Abstract: Unmanned Aerial Vehicles (UAVs) are becoming very popular nowadays due to the emergence of application areas such as the Internet of Drones (IoD). They are finding wide applicability in areas ranging from package delivery systems to automated military applications. Nevertheless, communication security between a UAV and its ground station (GS) is critical for completing its task without leaking sensitive information either to the adversaries or to unauthenticated users. UAVs are especially vulnerable to physical capture and node tampering attacks. Further, since UAV devices are generally equipped with small batteries and limited memory storage, lightweight security techniques are best suited for them. Addressing these issues, a lightweight mutual authentication scheme based on Physical Unclonable Functions (PUFs) for UAV-GS authentication is presented in this paper. The UAV-GS authentication scheme is extended further to support UAV-UAV authentication. We present a formal security analysis as well as old-fashioned cryptanalysis and show that our protocol provides various security features such as mutual authentication, user anonymity, etc, and is resilient against many security attacks such as masquerade, replay, node tampering, and cloning attacks, etc. We also compare the performance of our protocol with state-of-the-art authentication protocols for UAVs, based on computation, communication, and memory storage cost.

Abstract: Secure real-time data about goods in transit in supply chains needs bandwidth having capacity that is not fulfilled with the current infrastructure. Hence, 5G-enabled Internet of Things (IoT) in mobile edge computing is intended to substantially increase this capacity. To deal with this issue, in this article, we design a new efficient lightweight blockchain-enabled radio frequency identification (RFID)-based authentication protocol for supply chains in 5G mobile edge computing environment, called lightweight blockchain-enabled RFID-based authentication protocol (LBRAPS). LBRAPS is based on bitwise exclusive-or (XOR), one-way cryptographic hash and bitwise rotation operations only. LBRAPS is shown to be secure against various attacks. Moreover, the simulation-based formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool assures that LBRAPS is secure. Finally, it is shown that LBRAPS has better trade-off among its security and functionality features, communication and computation costs as compared to those for existing protocols.

Abstract: The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.

Abstract: With the emergence of the concept of smart city and the increase of vehicles, the vehicular ad-hoc network (VANET) is widely accepted for the communication of vehicles to get information including road condition, traffic congestion description, speed, and location of vehicles. Naturally, the security of the data transmission in VANET has become one of the urgent tasks of researchers. Many privacy-preserving authentication protocols for VANETs have been presented. However, heavy computations and security flaws exist in them. Thus, we put forward a lightweight authentication protocol in a suitable communication model for VANET that meets the privacy protection needs, with only hash functions and exclusive-OR operations. Formal security analysis using BAN logic shows that our protocol achieves the security goals. Proverif is used to verify the security of the protocol and the results show that the privacy can be guaranteed under the simulated attacker. Moreover, through security properties analysis, our protocol is robust enough to get rid of common attacks and keep the communication data secretly. The performance comparison results show that our protocol is lightweight and efficient. Furthermore, we simulate the network with SUMO and NS-3, and all show that our protocol is efficient and practical for VANETs.

Abstract: Electric vehicles (EVs) have been slowly replacing conventional fuel based vehicles since the last decade. EVs are not only environment-friendly but when used in conjunction with a smart grid, also open up new possibilities and a Vehicle-Smart Grid ecosystem, commonly called V2G can be achieved. This would not only encourage people to switch to environment-friendly EVs or Plug-in Hybrid Electric Vehicles (PHEVs), but also positively aid in load management on the power grid, and present new economic benefits to all the entities involved in such an ecosystem. Nonetheless, privacy and security remain a serious concern of smart grids. The devices used in V2G are tiny, inexpensive, and resource constrained, which renders them susceptible to multiple attacks. Any protocol designed for V2G systems must be secure, lightweight, and must protect the privacy of the vehicle owner. Since EVs and charging stations are generally not guarded by people, physical security is also a must. To tackle these issues, we propose Physical Unclonable Functions (PUF) based Secure User Key-Exchange Authentication (SUKA) protocol for V2G systems. The proposed protocol uses PUFs to achieve a two-step mutual authentication between an EV and the Grid Server. It is lightweight, secure, and privacy preserving. Simulations show that the proposed protocol performs better and provides more security features than state-of-the-art V2G authentication protocols. The security of the proposed protocol is shown using a formal security model and analysis.

