No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Efficient and Secure Whole-Network Authentication Protocol
Abstract
With the widespread deployment of the Internet of Things (IoT), efficiently and securely authenticating whole-network end devices is a major challenge. In this paper, we propose a lightweight whole-network authentication protocol for spanning-tree-like IoT systems, e.g. smart health system and Internet of Vehicle system etc, that can be proved as a sound and zero-knowledge protocol. Moreover, we propose an improved protocol over a special unknown order group called the
hard subgroup membership
(HSM) group. The HSM group can be used to construct an efficient additively homomorphic encryption with a trustless setup, which is considered a good choice for privacy protection in IoT systems. However, it is a heavy cost to issue public-key certificates for each IoT nodes in the additively homomorphic encryption scheme. Our improved protocol can be used to authenticate each node's public key over the HSM group without relying on the public key infrastructure (PKI), which saves much more resources for the IoT systems. Our improved protocol is a sound and zero-knowledge protocol, and the performance analysis shows that it is suitable for resource-limited IoT end devices.
Sensor-cloud infrastructure provides a storage platform for the massive sensed data, that is flexible and re-configurable, for various application areas which are monitored through the resource-limited networks such as wireless sensor networks (WSNs), ad hoc networks, and Internet of things (IoT). Due to their overwhelming characteristics, these networks are used in different application areas to assist human beings in their daily-life activities. However, these networks have different challenging issues such as reliability in communication and processing, storage of the massive data, efficient utilization of on-board battery, maximum lifetime achievement, minimum possible average packet loss ratio, and reliable routing mechanisms. Although various communication and load balancing mechanisms have been proposed in the literature to resolve this issue, however, these schemes are either application specific or overlay complex. In this paper, a reliable communication and load balancing scheme for the resource-limited networks is presented to resolve these issues, particularly with available resources. To achieve these goals, the proposed scheme bounds every sensing device C
i
to compute the transmission capabilities of its neighboring devices that is residual energy E
r
, hop count H
c
, round trip time (RTT
i
), and processing cost. Initially, to guarantee reliable wireless communication, a source device prefers a neighboring device C
i
with minimum Hc value over those having maximum H
c
values. Moreover, this scheme bounds every device C
i
to find four shortest & reliable paths and forward maximum packets on two of these paths preferably on the most reliable and optimal route. Therefore, unlike the traditional shortest path scheme, devices C
i
reside on these paths do not deplete their on-board battery more rapidly than others. To further improve the reliability of the proposed scheme, the assigned weight-age factors are fine-tuned if one or two of the neighboring devices C
i
consume 80% of their on-board battery, that is now maximum weight-age is assigned to the residual energy E
r
and minimum to H
c
value respectively. Simulation results show the exceptional performance of the proposed reliable communication and load balancing scheme against the field-proven schemes in terms of average packet delivery ratio, average throughput, end-to-end delay, and overall network lifetime.
There has been an increasing prevalence of ad-hoc networks for various purposes and applications. These include Low Power Wide Area Networks (LPWAN) and Wireless Body Area Networks (WBAN) which have emerging applications in health monitoring as well as user location tracking in emergency settings. Further applications can include real-time actuation of IoT equipment, and activation of emergency alarms through the inference of a user’s situation using sensors and personal devices through a LPWAN. This has potential benefits for military networks and applications regarding the health of soldiers and field personnel during a mission. Due to the wireless nature of ad-hoc network devices, it is crucial to conserve battery power for sensors and equipment which transmit data to a central server. An inference system can be applied to devices to reduce data size for transfer and subsequently reduce battery consumption, however this could result in compromising accuracy. This paper presents a framework for secure automated messaging and data fusion as a solution to address the challenges of requiring data size reduction whilst maintaining a satisfactory accuracy rate. A Multilayer Inference System (MIS) was used to conserve the battery power of devices such as wearables and sensor devices. The results for this system showed a data reduction of 97.9% whilst maintaining satisfactory accuracy against existing single layer inference methods. Authentication accuracy can be further enhanced with additional biometrics and health data information.
The Internet of Things (IoT) produces an unprecedented amount of data, generated by billions of connected devices. Due to the distributed nature of IoT devices, datasets are distributed and it is often infeasible to move all the locally collected data to a centralized location. Bandwidth and storage are too limited for the transmission of raw data, or such transmission can be prohibited due to privacy constraints. Due to these constraints, distributed machine learning algorithms which work on local datasets with limited global coordination are needed. In this demonstration, we present an distributed learning system that enables edge devices to collaboratively learn a shared model while keeping all the raw data stored distributedly at the edge. The system estimates parameters related to data distribution and resource consumption, and adapts the learning process based on these estimations in real time.
