A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

High payload image steganography scheme with minimum distortion based on distinction grade value method

Presently, the design and development of an effective image steganography system are facing several challenges including the low capacity, poor robustness and imperceptibility. To surmount such limitations, it is important to improve the capacity and security of the steganography system while maintaining a high signal-to-noise ratio (PSNR). Based on these factors, this study is aimed to design and develop a distinction grade value (DGV) method to effectively embed the secret data into a cover image for achieving a robust steganography scheme. The design and implementation of the proposed scheme involved three phases. First, a new encryption method called the shuffle the segments of secret message (SSSM) was incorporated with an enhanced Huffman compression algorithm to improve the text security and payload capacity of the scheme. Second, the Fibonacci-based image transformation decomposition method was used to extend the pixel’s bit from 8 to 12 for improving the robustness of the scheme. Third, an improved embedding method was utilized by integrating a random block/pixel selection with the DGV and implicit secret key generation for enhancing the imperceptibility of the scheme. The performance of the proposed scheme is assessed experimentally to determine the imperceptibility, security, robustness and capacity. The resistance of the proposed scheme is tested against the statistical, χ², Histogram and non-structural steganalysis detection attacks. The obtained PSNR values revealed the accomplishment of the higher imperceptibility and security by the proposed DGV scheme while maintaining higher capacity compared to the reported findings. In short, the proposed steganography scheme outperformed the commercially available data hiding schemes, thereby resolved the existing issues.

     

AN EARLY SUCCESS STORY

Abstract

In 2006, Shieh et al. proposed an efficient remote mutual authentication and key agreement scheme which uses smart cards and requires only hash function operations. In this paper, we show that Shieh et al.'s scheme is vulnerable to guessing attacks, forgery attacks and key compromise attacks. To eliminate these weaknesses, an improvement of Shieh et al.'s scheme with increased security is proposed. The security and efficiency of the improved scheme raises the attractiveness for implementation.     

Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme

With the growth of the internet, development of IP based services has increased. Voice over IP (VoIP) technology is one of the services which works based on the internet and packet switching networks and uses this structure to transfer the multimedia data e.g. voices and images. Recently, Chaudhry et al., Zhang et al. and Nikooghadam et al. have presented three authentication and key agreement protocols, separately. However, in this paper, it is proved that the presented protocols by Chaudhry et al. and also Nikooghadam et al. do not provide the perfect forward secrecy, and the presented protocol by Zhang et al. not only is vulnerable to replay attack, and known session-specific temporary information attack, but also does not provide user anonymity, re-registration and revocation, and violation of fast error detection. Therefore, a secure and efficient two-factor authentication and key agreement protocol is presented. The security analysis proves that our proposed protocol is secure against various attacks. Furthermore, security of proposed scheme is formally analyzed using BAN logic and simulated by means of the AVISPA tool. The simulation results demonstrate security of presented protocol against active and passive attacks. The communication and computation cost of the proposed scheme is compared with previously proposed authentication schemes and results confirm superiority of the proposed scheme.

     

A color image authenticated encryption using conic curve and Mersenne twister

A robust secure image transmission scheme has to achieve all the security services as confidentiality, authentication, integrity and nonrepudiation with a reasonable efficiency. An authenticated image encryption scheme which achieves all these services is proposed in this paper. The scheme uses pseudorandom sequence Public-key cryptosystem design based on factoring and discrete logarithmsenerated by Mersenne’s twister with XOR operation for image encryption and proposes two hard problems based digital signature: conic curve discrete logarithm problem (CCDLP) and Integer Factorization Problem (IFP) which achieves a highly secure system with efficient point operations and inverses. For efficient transmission, the image signature is embedded in the cipher image. Security analysis of the scheme is provided. According to the results, the proposed scheme is efficient and achieves an excellent long term security.

