Rotating behind security: an enhanced authentication protocol for IoT-enabled devices in distributed cloud computing architecture

Wu, Tsu‐Yang; Kong, Fangfang; Meng, Qian; Kumari, Saru; Chen, Chien‐Ming

doi:10.1186/s13638-023-02245-4

Cited by 4 publications

(7 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Encryption can protect data from being intercepted and viewed by unauthorized parties during transmission. Developers can use techniques such as end-to-end encryption or transport layer security to secure data in transit using authenticated key agreement schemes [33][34][35] in different environments and symmetric or asymmetric encryption to protect data stored on the chatbot's database.…”

Section: Discussionmentioning

confidence: 99%

A Systematic Literature Review of Information Security in Chatbots

et al. 2023

View full text Add to dashboard Cite

Chatbots have become increasingly popular in recent years, but they also present security risks and vulnerabilities that need to be addressed. This systematic literature review examines the existing research relating to information security in chatbots, identifying the potential threats, proposed solutions, and future directions for research. The review finds that chatbots face various security threats, including malicious input, user profiling, contextual attacks, and data breaches, and that solutions such as blockchain technology, end-to-end encryption, and organizational controls can be used to mitigate these concerns. The review also highlights the importance of maintaining user trust and addressing privacy concerns for the successful adoption and continued use of chatbots. A taxonomy developed in this review provides a useful framework for categorizing the articles and their findings. The review concludes by identifying future research directions that include developing more sophisticated authentication and authorization mechanisms, exploring the use of privacy-enhancing technologies, and improving the detection and prevention of security threats, among others. This review contributes to the growing body of literature on information security in chatbots and can guide future research and practice in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

A Systematic Literature Review of Information Security in Chatbots

et al. 2023

View full text Add to dashboard Cite

show abstract

“…We visually compare the safety elements of the proposed scheme and related schemes [ 11 , 21 , 44 , 45 , 46 , 47 , 48 ] and record them in Table 3 , which includes various types of safety elements such as “insider attack”, “impersonation attack”, “stolen verification attack”, “ESL attack”, “privileged attack”, “perfect forward secrecy”, “reply attack”, “offline password-guessing attack”, “session key disclosure”, “mutual authentication”, “DoS attack”, “user anonymity”, and “untraceability”. Ultimately, the proposed scheme offers more security features compared to Wu et al’s scheme, and it exhibits fewer features that are either unidentified or not provided, even when compared to the schemes of other related works.…”

Section: Performance Analysismentioning

confidence: 99%

“…We conducted a comparative analysis of communication costs between the related schemes [ 11 , 21 , 44 , 45 , 46 , 47 , 48 ] and the proposed scheme. Based on [ 11 ], we assume the bit lengths of hash function, timestamp, string, identity, random number, fuzzy extractor, and encryption operation to be 256, 32, 160, 160, 160, 8, and 256 bits, respectively.…”

Section: Performance Analysismentioning

confidence: 99%

“…Therefore, during the MAKA phase of our proposed scheme, the exchanged message

requires (160 + 160 + 160 + 256 + 32 = 768 bits), message

requires (768 + 160 + 256 + 32 = 1216 bits), message

requires (160 + 160 + 160 + 160 + 256 + 256 + 32 = 1184 bits), and message

requires (160 + 160 + 256 + 32 = 608 bits). Table 4 and Figure 8 present a summary of the communication costs for the associated schemes [ 11 , 21 , 44 , 45 , 46 , 47 , 48 ] and the proposed scheme.…”

Section: Performance Analysismentioning

confidence: 99%

“…We conducted a comparative analysis of computation costs for the AKA phase of the proposed scheme and related schemes [ 11 , 21 , 44 , 45 , 46 , 47 , 48 ]. Based on [ 49 ], we designed the environment for computing costs.…”

Section: Performance Analysismentioning

confidence: 99%

See 2 more Smart Citations

Provably Secure Lightweight Mutual Authentication and Key Agreement Scheme for Cloud-Based IoT Environments

Ju,

Park

2023

Sensors

View full text Add to dashboard Cite

A paradigm that combines cloud computing and the Internet of Things (IoT) allows for more impressive services to be provided to users while addressing storage and computational resource issues in the IoT environments. This cloud-based IoT environment has been used in various industries, including public services, for quite some time, and has been researched in academia. However, various security issues can arise during the communication between IoT devices and cloud servers, because communication between devices occurs in open channels. Moreover, issues such as theft of a user’s IoT device or extraction of key parameters from the user’s device in a remote location can arise. Researchers interested in these issues have proposed lightweight mutual authentication key agreement protocols that are safe and suitable for IoT environments. Recently, a lightweight authentication scheme between IoT devices and cloud servers has been presented. However, we found out their scheme had various security vulnerabilities, vulnerable to insider, impersonation, verification table leakage, and privileged insider attacks, and did not provide users with untraceability. To address these flaws, we propose a provably secure lightweight authentication scheme. The proposed scheme uses the user’s biometric information and the cloud server’s secret key to prevent the exposure of key parameters. Additionally, it ensures low computational costs for providing users with real-time and fast services using only exclusive OR operations and hash functions in the IoT environments. To analyze the safety of the proposed scheme, we use informal security analysis, Burrows–Abadi–Needham (BAN) logic and a Real-or-Random (RoR) model. The analysis results confirm that our scheme is secure against insider attacks, impersonation attacks, stolen verifier attacks, and so on; furthermore, it provides additional security elements. Simultaneously, it has been verified to possess enhanced communication costs, and total bit size has been shortened to 3776 bits, which is improved by almost 6% compared to Wu et al.’s scheme. Therefore, we demonstrate that the proposed scheme is suitable for cloud-based IoT environments.

show abstract

Leakage-Resilient Certificateless Signcryption Scheme Under a Continual Leakage Model

2023

View full text Add to dashboard Cite

Signature can be used to verify the integrity of both a message and the identity of a signer, whereas encryption can be used to ensure the confidentiality of a message. In the past, cryptography researchers have studied and proposed numerous certificateless signcryption (CLSC) schemes to combine the benefits of both signature and encryption. However, these schemes may not be robust enough to withstand side-channel attacks. Through such attacks, an attacker can constantly retrieve a portion of a private key of the system, and could eventually recover the entire private key. Leakage-resilient certificateless signcryption (LR-CLSC) can ensure its security when the attacker launches such attacks. As far as we know, the existing LR-CLSC schemes can only guarantee the security under a bounded leakage model, where the portion of the private key that an attacker can obtain through side-channel attacks is limited. In this paper, we propose the first LR-CLSC scheme under a continual leakage model. Also, we demonstrate the proposed scheme is secure for the existential unforgeability and the ciphertexts indistinguishability against attackers with sidechannel attacking abilities.

show abstract

Rotating behind security: an enhanced authentication protocol for IoT-enabled devices in distributed cloud computing architecture

Cited by 4 publications

References 49 publications

A Systematic Literature Review of Information Security in Chatbots

A Systematic Literature Review of Information Security in Chatbots

Provably Secure Lightweight Mutual Authentication and Key Agreement Scheme for Cloud-Based IoT Environments

Leakage-Resilient Certificateless Signcryption Scheme Under a Continual Leakage Model

Contact Info

Product

Resources

About