We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional Diffie-Hellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logarithm problem is tractable. Therefore, our instantiation holds in the class group of a non maximal order of an imaginary quadratic field. Its algebraic structure makes it possible to obtain such a linearly homomorphic scheme whose message space is the whole set of integers modulo a prime p and which supports an unbounded number of additions modulo p from the ciphertexts. A notable difference with previous works is that, for the first time, the security does not depend on the hardness of the factorization of integers. As a consequence, under some conditions, the prime p can be scaled to fit the application needs.
In recent years, wireless sensor networks have been widely used in healthcare applications, such as hospital and home patient monitoring. Wireless medical sensor networks are more vulnerable to eavesdropping, modification, impersonation and replaying attacks than the wired networks. A lot of work has been done to secure wireless medical sensor networks. The existing solutions can protect the patient data during transmission, but cannot stop the inside attack where the administrator of the patient database reveals the sensitive patient data. In this paper, we propose a practical approach to prevent the inside attack by using multiple data servers to store patient data. The main contribution of this paper is securely distributing the patient data in multiple data servers and employing the Paillier and ElGamal cryptosystems to perform statistic analysis on the patient data without compromising the patients' privacy.
The new era of the Internet of Things is driving the evolution of conventional Vehicle Ad-hoc Networks into the Internet of Vehicles (IoV). With the rapid development of computation and communication technologies, IoV promises huge commercial interest and research value, thereby attracting a large number of companies and researchers. This paper proposes an abstract network model of the IoV, discusses the technologies required to create the IoV, presents different applications based on certain currently existing technologies, provides several open research challenges and describes essential future research in the area of IoV.
In this paper we extend the notion of interactive proofs of assertions to interactive proofs of knowledge. This leads to the
definition of unrestricted input zero-knowledge proofs of knowledge in which the prover demonstrates possession of knowledge
without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions).
We show the relevance of these notions to identification schemes, in which parties prove their identity by demonstrating their
knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring
is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes.
The advantages of thinking in terms of proofs of knowledge rather than proofs of assertions are demonstrated in two efficient
variants of the scheme: unrestricted input zero-knowledge proofs of knowledge are used in the construction of a scheme which
needs no directory; a version of the scheme based on parallel interactive proofs (which are not known to be zero knowledge)
is proved secure by observing that the identification protocols are proofs of knowledge.
This paper investigates a novel computational problem, na- mely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes : a trapdoor permu- tation and two homomorphic probabilistic encryption schemes computa- tionally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.
With the widespread popularity of mobile terminals in the Internet of things (IoT), the demand for cross-domain access of mobile terminals between different regions has also increased significantly. The nature of wireless communication media makes mobile terminals vulnerable to security threats in cross-domain access. Identity authentication is a prerequisite for secure data transmission in cross-domain, and it is also the first step to guarantee the credibility of data sources. Most existing authentication schemes are based on bilinear pairing or public key encryption and decryption with high computation overhead, which are not suitable for the resource-limited mobile IoT terminals. Moreover, these schemes have some security drawbacks and cannot meet the security requirements of cross-domain access. In this paper, we propose a lightweight cross-domain mutual identity authentication (LCDMA) for mobile IoT environment. LCDMA uses symmetric polynomial instead of high-complexity bilinear pairing in the traditional schemes. We theoretically analyze the security performance under the random oracle model. Our results show that LCDMA not only resists common attacks, but also preserves secure traceability while guaranteeing anonymity. Performance evaluation further demonstrates that our scheme has better performance in terms of computation and communication overhead, compared with other existing representative schemes.
The next-generation Internet of vehicles (IoVs) seamlessly connects humans, vehicles, roadside units (RSUs), and service platforms, to improve road safety, enhance transit efficiency, and deliver comfort while conserving the environ- ment. Currently, numerous entities communicate in the IoVs environment via insecure public channels that are susceptible to a variety of security assaults and threats. To address these security challenges, we design an anonymous authenticated key exchange mechanism for the IoVs in smart transportation supported by blockchain, referred to as AAKE-BIVT. AAKE-BIVT securely transmits traffic information to a cluster head, before heading to a nearby RSU utilizing the established secret session keys via mutual authentication and key agreement. A cloud server (CS) then securely aggregates data from related RSUs and generates transactions. The CS combines the transactions into blocks in a peer-to-peer network of CSs, and the blocks are confirmed and added to the blockchain via a voting-based consensus method. By means of rigorous informal security studies and formal security analysis through the random oracle model, we reveal that the proposed AAKE-BIVT is resistant to a broad range of potential security assaults in the IoVs environment. Furthermore, a comparative study reveals that AAKE-BIVT outperforms existing state-of-the-art techniques, in terms of security and functionality while being more efficient in terms of communication and computation. Additionally, the blockchain simulation validates the implementation viability of our proposed AAKE-BIVT.