Abstract: Internet of Vehicles (IoV) is treated as an extension of Vehicle-to-Vehicle (V2V) communication network. IoV helps in enhancing driving aids with the help of vehicle Artificial Intelligence (AI) awareness of other vehicles and their actions. IoV is connected in an adhoc networking environment which utilizes each vehicle in the network as a node, called Vehicular Ad Hoc Network (VANET), where the vehicles may be also connected to the public Internet. It is specifically important for the autonomous vehicles because they can instantaneously communicate with other vehicles surrounding them. In addition, safely avoiding accident prone zones is crucial in order to continue secure and smart transportation. Since the communication among various entities involved in the IoV environment is via open channel, it gives an opportunity to a passive/active adversary to intercept, modify, delete or even insert fake information during communication. It is then a serious concern for the vehicles users to determine whether the received information is genuine. In this survey paper, various security aspects, threats and attacks, network and threat models related to the IoV environment are discussed. Next, a taxonomy of security protocols is given that is essential to provide IoV data security. In particular, focus on various authentication protocols is given that is needed for mutual authentication among the involved entities in the IoV environment for secure communication. A detailed comparative analysis among various state-of-art authentication protocols proposed in the related IoV environment is provided to show their effectiveness as well as security and functionality features. Moreover, some testbeds are described that were designed and implemented for the IoV environment. In addition, some future challenges for IoV security protocols are also highlighted that are necessary to address in the future.

Abstract: The energy Internet (EI)-based vehicle-to-grid (V2G) technology facilitates the electric vehicles not only to distribute additional electricity into grid systems, but also support receiving back from the power grid in the form of charging. The secure key establishment is quite significant to initiate the bidirectional electricity power delivery into and from the system. To effectively implement any EI-based V2G communication, the authentication protocol must be free from cyber attacks. In this article, we not only explore the drawbacks of several smart grid-based authentication protocols but also bring forth the limitations of a recently presented EI-based V2G scheme by Gope and Sikdar. The examined drawbacks in this protocol may disrupt its proper functioning, since it faces desynchronization problems while logging into the mobile device bearing registration parameters. The scheme is also vulnerable to replay attack and man-in-the-middle attack. The user is also unable to validate session key in the protocol. Considering these limitations, we propose a novel and efficient V2G protocol framework enabling the vehicles to communicate or recharge at desired recharging stations. The results of the proposed framework are compared with several contemporary schemes, and its security features are validated by random oracle model-based formal analysis.

Abstract: The innovations in the field of wearable medical devices, wireless communication and low cost cloud computing aid the wireless body area network (WBAN) to become a prominent component of future healthcare systems. WBAN consists of medical sensors, which continuously monitor the patients’ vital signs and transfers this data to the remote medical server via the cloud. The continuous monitoring of the patients’ health data improves the quality of the medical service and also provides the source for future medical diagnosis. The medical information collected from WBAN is generally transmitted through wireless channel and therefore vulnerable to various information attacks. In this context, medical data security and privacy are key issues; hence there is a requirement of lightweight end-to-end authentication protocol to ensure secure communication. Recently, Li et al. presented a lightweight end-to-end authentication protocol for WBAN based on elliptic curve cryptography (ECC). However, through cryptanalysis, some security loopholes are found in this protocol. In this paper, an enhanced lightweight ECC based end-to-end authentication protocol is proposed to overcome the security vulnerabilities of Li et al.’s scheme. Further, the formal security analysis of the proposed scheme is done using BAN logic and AVISPA tool. The comparative analysis shows that the proposed scheme not only removes the security loopholes of Li et al.’s scheme but also reduces the overall complexity.

