Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.
Digital twin technology is recently in the spotlight because of its potential applicability in business and industry. In digital twin environments, data generated from physical assets are transmitted to a remote server, which performs simulations through digital twins in a virtual space. Then, the simulation results can be shared with the data owner or other users. However, several challenges exist in the application of digital twin technology in the real world. One of the main challenges involves determining how to share real-time data for the simulation and how to share the simulation data securely. The data generated from physical assets may include sensitive information from data owners, and the leakage of data to an adversary can cause serious privacy problems. Moreover, the sharing of data with other data users should also be considered to maximize the availability of digital twin data. To resolve these issues, we propose a system model for the secure sharing of digital twin data. The proposed system model uses cloud computing for efficient data sharing and blockchain for data verifiability. We also propose communication schemes for the proposed model to guarantee privacy preservation and data security in wireless channels. We analyze the security of the proposed protocol using informal methods and formal methods such as BAN logic and the AVISPA simulation tool. Furthermore, we compare the proposed protocol with related protocols and demonstrate that the proposed scheme is applicable to digital twin environments.
In the recent COVID-19 situation, Telecare Medical Information System (TMIS) is attracting attention. TMIS is one of the technologies used in Wireless Body Area Network (WBAN) and can provide patients with a variety of remote healthcare services. In TMIS environments, sensitive data of patients are communicated via an open channel. An adversary may attempt various security attacks including impersonation, replay, and forgery attacks. Therefore, numberous authentication schemes have been suggested to provide secure communication for TMIS. Sahoo et al. proposed a mutual authentication scheme based on biometrics and Elliptic Curve Cryptography (ECC) in 2020. However, we find out that Sahoo et al.'s scheme cannot resist insider and privileged insider attacks and cannot guarantee patient anonymity. In this paper, we propose a secure ECC-based three-factor mutual authentication protocol that guarantees the privacy of patients for TMIS. We conduct informal security analysis to prove that our protocol is secure from various security attacks. In addition, we perform formal security analyses using the Automated Validation of Internet Security Protocols and Applications (AVISPA), Burrows-Abadi-Needham (BAN) logic, and the Real-Or-Random (ROR) model. Furthermore, we assess our protocol's performance and compare it to other protocols. As a result, our protocol has lower communication costs, and better security features compared to related existing protocols. Therefore, our protocol is more appropriate for TMIS environments than other related protocols.
In electronic governance (e-governance) system, citizens can access government services such as transportation, licensing and immigration remotely over the Internet. With the development of information and communication technology, usage of the e-governance system has been increased. To efficiently provide citizens with various e-governance services, multi-server environments can be applied to the e-governance system. However, messages can be inserted, deleted, and modified by a malicious adversary since these are transmitted through a public channel. Therefore, many researchers have suggested mutual authentication protocols for secure communication in multi-server environments. In 2020, Sudhakar et al. proposed a smart card based lightweight authentication protocol for multi-server environments. We analyze Sudhakar et al.'s protocol to propose a secure mutual authentication protocol in the egovernance system based on multi-server environments. However, we disclosure that their protocol is not resistant to smart card stolen, insider, man-in-the-middle, user impersonation, and session key disclosure attacks. Moreover, Sudhakar et al.'s protocol does not provide mutual authentication. To improve these security problems, we suggest a secure three-factor mutual authentication protocol for the e-governance system based on multi-server environments. We prove our protocol's security using informal security analysis, Burrows-Abadi-Needham (BAN) logic, and Real-or-Random (ROR) model. We also simulate our protocol utilizing Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. We estimate the proposed protocol's security functionalities, computation costs, and communication overheads compared with existing related protocols. Consequently, we demonstrate that our protocol is secure and suitable for the e-governance system.
Urban air mobility (UAM) is a future air transportation system to solve the air pollution and movement efficiency problems of the traditional mobility system. In UAM environments, unmanned aerial vehicles (UAV) are used to transport passengers and goods providing various convenient services such as package delivery, air bus, and air taxi. However, UAVs communicate with ground infrastructures through open channels that can be exposed to various security attacks. Therefore, a secure mutual authentication scheme is necessary for UAM environments. Moreover, a handover authentication is also necessary to ensure seamless communication when the service location is changed. In this paper, we design a secure and efficient handover authentication scheme for UAM environments considering various security vulnerabilities and efficiency using elliptic curve cryptography (ECC). We utilize informal security analysis, Real-or-Random (RoR), Burrows-Abadi-Needham (BAN) logic, and Automated Validation of Internet Security Protocols and Applications (AVISPA) to prove the security of the proposed scheme. Furthermore, we compare the computation and communication cost comparisons of the proposed scheme with the other related schemes. The results show that the proposed scheme is secure and efficient for UAM environments.
With the continuous development of Internet of Things (IoT) technology, research on smart home environments is being conducted by many researchers. In smart home environments, home users can remotely access and control a variety of home devices such as smart curtains, lights, and speakers placed throughout the house. Despite providing convenient services, including home monitoring, temperature management, and daily work assistance, smart homes can be vulnerable to malicious attacks because all messages are transmitted over insecure channels. Moreover, home devices can be a target for device capture attacks since they are placed in physically accessible locations. Therefore, a secure authentication and key agreement scheme is required to prevent such security problems. In 2021, Zou et al. proposed a two-factor-based authentication and key agreement scheme using elliptic curve cryptography (ECC) in smart home environments. They claimed that their scheme provides user anonymity and forward secrecy. However, we prove that their scheme suffers from forgery, ephemeral secret leakage, and session key disclosure attacks. To overcome the security vulnerabilities of Zou et al.'s scheme and provide home users with secure communication in smart home environments, we propose a secure user authentication scheme using physical unclonable functions (PUF). We utilize Real-or-Random (ROR) model and Burrows-Abadi-Needham (BAN) logic to verify the session key security and mutual authentication of the proposed scheme, respectively. Furthermore, we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to simulate the resistance of our scheme to security attacks. After that, we analyze and compare the communication costs, computational consumption, and security functionalities along with related schemes.
Wireless medical sensor networks (WMSNs) are used in remote medical service environments to provide patients with convenient healthcare services. In a WMSN environment, patients wear a device that collects their health information and transmits the information via a gateway. Then, doctors make a diagnosis regarding the patient, utilizing the health information. However, this information can be vulnerable to various security attacks because the information is exchanged via an insecure channel. Therefore, a secure authentication scheme is necessary for WMSNs. In 2021, Masud et al. proposed a lightweight and anonymity-preserving user authentication scheme for healthcare environments. We discover that Masud et al.’s scheme is insecure against offline password guessing, user impersonation, and privileged insider attacks. Furthermore, we find that Masud et al.’s scheme cannot ensure user anonymity. To address the security vulnerabilities of Masud et al.’s scheme, we propose a three-factor-based mutual authentication scheme with a physical unclonable function (PUF). The proposed scheme is secure against various security attacks and provides anonymity, perfect forward secrecy, and mutual authentication utilizing biometrics and PUF. To prove the security features of our scheme, we analyze the scheme using informal analysis, Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Furthermore, we estimate our scheme’s security features, computation costs, communication costs, and energy consumption compared with the other related schemes. Consequently, we demonstrate that our scheme is suitable for WMSNs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.