In this paper we describe a provably secure authentication protocol for resource limited devices. The proposed algorithm performs whole-network authentication using very few rounds and in a time logarithmic in the number of nodes. Compared to one-to-one node authentication and previous proposals, our protocol is more efficient: it requires less communication and computation and, in turn, lower energy consumption.
The Smart grid employs information and communication networks to collect data on energy production and consumption, and then utilize it to improve efficiency, reliability, economic benefit, power generation, and distribution sustainability. However, in SG networks the components communicate over insecure public channels, raising severe security concerns. Likewise, the security challenge is growing more difficult with the introduction of virtual solutions in SG networks. Thus, we devise a new scheme, named lightweight authenticated key exchange scheme for a blockchain-enabled SG environment (LAKE-BSG), which permits secure communication among smart meters (SMs) and service providers (SPs). In the proposed scheme, data is kept secured in a blockchain network. SPs are liable for verifying new blocks in the private blockchain through a consensus algorithm. We provide a detailed security analysis of LAKE-BSG through informal security analysis, formal security analysis using the real oracle model, and formal security verification using the Scyther tool. The results demonstrate that the devised scheme is resilient towards various security attacks in an SG environment. Furthermore, an exhaustive comparative analysis reveals that LAKE-BSG is efficient in terms of communication and computation overheads and provides additional security and functionality features.
The revolution brought about by intelligent Internet
of Things (IoT) systems has impacted every sphere of life,
including but not being limited to smart hospitals, transportation,
industry, grid, house, and agriculture. IoT systems traditionally
are plagued with security vulnerabilities and scalability issues.
In recent years, blockchain technology has widely emerged as
a potential solution for secure, trusted and efficient storing,
processing, and data sharing. This research article aims to
incorporate IoT in conjunction with blockchain by introducing
an intermediary layer in the IoT eco-system. Thus, an intelligent
blockchain-enabled IoT (BIoT) framework is proposed for smart
applications to provide data reliability, privacy, and scalability
in IoT eco-systems. Moreover, several real-life BIoT case studies
are highlighted and comparatively analyzed to discuss the contribution
of our proposed layer vis-á-vis conventional blockchain-
IoT eco-systems. Finally, based on the analysis we outline some
futuristic directions and open challenges of the BIoT.
Threshold ECDSA signatures provide a higher level of security to a crypto wallet since it requires more than t parties out of n parties to sign a transaction. The state-of-the-art bandwidth efficient threshold ECDSA used the additive homomorphic Castagnos and Laguillaumie (CL) encryption based on an unknown order group G, together with a number of zero-knowledge proofs in G. In this paper, we propose compact zero-knowledge proofs for threshold ECDSA to lower the communication bandwidth, as well as the computation cost. The proposed zero-knowledge proofs include the discrete-logarithm relation in G and the well-formedness of a CL ciphertext. When applied to two-party ECDSA, we can lower the bandwidth of the key generation algorithm by 47%, and the running time for the key generation and signing algorithms are boosted by about 35% and 104% respectively. When applied to threshold ECDSA, our first scheme is more optimized for the key generation algorithm (about 70% lower bandwidth and 85% faster computation in key generation, at a cost of 20% larger bandwidth in signing), while our second scheme has an all-rounded performance improvement (about 60% lower bandwidth, 46% faster computation in key generation without additional cost in signing).
Smart city, as a new mode, is introduced to improve the level of city management for modern cities. In smart cities, a kernel field is health management for urban residents. Hospital management, as one of the most important components in health management, is concerned. To provide high-quality medical service for sick residents, accurate patient health data analysis is needed. Thus, data collection in patient health monitoring is necessary. To achieve this, massive Internet of Things devices are distributed; in general, they are resource-constrained devices. From this, lightweight index generation is needed. Further, with the development of professional technologies in medical science, the hospital manager has to employ many different types of professional doctors. They need the shared patient health data to do a precise diagnosis and present an efficient therapeutic schedule for each patient. However, many secret details are recorded in the patient health data. Thus, data privacy of the shared patient health data should be maintained. In this paper, we propose a new traceable patient health data search system for hospital management in smart cities. In this system, the system manager shares the encrypted patient health data to different doctors at the grain of hospital bed. Each doctor accurately finds a patient with a special feature from the patient health monitoring data. To prevent patient health data leakage, the functions of illegal search query blocking and inside malicious user tracing are designed. The performance analysis shows that our system is practical for lightweight data collecting devices.