Abstract: Based on the functional characteristics of inter-vehicle communication networks under the current framework, a privacy-preserving authentication framework that combines fifth-generation communication technology (5G) and edge computing technology is proposed. The proposed framework is different from that used in the previous 802.11p-based inter-vehicle communication network architecture, and we use device-to-device technology to achieve communication between vehicles. One difference between a 5G-enabled model and a traditional model for vehicle ad hoc networks is that secure communication between vehicles in a 5G-enabled model is challenging. The authentication protocol proposed in this study can be divided into two parts. The first part involves authenticating and selecting an edge computing vehicle, wherein a fuzzy logic mathematical method is used in the selection process. The second part is the mutual authentication between edge computing and ordinary vehicles. In this process, the exchange of security information between vehicles in a group is possible. Simultaneously, the identity privacy and traceability of the vehicle are ensured. Moreover, the proposed signature scheme is proved to be secure under a random oracle model. Performance evaluation results demonstrate that our proposed scheme has relatively lower computational and communication overhead than existing schemes.

Abstract: Secure and efficient access authentication is one of the most important security requirements for vehicular networks, but it is difficult to fulfill due to potential security attacks and long authentication delay caused by high vehicle mobility, etc. Most of the existing authentication protocols, either do not consider attacks like single point of failure or do not focus on reducing authentication delay. To address these issues, we introduce an edge-assisted decentralized authentication (EADA) architecture, which provides secure and more communication-efficient authentication by enabling an authentication server to delegate its authentication capability to distributed edge nodes (ENs) such as roadside units (RSUs) and base stations (BSs). Under the architecture, we propose a threshold mutual authentication protocol that supports fast handover, which involves two scenarios, Auth-I and Auth-II. Auth-I only happens once when a vehicle tries to access the network for the first time, while Auth-II happens when a vehicle seamlessly roams between two ENs, i.e., handover. Specifically, for Auth-I, each vehicle can be cooperatively authenticated by t out of n ENs with identity-based signature techniques to obtain an authentication token and the involved ENs can be efficiently authenticated in a batch by the vehicle. For Auth-II, the vehicle can utilize the token as its private credential to achieve fast handover based on identity-based signature without interacting with multiple ENs, which further reduces the authentication delay significantly. In addition, we design a flexible method to support dynamic joining and leaving of ENs without the assistance of a trusted center. We demonstrate that the proposed protocol is secure and efficient through security analysis and performance evaluation.

Abstract: Wireless Healthcare Sensor Network (WHSN) has become one of the major research fields over the past decades that play a very prominent role in the medical field. Due to the rapid growth of technology in wireless communication, different security challenges have been raised in WHSN. Authentication protocols are used to secure the information transferred over the public channels by WHSN. For this prospect recently, Liu & Chung proposed an authentication and data transmission mechanism for WHSN. However, Challa et al. identified that Liu-Chung’s scheme is vulnerable to stolen smart-card, offline password guessing, privileged insider, and user impersonation attacks. Challa et al. then proposed an enhanced scheme to overcome beforehand stated flaws. This paper denotes out that in accession to before mentioned attacks, Liu-Chung’s scheme is also prone to users’ private key leakage and user impersonation attacks towards sensors. Moreover, Challa et al.’s scheme suffers from incorrectness, broadcasting problem, lack of authentication between Trusted Authority (TA) and sensor nodes, replay attack, Denial of Service (DoS) attack, forgery attack and delay in communication due to the involvement of the TA. Using the elliptic curve cryptography and bilinear paring, an improved scheme is proposed in this paper, to mitigate the weaknesses of Challah et al. and Liu-Chang schemes. The formal security analysis using simulation tool AVISPA and BAN logic demonstrate that the proposed scheme is secure. The rigorous informal security analysis also attests that our scheme is safe against well-known attacks.

