Improvements on robust email protocols with perfect forward secrecy

According to the security shortages of two robust practical email protocols with perfect forward secrecy, attacks on the two protocols are analyzed and corresponding improvements on the two protocols are proposed. First, by analyzing the two email protocols, the corresponding man-in-the-middle attacks are proposed, where the adversary forges the messages in the receiving phase to cheat the two communication participants and makes them share the wrong session keys with him. Consequently, the man-in-the-middle attacks can make the two protocols fail to provide perfect forward secrecy. Secondly, by adding corresponding signatures in the receiving phases of the two protocols, two corresponding improvements on the protocols are proposed to overcome the man-in-the-middle attacks on the two protocols and make them provide perfect forward secrecy. Moreover, the two improved protocols can retain all the merits of the former protocols.

Confidential Procedure Model：a Method for Quantifying Confidentiality Leakage

In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.

Formal analysis of robust email protocol based on authentication tests

Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out. Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him. Therefore, the protocol is not ensured to provide perfect forward secrecy. In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy. Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server. Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.

An Efficient Lightweight Authentication and Key Agreement Protocol for Patient Privacy

Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers.In this system,service providers consider user authentication as a critical requirement.To address this crucial requirement,various types of validation and key agreement protocols have been employed.The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws.This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol.The secureness of the proposed protocol undergoes an informal analysis,whose findings show that different security features are provided,including perfect forward secrecy and a resistance to DoS attacks.Furthermore,it is simulated and formally analyzed using Scyther tool.Simulation results indicate the protocol’s robustness,both in perfect forward security and against various attacks.In addition,the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost.The time complexity of the proposed protocol only involves time of performing a hash function Th,i.e.,:O(12Th).Average time required for executing the authentication is 0.006 seconds;with number of bit exchange is 704,both values are the lowest among the other protocols.The results of the comparison point to a superior performance by the proposed protocol.

Secure and Anonymous Three-Factor Authentication Scheme for Remote Healthcare Systems

Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis.The protection of the patient’s privacy and their data from unauthorized access is a major concern in such systems.Therefore,an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns.Many authentication schemes for remote patient monitoring have been proposed recently.However,the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use.This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN.The proposed authentication scheme is formally verified using the Burrows,Abadi and Needham’s(BAN)logic model and an automatic cryptographic protocol verifier(ProVerif)tool.We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios.Comparisons of the security and performance are carried out with recently proposed authentication schemes.The results of the analysis show that the proposed authentication scheme is secure and practical for use,with reasonable storage space,computation,and communication efficiency.

A new protocol of wide use for e-mail with perfect forward secrecy

Recently, Sun et al. (2005) highlighted the essential property of perfect forward secrecy (PFS) for e-mail protocols when a higher security level is desirable. Furthermore, Sun et al. (2005)’s protocols take only a single e-mail server into account. Actually, it is much more common that the sender and the recipient register at different e-mail servers. Compared to existing protocols, the protocol proposed in this paper takes into account the scenario that the sender and the recipient register at different servers. The proposed protocol is skillfully designed to achieve PFS and end-to-end security as well as to satisfy the requirements of confidentiality, origin, integrity and easy key management. The comparison in terms of functionality and computational efficiency demonstrates the superiority of the present scheme.

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers.The goal is the remote monitoring of a patient’s physiological data by physicians.Moreover,this system can reduce the number and expenses of healthcare centers,make up for the shortage of healthcare centers in remote areas,enable consultation with expert physicians around the world,and increase the health awareness of communities.The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process,which should maintain the privacy of patients,and the integrity of remote medical instructions.Current research results indicate the need of a flexible authentication scheme.This study proposes a scheme with enhanced security for healthcare IoT systems,called an end-to-end authentication scheme for healthcare IoT systems,that is,an E2EA.The proposed scheme supports security services such as a strong and flexible authentication process,simultaneous anonymity of the patient and physician,and perfect forward secrecy services.A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks.A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication,computation,and storage,and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.

Analysis of the Desynchronization Attack Impact on the E2EA Scheme

The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.

DYNAMIC ID-BASED REMOTE USER MUTUAL AUTHENTICATION SCHEME WITH SMARTCARD USING ELLIPTIC CURVE CRYPTOGRAPHY

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography(ECC), however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.

Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode

The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy--perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman （GBDH） problem.

从完美保密到完美安全:基于密码学的内生安全分析

In this paper,we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge.To prove the conjecture,we first establish a cryptography model of instinct function security to transform the security problem in the network domain into an encryption problem in the cryptographic domain.Then,we inherit and apply the established ideas and means of Perfect Secrecy,and propose the concept,definition and corollaries of the perfect instinct function security(PIFS)corresponding to Perfect Secrecy.Furthermore,we take the DHR system as a concrete implementation of PIFS and propose the DHR Perfect Security Theorem corresponding to Shannon’s Perfect Secrecy Theorem.Finally,we prove that the DHR satisfying the“OneTime Reconstruction”constraint is the sufficient and necessary condition to achieve perfect security.This means that the existence of PIFS is also proven.The analysis shows that any reconfigurable system can be encrypted by its construct and that the PIFS converts the oneway transparent superiority of the attacker into a double-blind problem for both the attacker and the defender,which leads to that the attacker is impossible to obtain useful construction information from the attacks and unable to find a better way than blind trial-and-error or brute-force attacks.Since the attackers are required to have the new powerful ability to crack the structure cryptogram,the threshold of cyber security is raised to at least the same level as cryptogram deciphering,thereafter the ubiquitous cyber threats are destined to be significantly reduced.