Internet of Things (IoT) is being adopted widely impacting every sphere around us. IoT enabled health-care is making the way ahead as it enables remote monitoring of health status seamlessly. The health-care industry historically has generated a large volume of data. With the induction of IoT, this volume has gone up drastically. Therefore, the health data is required to be stored properly to make sense of the data. In this paper, we propose cloudlet assisted IoT enabled e-Health framework. This e-Health framework aims to ease real-time data access using cloudlets. In this framework, we propose and implement a health-care data management scheme to store the enormous health data and process the queries for retrieval of the health data by end-users. We have used NoSQL based model to store health data. Performance of the proposed model has been studied in terms of data transmission time, energy consumption, query response time and data packet loss. Finally, by comparing the evaluation results of our proposed model with performances of the traditional cloud storage-based e-Health system, we justified that our proposed model is performing far better than existing cloud-based e-Health solutions.
We present a generalization of Maurer’s unified zero-knowledge (UZK) protocol, namely a unified generic zero-knowledge (UGZK) construction. We prove the security of our UGZK protocol and discuss special cases. Compared to UZK, the new protocol allows to prove knowledge of a vector of secrets instead of only one secret. We also provide the reader with a hash variant of UGZK and the corresponding security analysis. Last but not least, we extend Cogliani et al.’s lightweight authentication protocol by describing a new distributed unified authentication scheme suitable for wireless sensor networks and, more generally, the Internet of Things.
We describe a lightweight algorithm performing whole-network authentication in a distributed way. This protocol is more efficient than one-to-one node authentication: it results in less communication, less computation and overall lower energy consumption. The proposed algorithm is provably secure and achieves zero-knowledge authentication of a network in a time logarithmic in the number of nodes.
Chikungunya is a mosquito instinctive disease which spreads hurriedly in various parts of the country. For the awareness and prevention measure of this disease a new paradigm in smart health required to be devised. The auspicious prospective of evolving Internet of Things (IoT) technologies for interconnected heterogeneous devices and objects has played vital role in the next generation health care systems for eminent patient care to protect the citizens from these types of diseases. Still there is need for real time health monitoring to analyze the patients for early preventive measures and precautions for healthy life. Smart Health care IoT has substantial impending for the cognizance of analogues monitoring. It includes the interconnected apps, objects (devices & People), communication technologies, tracking system and patients’ knowledge base. This article presents an IoT enabled model where data collected from the sensors, objects and people will be gathered at the cloud to take the preventive actions by healthcare professionals. Precautionary measures will be taken by collecting the information about causes of growth of mosquitoes. The suitability of the approach is validated at the base layer of IoT and data is transmitted to the cloud with the help of edge nodes. From simulations, it is endorsed that proposed approach is better over ME-CBCCP protocol.
A generalized Chinese remainder theorem (CRT) for the determination of two integers is studied in this letter, where the correspondence between the remainders and the two integers in each residue set is not known. A better range than the existing known ones of two integers that can be uniquely determined from their residue sets is first obtained. Then, a closed-form and simple determination algorithm is proposed. Finally, a better sufficient condition on the range of determinable two integers is obtained when the number of erroneous residue sets is given. The study is motivated and has applications in the determination of multiple frequencies from multiple undersampled waveforms.
We present a simple zero-knowledge proof of knowledge protocol of which many protocols in the literature are instantiations. These include Schnorr’s protocol for proving knowledge of a discrete logarithm, the Fiat-Shamir and Guillou-Quisquater protocols for proving knowledge of a modular root, protocols for proving knowledge of representations (like Okamoto’s protocol), protocols for proving equality of secret values, a protocol for proving the correctness of a Diffie-Hellman key, protocols for proving the multiplicative relation of three commitments (as required in secure multi-party computation), and protocols used in credential systems.
This shows that a single simple treatment (and proof), at a high level of abstraction, can replace the individual previous treatments. Moreover, one can devise new instantiations of the protocol.
Consider the well-known oracle attack: somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits from this oracle attack, unless suitable checkings are carried out. In this paper the authors present a key recovery attack on various discrete log-based schemes working in a prime order subgroup. Their attack may reveal part of, or the whole secret key in most Diffie-Hellman-type key exchange protocols and some applications of ElGamal encryption and signature schemes.
This paper proposes a new and efficient two-pass protocol for authenticated key agreement in the asymmetric (public-key) setting. The protocol is based on Diffie-Hellman key agreement and can be modified to work in an arbitrary finite group and, in particular, elliptic curve groups. Two modifications of this protocol are also presented: a one-pass authenticated key agreement protocol suitable for environments where only one entity is on-line, and a three-pass protocol in which key confirmation is additionally provided. The protocols are currently under consideration for standardization in ANSI X9.42 [2], ANSI X9.63 [4] and IEEE P1363 [18]. Keywords: Diffie-Hellman, authenticated key agreement, key confirmation, elliptic curves. An Efficient Protocol for Authenticated Key Agreement 1 1 Introduction Key establishment is the process by which two (or more) entities establish a shared secret key. The key is subsequently used to achieve some cryptographic goal such as confidentiality or d...
Security in Internet of Things: Opportunities and challenges
- Sha