Abstract: Location-based service (LBS) in vehicular ad hoc networks (VANETs) has significantly benefited information acquisition from geographically-based social networking. Authentication guarantees the unforgeability and the effectiveness of the LBS information. Unfortunately, owing to a large quantity of redundant or useless LBS messages disseminated in VANETs, the heavy authentication overhead of the existing work adopting a periodically released authentication key, filtering with message identifiers or exploiting public key (fully) homomorphic encryption (FHE), is either intolerable by resource-constrained on-board units (OBUs) or inappropriate to the realtime controlling requirement for VANETs. In this paper, an efficient multi-key secure outsourced computation scheme MSOC without exploiting public key FHE is first proposed, in the setting of two non-colluding servers, namely the cloud and the cryptographic service provider (CSP). Then, based on MSOC, an efficient and secure comparison protocol LSCP is devised, without the interaction between the server and the users. Furthermore, a lightweight privacy-preserving authentication protocol LPPA for LBS in VANETs is proposed, by eliminating duplicate and useless encrypted LBS messages before authentication is executed, through a newly devised efficient privacy-preserving information filtering system. Both user’s location privacy and interest privacy are well protected against even the collusion between the roadside units (RSUs) serving as the cloud (or CSP) and malicious users. Especially, the property of ciphertext re-encryption of our proposed MSOC also guarantees the interest pattern privacy whether two users accept the same LBS information. Finally, formal security proof and extensive simulation results verify the effectiveness and practicability of our proposed LPPA.

Abstract: With the continuous miniaturization of electronic devices and the recent advancement in wireless communications, unmanned aerial vehicles (UAVs) will find many new uses in people’s production and life, bringing great convenience to the public. Meanwhile, the cybersecurity of UAVs is gaining significant attention due to both financial and strategic information and value involved in aerial applications, and UAV and sensitive data collected by embedded sensors are subject to new security challenges and privacy issues. Traditional cryptographic techniques can be deployed to provide fundamental security services, however, they have been shown to be inefficient because of intrinsic resource constraints of UAVs and the open nature of wireless communication. For the sake of providing secure authentication between communication parties and further ensuring data security and privacy, this paper proposes a lightweight mutual authentication protocol, also referred to as PCAP, for secure communications between UAVs and ground station. The basic idea of the PCAP is that UAV and ground station use the challenge-response pair of physical unclonable function as the initial condition of chaotic system to randomly shuffle the message which piggybacks a seed to generate a secret session key. We conduct simulation experiments using OMNeT++to validate the effectiveness of the PCAP. The simulation results show that the PCAP can achieve better performance in terms of computation cost, communication overhead, and energy consumption of communication compared to prior cryptographic technique, indicating a viable approach for securing communications between UAVs and ground station.

Abstract: The Industrial Internet of Things (IIoT) consists of sensors, networks, and services to connect and control production systems. Its benefits include supply chain monitoring and machine failure detection. However, it has many vulnerabilities, such as industrial espionage and sabotage. Furthermore, many IIoT devices are resource-constrained, which impedes the use of traditional security services for them. Authentication allows devices to be confident of each other's identity, preventing some security attacks. Many authentication protocols have been proposed for IIoT; however, they have high computing requirements not viable to resource-constrained devices, or they have been found insecure. In this paper, an authentication protocol for resource-constrained IIoT devices is proposed. It is based on the lightweight operations xor, addition, and subtraction, and a hash function. Also, only four messages are exchanged between the principals to authenticate. It has a low execution-time and communication-cost. Its security was successfully assessed with the formal methods Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and Burrows-Abadi-Needham (BAN) logic, together with an informal analysis of its resistance to known attacks. Its performance and security were compared with state-of-the-art protocols, resulting in a good performance for resource-constrained IIoT devices, and higher security similar to computational expensive schemes.

