Mutual Authentication Protocols for RFID Systems

With the availability of low-cost radio frequency identification (RFID) tags,security becomes an increasing concern. However,such tags do not permit complex cryptographic functions due to their computational,communications,and storage limitations. In this paper,we investigate the security issues and requirements of RFID systems,and propose ultra-light weight and light weight protocols for low-cost RFID tags.The proposed protocols has been applied to a supply chain management system.

An Enhanced Direct Anonymous Attestation Scheme with Mutual Authentication for Network-Connected UAV Communication Systems

In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.

ID Updating-Based RFID Mutual Authentication Protocol for Low-Cost Tags

In order to solve the various privacy and security problems in RFID system, a new low-cost RFID mutual authentication protocol based on ID updating mechanics is proposed. In the proposed scheme, the backend server keeps both the current ID and potential next ID for each tag, thus to solve the possible problem of de-synchronization attack in the most ID updating-based schemes. In the security analysis section, comparing several protocols in property required and attacker resistances, the comparison results show that the proposed protocol provides strong authentication and strong integrity of the transmissions and can withstand most the possible attacks that break the security of the previous schemes. In the performance evaluation section, the analysis results also indicate that, in terms of computational cost and storage requirement, the proposed scheme is safer, more efficient, more suitable for low-cost tag and more feasible in practice.

A novel mutual authentication and key agreement protocol based on NTRU cryptography for wireless communications

In this paper, the authors present a novel mutual authentication and key agreement protocol based on the Number Theory Research Unit (NTRU) public key cryptography. The symmetric encryption, hash and “challenge-response” techniques were adopted to build their protocol. To implement the mutual authentication and session key agreement, the proposed protocol contains two stages: namely initial procedure and real execution stage. Since the lightweight NTRU public key cryptography is employed, their protocol can not only overcome the security flaws of secret-key based authentication protocols such as those used in Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS), but also provide greater security and lower computational complexity in comparison with currently well-known public key based wireless authentication schemes such as Beller-Yacobi and M.Aydos protocols.

Secure and Efficient Mutual Authentication Scheme for NFC Mobile Devices

As the technology of mobile devices spreads fast,the price of mobile devices is getting cheaper.Most of the people have mobile devices,and these devices have the technology of near field communication（NFC）.With the long time development and research,the mobile devices use NFC technology on the payment and authentication applications,and replace the smartcard,the access control card,and the credit card by using the card emulation mode.It helps the development of NFC applications.In recent years,more and more users begin using NFC technology on mobile payment and authentication.Many researches have proposed the related NFC authentication protocols,but their schemes are still lack of some security properties and functions,which are necessary for NFC authentication protocols.In this paper,we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.

Quantum Secure Direct Communication Protocol with Mutual Authentication Based on Single Photons and Bell States

Quantum secure direct communication(QSDC)can transmit secret messages directly from one user to another without first establishing a shared secret key,which is different from quantum key distribution.In this paper,we propose a novel quantum secure direct communication protocol based on signal photons and Bell states.Before the execution of the proposed protocol,two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret,respectively.Then the message sender,Alice,encodes each secret message bit into two single photons(|01>or|10>)or a Bell state(1|φ^(+)>=1/√2(|0>|-|1>1>)),and composes an ordered secret message sequence.To insure the security of communication,Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB.By the secret identity IDA and IDB,both sides of the communication can check eavesdropping and identify each other.The proposed protocol not only completes secure direct communication,but also realizes the mutual authentication.The security analysis of the proposed protocol is presented in the paper.The analysis results show that this protocol is secure against some common attacks,and no secret message leaks even if the messages are broken.Compared with the two-way QSDC protocols,the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack.Furthermore,our proposed protocol can be realized without quantum memory.

DYNAMIC ID-BASED REMOTE USER MUTUAL AUTHENTICATION SCHEME WITH SMARTCARD USING ELLIPTIC CURVE CRYPTOGRAPHY

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography(ECC), however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.

