Design of Secure Authenticated Key Management Protocol for Cloud Computing Environments

Li, Wei; Li, Xuelian; Gao, Juntao; Li, Ang

doi:10.1109/tdsc.2019.2909890

Cited by 42 publications

(26 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…RELATED WORK Credential management and key management protocols are a critical functionality to maintain the security of modern control systems. Different studies have examined the robustness and reliability of such protocols to secure industrial control systems using formal methods [5], [8], [9], [15], [17], [19], [24].…”

Section: F Results and Discussionmentioning

confidence: 99%

“…Li et al [15] extend the state of the art key management protocol MAKA with a prompt user revocation we propose a provable dynamic revocable three-factor and provide a formal security proof in the random oracle. However, the analysis does not explore the entire state space, thus no absolute guarantee about the reliability can be delivered.…”

Section: F Results and Discussionmentioning

confidence: 99%

“…Key and credential management protocols have been widely adopted and successfully demonstrated to secure different applications [15], [19] following the ubiquitous automation of control systems due to cheap computation resources. While traditional industrial networks are typically protected by introducing bump-in-the-wire devices to encrypt serial communications or tunnel legacy protocols through encrypted connections, modern approaches support encryption or authentication closer to the protocol itself [1], [4].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Formally Verified Credentials Management for Industrial Control Systems

Kulik

Boudjadar

Aranha

2021

2021 IEEE/ACM 9th International Conference on Formal Methods in Software Engineering (FormaliSE)

View full text Add to dashboard Cite

The field of industrial automation is experiencing growth in interconnectivity and digital interaction. This growth is slower than in a consumer segment due to often critical nature of industrial control systems. Security of such systems is an important aspect as malicious behaviors could lead to potential system malfunction, injuries or financial losses. As control networks are becoming more complex, having a robust credential management for system operators and users that could interact with the system components is an essential need. One way of assuring the robustness of the credential management is by using formal methods. In this paper we present a formally verified credential management system for use within industrial control systems. We demonstrate that the credential management can use centralized credential storage with secret passwords available only to system administrators. We use UPPAAL to formally analyze security properties based on requirements defined by our industrial partner and present the viability of formal verification to a real-world industrial case study.

show abstract

Section: F Results and Discussionmentioning

confidence: 99%

Section: F Results and Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formally Verified Credentials Management for Industrial Control Systems

Kulik

Boudjadar

Aranha

2021

2021 IEEE/ACM 9th International Conference on Formal Methods in Software Engineering (FormaliSE)

View full text Add to dashboard Cite

show abstract

“…We limit the related work discussion due to the restricted manuscript size. We suggest readers of this manuscript to refer other ECC based RUA schemes for further references [22], [23], [24], [19].…”

Section: A Related Workmentioning

confidence: 99%

Secure Lightweight Authentication for Multi User IoT Environment

Patel¹

2022

Preprint

View full text Add to dashboard Cite

The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber-physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U-GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows-Abadi-Needham (BAN) logic tools and an informal security assessment with the Delev-Yao channel. We use publish/subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well-known cryptographic threats.

show abstract

“…The Gen algorithm produces output from the input of a reading (B) of the user's biometric as a public helper string (S) and an extracted string (R), namely, Gen (B) = (R, S). The Rep algorithm accepts S and the subsequent biometric reading (BL) as input and outputs R, namely, Rep (BL, S) = R. This FE is described in detail in [40][41][42][43].…”

Section: ) Fuzzy Extractor (Fe)mentioning

confidence: 99%

Low-Overhead Remote User Authentication Protocol for IoT Based on a Fuzzy Extractor and Feature Extraction

et al. 2019

View full text Add to dashboard Cite

The Internet of things (IoT) is a system of smart technologies and services that mutually communicate data between users and devices or between devices via the Internet. Since data are shared between a remote user and various sensing devices over a network, it is essential to design a secure, lightweight and efficient remote user authentication protocol for the IoT environment. In the context of security and network privacy, mutual authentication is necessary for securely accessing the services of the IoT environment. However, the IoT faces substantial new challenges realizing mutual authentication due to IoT devices constraints. In this paper, we present a lightweight, robust and secure authentication protocol that satisfies constraints on IoT devices. The proposed protocol is based on level 3 feature extraction, fuzzy extraction of the user's biometrics, one-way hash functions and XOR operations and includes (1) three-factor authentication (user password, biometrics and smart devices), (2) mutual authentication, (3) a session key, and (4) key freshness. Furthermore, we have used the Burrows-Abadi-Needham logic to prove the authentication of our proposed protocol. In addition, our proposed protocol does not require additional hardware or a resource-constrained cryptosystem, and for that reason; hence, it has the lowest computational cost on the IoT nodes (0.003_ms), the lowest total computational cost (0.071_ms), and the lowest communication cost (2784 bits) compared with other relevant works. Moreover, we have conducted an informal security analysis to prove its ability to withstand well-known malicious attacks, such as replay attacks, impersonation attacks, password change attacks, man-in-the-middle (MITM) attacks, and denial of service (DOS) attacks.

show abstract

Design of Secure Authenticated Key Management Protocol for Cloud Computing Environments

Cited by 42 publications

References 37 publications

Formally Verified Credentials Management for Industrial Control Systems

Formally Verified Credentials Management for Industrial Control Systems

Secure Lightweight Authentication for Multi User IoT Environment

Low-Overhead Remote User Authentication Protocol for IoT Based on a Fuzzy Extractor and Feature Extraction

Contact Info

Product

Resources

About