     

A secure multi-stage one-round bit-plane permutation operation based chaotic image encryption

Currently, data security is a challenging task in any open source data transmission network. Basically, in most of the networks, images are used, hence security of images is a major challenging task. This paper proposes a combined hyper-chaos and chaos based encryption technique to secure images. In the method, one-round of diffusion and multi-stage bit-plane permutation operations are performed to obtain the better encryption results. The advantages of this scheme are that in one-round encryption operation, the proposed scheme can be realized easily and also confused largely. Apart from that the algorithm is simple as it uses simpler mathematical computations while attaining higher security such as higher key space, higher number of pixel changing rate, higher unified average changing intensity, and better correlation coefficient results. Moreover, hash based keys are used to resist the algorithm against chosen-plaintext and known-plaintext attacks. The security analysis and computer simulations show the good encryption results of the proposed scheme and strong resistivity to the widely used common attacks.

     

GAN-based image steganography for enhancing security via adversarial attack and pixel-wise deep fusion

In recent years, the development of steganalysis based on convolutional neural networks (CNN) has brought new challenges to the security of image steganography. However, the current steganographic methods are difficult to resist the detection of CNN-based steganalyzers. To solve this problem, we propose an end-to-end image steganographic scheme based on generative adversarial networks (GAN) with adversarial attack and pixel-wise deep fusion. There are mainly four modules in the proposed scheme: the universal adversarial network is utilized in Attack module to fool CNN-based steganalyzers for enhancing security; Encoder module is seen as the generator to implement the pixel-wise deep fusion for imperceptible information embedding with high payload; Decoder module is responsible for the process of recovering embedded information; Critic module is designed for the discriminator to provide objective scores and conduct adversarial training. Besides, multiple loss functions together with Wasserstein GAN strategy are applied to enhance the stability and availability of the proposed scheme. Experiments on different datasets have verified the advantages of adding universal adversarial perturbations for higher security against CNN-based steganalyzers without compromising imperceptibility. Compared with state-of-the-art methods, the proposed scheme has achieved better performance in security.

     

Identity-based Encryption: From Identity and Access Management to Enterprise Privacy Management

ABSTRACT

A scheme for establishing authenticated Diffie-Hellman based shared keys using Digital Signature Standard (DSS). A similar technique with one random variable was proposed earlier, and it was found that such system with one random variable is not well secured. Subsequently, it was pointed out that at least two random variables are required for satisfying three cryptographic properties of authenticity, security, and uniqueness of the session keys established. In this work, a new approach for establishing authenticated secret session keys using two random numbers is presented. An in-depth analysis of the proposed scheme for the three cryptographic properties of authenticity, security, and uniqueness has been done, and no such weakness has been found.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

Abstract

Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.     

Image encryption and compression based on the generalized knight’s tour,discrete cosine transform and chaotic maps

An efficient and simple encryption and compression scheme for digital image is reported in this paper. This scheme is based on the algorithm of the generalized knight’s tour, discrete cosine transform and non-linear chaotic maps. In this scheme, according to the structure of compression, confusion and diffusion are attained by methods of the generalized knight’s tour and chaotic maps. Firstly, the generalized knight’s tour algorithm is utilized to scramble the pixels while the data correlation preserved. Then, the chaotic system is used to generate a pseudorandom permutation to encrypt the part of coefficients from discrete cosine transform for diffusion. Experimental results show that the proposed scheme can gain robust security and a high compression ratio, which indicates that the proposed scheme is practicable.

     

A secret sharing-based scheme for secure and energy efficient data transfer in sensor-based IoT

The sensed data from Internet of Things (IoT) devices are important for accurate decision making. Thus, the data integrity, non-repudiation, data confidentiality, data freshness, etc., are necessary requirements in sensor-based IoT networks. Further, the IoT devices are resource constrained in terms of computation and communication capabilities. Hence, striking a balance between network lifetime and data security is of utmost importance. The present work explores the sensor-based IoT-specific security threats like, data modification, selective forwarding and replay attacks. Further, a scheme is proposed based on secret sharing and cryptographic hash functions which detects these attacks by a malicious entity and protects the data from passive listeners too. Extensive simulations were performed to evaluate the efficacy of the scheme, and results show that the proposed scheme outperforms previously explored schemes like SIGN-share, SHAM-share, and PIP algorithm, in terms of sensor processing time, energy consumption during in-node processing and aggregation time. Network lifetime has been further analyzed to show the efficacy of the scheme.