Design of a Mutual Authentication and Key Agreement Protocol for WBANs

Please WBANs are a sensor network for detection and collection of sensitive data to the human body,which is lightweight and mobile.WBANs transmit sensitive and significant messages through the public channel,which makes it easy for an attacker to eavesdrop and modify the messages,thus posing a severe threat to the security of the messages.Therefore,it is essential to put in place authentication and key agreement between different communication nodes in WBANs.In this paper,a lightweight and secure authenticated key agreement protocol in wireless body area networks is designed.It is capable to reduce the cost of sensor node computation while ensuring security.Besides,an informal security analysis is conducted to discuss the security of the protocol against well-known attacks.Finally,the energy consumption of the protocol is evaluated,and the results show that the sensor nodes only need low storage cost,computational cost and communication cost.

ATTACKS AND IMPROVEMENTS ON THE RFID AUTHENTICATION PROTOCOLS BASED ON MATRIX

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.

RUAP:Random Rearrangement Block Matrix-Based Ultra-Lightweight RFID Authentication Protocol for End-Edge-Cloud Collaborative Environment

Cloud computing provides powerful processing capabilities for large-scale intelligent Internet of things(IoT)terminals.However,the massive realtime data processing requirements challenge the existing cloud computing model.The edge server is closer to the data source.The end-edge-cloud collaboration offloads the cloud computing tasks to the edge environment,which solves the shortcomings of the cloud in resource storage,computing performance,and energy consumption.IoT terminals and sensors have caused security and privacy challenges due to resource constraints and exponential growth.As the key technology of IoT,Radio-Frequency Identification(RFID)authentication protocol tremendously strengthens privacy protection and improves IoT security.However,it inevitably increases system overhead while improving security,which is a major blow to low-cost RFID tags.The existing RFID authentication protocols are difficult to balance overhead and security.This paper designs an ultra-lightweight encryption function and proposes an RFID authentication scheme based on this function for the end-edge-cloud collaborative environment.The BAN logic proof and protocol verification tools AVISPA formally verify the protocol’s security.We use VIVADO to implement the encryption function and tag’s overhead on the FPGA platform.Performance evaluation indicates that the proposed protocol balances low computing costs and high-security requirements.

A Lightweight Anonymous Device Authentication Scheme for Information-Centric Distribution Feeder Microgrid

Distribution feeder microgrid(DFM)built based on existing distributed feeder(DF),is a promising solution for modern microgrid.DFM contains a large number of heterogeneous devices that generate heavy network traffice and require a low data delivery latency.The information-centric networking(ICN)paradigm has shown a great potential to address the communication requirements of smart grid.However,the integration of advanced information and communication technologies with DFM make it vulnerable to cyber attacks.Adequate authentication of grid devices is essential for preventing unauthorized accesses to the grid network and defending against cyber attacks.In this paper,we propose a new lightweight anonymous device authentication scheme for DFM supported by named data networking(NDN),a representative implementation of ICN.We perform a security analysis to show that the proposed scheme can provide security features such as mutual authentication,session key agreement,defending against various cyber attacks,anonymity,and resilience against device capture attack.The security of the proposed scheme is also formally verified using the popular AVISPA(Automated Validation of Internet Security Protocols and Applications)tool.The computational and communication costs of the proposed scheme are evaluated.Our results demonstrate that the proposed scheme achieves significantly lower computational,communication and energy costs than other state-of-the-art schemes.

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers.The goal is the remote monitoring of a patient’s physiological data by physicians.Moreover,this system can reduce the number and expenses of healthcare centers,make up for the shortage of healthcare centers in remote areas,enable consultation with expert physicians around the world,and increase the health awareness of communities.The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process,which should maintain the privacy of patients,and the integrity of remote medical instructions.Current research results indicate the need of a flexible authentication scheme.This study proposes a scheme with enhanced security for healthcare IoT systems,called an end-to-end authentication scheme for healthcare IoT systems,that is,an E2EA.The proposed scheme supports security services such as a strong and flexible authentication process,simultaneous anonymity of the patient and physician,and perfect forward secrecy services.A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks.A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication,computation,and storage,and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.

Secure and Anonymous Three-Factor Authentication Scheme for Remote Healthcare Systems

Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis.The protection of the patient’s privacy and their data from unauthorized access is a major concern in such systems.Therefore,an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns.Many authentication schemes for remote patient monitoring have been proposed recently.However,the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use.This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN.The proposed authentication scheme is formally verified using the Burrows,Abadi and Needham’s(BAN)logic model and an automatic cryptographic protocol verifier(ProVerif)tool.We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios.Comparisons of the security and performance are carried out with recently proposed authentication schemes.The results of the analysis show that the proposed authentication scheme is secure and practical for use,with reasonable storage space,computation,and communication efficiency.

