authenticated message delivery/storage is one of the major aims of computer and conmmnication security research. The current standard method to hieve this aim is "(digital) signature followed by encryption". In this paper, we address a question on the cost of secure and authenticated message delivery/storage, nasnely, whether it is possible to transport/store messages of varying length in a secure and authenticated way with an expense less than that required by "signa- ture followed by encryption". This question seems to haw never been addressed in the literature since the invention of public key cryptography.
An Efficient Certificateless Signcryption Scheme in the Standard Model
- P Rastegari
- M Berenjkoub
Efficient Access Control Scheme with Certificateless Signcryption for Wireless Body Area Networks
- gao
Efficient Access Control Scheme with Certificateless Signcryption for Wireless Body Area Networks
- G Gao
- X Peng
- L Z Jin