     

SecP2PVoD: a secure peer-to-peer video-on-demand system against pollution attack and untrusted service provider

The Peer-to-Peer video-on-demand (P2P-VoD) streaming has become widespread in recent years. Unlike the traditional client-server model based video-streaming, the P2P-VoD leverages the peer’s capacity of upload bandwidth for the delivery of video contents in a distributed network. The P2P environment is susceptible to various security threats, in which the pollution attack is one of the potentially destructive threats. Moreover, video streaming is prone to other security challenges, such as authenticity, confidentiality, authorization, and integrity. There have been discussed four possible protection to the pollution attack: blacklisting, hash verification, traffic encryption, and chunk signing. In this paper, we present escrow-free identity-based signcryption (EF-IDSC) scheme for secure data transmission scheme in P2P-VoD streaming with an untrusted service provider. The proposed system enables a peer to establish a session key with other peer using the asymmetric key algorithm. The security analysis shows that the proposed P2P-VoS system prevents pollution attacks under well-known random oracle model and achieves privacy, confidentiality, and subscriber authentication simultaneously. The experimental evaluation shows that the proposed scheme has better computation and communication costs as compared to the related schemes.

     

Robust session key generation protocol for social internet of vehicles with enhanced security provision

Social internet of things (SIoT) is an emerging concept that enables the autonomous interactions between social networks and internet of things (IoT). Vehicle-to-grid (V2G) networks are one of the instances of the SIoT. To mitigate privacy and security issues exist in the V2G networks, it is crucial to employ proper security solutions. One of the most important and popular security solutions is the key exchange protocol. During the last decade, several key exchange schemes have been proposed considering the specific requirements of V2G networks. However, the existing schemes have not reached a proper balance between security and efficiency. Therefore, in this paper, after the security assessment of a recent work, we propose a key exchange protocol, which can provide the desired performance and security properties. Rigorous formal security analyses besides the security features, communication overhead, and computational complexity comparisons indicate that the proposed scheme is a robust one to be employed in the V2G networks. To be more specific, in comparison to one of the most secure schemes, the proposed protocol has 84% improvement in execution time and 54% improvement in communication overhead. Furthermore, experiments on realistic platform indicate that the proposed protocol only takes 3 s to be executed by the computationally constrained onboard unit of electric vehicle.

     

A new reversible data hiding in transform domain

Reversible watermarking is a technique permitting lossless data hiding. In such a method, the lossless recovering of both watermark and host image is essential. For some applications, such as medical imaging and military systems, it is so vital not only to recover the host image exactly but also to increase security. To obtain these goals, a new reversible watermarking scheme is presented. Since embedding in a transform domain improves security, the proposed method uses Reversible Walsh-Hadamard Transform (RWHT) to commute the host image. Afterward, Singular Value Decomposition (SVD) technique is performed on the transformed image for watermark embedding. For a full recovery, additional information is encoded using Quick Response (QR) code, which is embedded by a prediction-based method. To evaluate the performance of the proposed method, a set of comparative experiments is done. The obtained results confirm the effectiveness of the proposed method in both visual quality and capacity.

     

A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems

With the development of technology, medical activities have gradually changed from traditional in-hospital diagnostic to telemedicine on the internet. These days, to accommodate security and efficiency in telemedicine, many authentication schemes were proposed for Telemedicine Medical Information Systems. Most of these authentication mechanisms usually rely on an online third party such that many schemes suffered from security vulnerabilities including limited bandwidth, impersonation attack, etc. For example, when the demand for authentication services suddenly increases, the third party bandwidth may overload so that the system broken and fails to serve correctly. Additionally, malicious legal insiders may easily obtain information of other participants, and then perform impersonation attacks. To prevent these weaknesses, this study develops a secure and efficient authentication scheme by using extended chaotic maps. The proposed scheme enables legal participants to directly authenticate and communicate each other without the help of an online trusted third party. It is also suitable for multi-server environment, and patients only register their identities to a center management server once. Then they can get services from all service providers in this system by using a registration ticket issued by the center management server. Accordingly, the limited bandwidth capability problems can be eliminated. Additionally, it has been shown that extended chaotic maps computations are more efficient than modular exponential computations or scalar multiplications on an elliptic curve. The proposed scheme not only provides more security properties, but also is more efficient than related schemes.