Efficient Joint Key Authentication Model in E-Healthcare

Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones.These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things(mIoT).mIoT is an important part of the digital transformation of healthcare,because it can introduce new business models and allow efficiency improvements,cost control and improve patient experience.In the mIoT system,when migrating from traditional medical services to electronic medical services,patient protection and privacy are the priorities of each stakeholder.Therefore,it is recommended to use different user authentication and authorization methods to improve security and privacy.In this paper,our prosed model involves a shared identity verification process with different situations in the e-health system.We aim to reduce the strict and formal specification of the joint key authentication model.We use the AVISPA tool to verify through the wellknown HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment.Our model has economic and strategic advantages for healthcare organizations and healthcare workers.The medical staff can increase their knowledge and ability to analyze medical data more easily.Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time.Further,it can help customers prevent chronic diseases with the enhanced cognitive functions support.The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.

Smart Grid Communication Under Elliptic Curve Cryptography

Smart Grids(SGs)are introduced as a solution for standard power dis-tribution.The significant capabilities of smart grids help to monitor consumer behaviors and power systems.However,the delay-sensitive network faces numer-ous challenges in which security and privacy gain more attention.Threats to trans-mitted messages,control over smart grid information and user privacy are the major concerns in smart grid security.Providing secure communication between the service provider and the user is the only possible solution for these security issues.So,this research work presents an efficient mutual authentication and key agreement protocol for smart grid communication using elliptic curve crypto-graphy which is robust against security threats.A trust authority module is intro-duced in the security model apart from the user and service provider for authentication.The proposed approach performance is verified based on different security features,communication costs,and computation costs.The comparative analysis of experimental results demonstrates that the proposed authentication model attains better performance than existing state of art of techniques.

A Secure MAKAP for Wireless Communication

A mutual authentication and key establishment protocol proposed by Aydos et al, for wireless communication based on elliptic curve cryptography can provide authentication between the user and server and they agreement a session key in the end of it. Unfortunately, Mangipudi pointed out Aydos＇ scheme was incurred the man-in-middle attack denial-of-service attack and impersonation based on man-in-middle attack. Then he proposed an improved scheme m overcome the above weakness. However, there is an attack which can forge the message required in the protocol and impersonation a valid user to the server.

Fast and Efficient Security Scheme for Blockchain-Based IoT Networks

Internet of Things(IoT)has become widely used nowadays and tremendous increase in the number of users raises its security requirements as well.The constraints on resources such as low computational capabilities and power requirements demand lightweight cryptosystems.Conventional algorithms are not applicable in IoT network communications because of the constraints mentioned above.In this work,a novel and efficient scheme for providing security in IoT applications is introduced.The scheme proposes how security can be enhanced in a distributed IoT application by providing multilevel protection and dynamic key generation in the data uploading and transfer phases.Existing works rely on a single key for communication between sensing device and the attached gateway node.In proposed scheme,this session key is updated after each session and this is done by applying principles of cellular automata.The proposed system provides multilevel security by using incomparable benefits of blockchain,dynamic key and random number generation based on cellular automata.The same was implemented and tested with the widely known security protocol verification tool called Automated Validation of Internet Security Protocols and Applications(AVISPA).Results show that the scheme is secure against various attacks.The proposed scheme has been compared with related schemes and the result analysis shows that the new scheme is fast and efficient also.

Analysis of the Desynchronization Attack Impact on the E2EA Scheme

The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.

Secure Authentication Protocol for Mobile Payment

With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever ncreasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol （SMAP） based on the Universal 2nd Factor （U2F） protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protoco

Research on a provable security RFID authentication protocol based on Hash function

Research on existing radio frequency identification（RFID） authentication protocols security risks, poor performance and other problems, a RFID security authentication protocol based on dynamic identification（ID） and Key value renewal is proposed. Meanwhile, the security problems based on Hash function RFID security authentication protocol in recent years have been also sorted and analyzed. Then a security model to design and analyze RFID protocols is built. By using the computational complexity, its correctness and security have been proved. Compared with the safety performance, storage overhead, computational overhead and other aspects of other protocols, the protocol for RFID has more efficient performance and ability to withstand various attacks. And the C# programming language is used to simulate the authentication process on the visual studio platform, which verifies the feasibility of the protocol.