     

Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network

Abstract

The paper analyzes a recently proposed secure authentication and key agreement scheme for roaming service in a ubiquitous network. In 2018, Lee et al. proposed a biometric-based anonymous authentication scheme for roaming in ubiquitous networks. But, we found that Lee et al. scheme is prone to the off-line dictionary attack when a user’s smart device is stolen, replay attack due to static variables and de-synchronization attack when an adversary blocks a message causing failure of authentication mechanism. Further, the scheme lacks no key control property and has incorrect XOR calculation. In the sequel, we presented an improved biometric based scheme to remove the weaknesses in Lee et al.’s scheme, which also does not require an update of identity in every session, hence preventing de-synchronization attack. Also, the security of the proposed schemes were analyzed in a widely accepted random oracle model. Further, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.     

A dual layer security scheme for medical images using Hessenberg and singular value decompositions

Due to the recent advancement in the field of the Internet of Medical things (IoMT). To facilitate doctors and patients, in the process of diagnosis and treatment, the medical imaging equipment is connected to the IoMT. During communication over the network, these medical images are subjected to various threads. In this work, we have proposed a dual-layer data confidentiality scheme, firstly it encrypts the secret medical images followed by a data hiding scheme. The encryption scheme possesses diffusion and confusion, for confusion the encryption scheme utilizes logistic and tent maps for the generation of S-boxes. For data hiding, it utilizes Hessenberg and singular value decomposition (SVD). The proposed scheme is applied to highly correlated medical images. The proposed technique provides dual security to the confidential information and makes it difficult for the intruder to extract the confidential information. The encryption scheme is evaluated by using the standard performance indicators including statistical analysis, differential analysis, and NIST analysis, etc. The encrypted images have the highest practically achievable entropy of 7.999 which is closest to the ideal value of 8. The data hiding scheme is evaluated by using statistical analysis, Distance-based analysis, analysis based on pixel difference, and information theory. Both the analysis of encryption and data hiding are satisfactory and the results show the strength of the dual-layer security scheme.

     

Strong unforgeability in group signature schemes

A signature scheme is strongly unforgeable if no adversary can produce a new valid signature σ on a message M even after seeing some signatures on M. We define strong unforgeability of group signature schemes and explain why the strong unforgeability of a group signature scheme is necessary. This relatively new security concept was not considered when Bellare–Micciancio–Warinschi established their security model, what we call the BMW security model, of group signature schemes. We show that a scheme proposed at Eurocrypt'06 that was proven secure in the BMW security model is not strongly unforgeable. We also present a method to convert this scheme into a strongly unforgeable group signature scheme preserving the security in the BMW security model.     

Intelligent traffic light under fog computing platform in data control of real-time traffic flow

As the global economy develops rapidly, traffic congestion has become a major problem for first-tier cities in various countries. In order to address the problem of failed real-time control of the traffic flow data by the traditional traffic light control as well as malicious attack and other security problems faced by the intelligent traffic light (ITL) control system, a multi-agent distributed ITL control method was proposed based on the fog computing platform and the Q learning algorithm used for the reinforcement learning in this study, and the simulation comparison was conducted by using the simulation platform jointly constructed based on the VISSIM-Excel VBA-MATLAB software. Subsequently, on the basis of puzzle difficulty of the computational Diffie–Helleman (CDH) and Hash Collision, the applicable security control scheme of ITL under the fog computing was proposed. The results reveal that the proposed intelligent control system prolongs the time of green light properly when the number of vehicles increases, thereby reducing the delay time and retention rate of vehicles; the security control scheme of ITL based on the puzzle of CDH is less efficient when the vehicle density increases, while that based on the puzzle of Hash collision is very friendly to the fog equipment. In conclusion, the proposed control method of ITL based on the fog computing and Q learning algorithm can alleviate the traffic congestion effectively, so the proposed method has high security.