Abstract: With the rise of new technological paradigms such as the Internet of Things (IoT) and the Internet of Vehicles (IoV), we are going to see an unprecedented growth of connected vehicles on the roads. Also, with the ever-increasing complexity of vehicular electronics and with the increasing number of Electronic Control Units (ECUs) inside these next-generation vehicles, the need for verification of the firmware and software running on these ECUs using attestation techniques is heightened all the more. In this paper, we propose a lightweight and secure authentication and attestation scheme for attesting vehicles while they are on the roads. Since this attestation is proposed to be carried out on moving vehicles, there is also a need for authenticating the vehicles with the Road Side Units (RSUs) first before carrying out attestation. Therefore, a combined attestation and authentication scheme for verification of the vehicle ECU firmware is presented here. The ECU firmware running on the vehicles can be attested from the edge servers connected to the RSUs while the vehicles are in-transit and passing through these RSUs. We perform a security analysis of the proposed attestation and authentication protocol and compare it with other similar existing protocols. We also do a performance analysis of the proposed protocol and show the feasibility of its deployment.

Abstract: Sensor nodes play a major role in IoT environment, and each sensor is a peer to peer networking. Due to limited physical size, IoT sensor nodes must have light-weight authentication protocol. The Internet of Things (IoT) is a collection of various technical elements. It is expected that interworking between heterogeneous terminals, networks, and applications. They will accelerate through the liberalization of the IoT platform. As a result, many technical and administrative security threats will arise in the IoT environment. Sensor node protocols must be light-weight and secure. As IoT devices are used for various purposes, for some devices that require performance, the OS with a high-performance chipset that works, most passwords protocol. However, to turn on / off the lights IoT devices that perform simple tasks such as based on a low-performance chipset with no OS running. If it does not support encryption protocol or certificate, then it is vulnerable, and it does not have enough performance to handle. Therefore, in this paper, Block-chain-based IoT device is proposed to get a more secure authentication scheme.

Abstract: The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest lately, and it witnessed a large growth in the number of IoT devices due to the importance of such systems in today’s communication networks. On the other hand, the authentication of entities (devices) is a major concern and a main security challenge in IoT systems since any weakness in the identification or authentication process will allow a compromised entity to establish communication, inject false data and launch dangerous attacks leading to system malfunction. Currently, most IoT authentication mechanisms are based on single-factor cryptographic solutions. These techniques are not practical for IoT devices that have limited computational capabilities. In this paper, we propose a lightweight and secure multi-factor device authentication protocol for IoT devices. The scheme is based on two concepts, configurable physical unclonable functions (PUF) within IoT devices, and channel-based parameters. It uses few and simple cryptographic operations such as the bit-wise exclusive-OR operation and a one-way hash function. The unique PUF value serves as the mutual secret identifier between a pair of users, which frequently changes for every session. Moreover, the proposed protocol exploits the random channel characteristics to provide high robustness against different kinds of attacks, while maintaining low complexity. To the best of the authors’ knowledge, this is the first work that combines physical layer security with PUFs to authenticate communicating devices, dynamically. Security and performance analysis prove the security and efficiency of the proposed protocol, which is designed with minimum overhead in terms of computations and communication costs.

Abstract: Extensive use of unmanned aerial vehicles (commonly referred to as a “drone”) has posed security and safety challenges. To mitigate security threats caused by flights of unauthorized drones, we present a framework called SENTINEL (Secure and Efficient autheNTIcation for uNmanned aErial vehicLes) under the Internet of Drones (IoD) infrastructure. SENTINEL is specifically designed to minimize the computational and traffic overheads caused by certificate exchanges and asymmetric cryptography computations that are typically required for authentication protocols. SENTINEL initially generates a flight session key for a drone having a flight plan and registers the flight session key and its flight plan into a centralized database that can be accessed by ground stations. The registered flight session key is then used as the message authentication code key to authenticate the drone by any ground station while the drone is flying. To demonstrate the feasibility of the proposed scheme, we implemented a prototype of SENTINEL with ECDSA, PBKDF2 and HMAC-SHA256. The experiment results demonstrated that the average execution time of the authentication protocol in SENTINEL was about 3.1 times faster than the “TLS for IoT” protocol. We also formally proved the security of SENTINEL using ProVerif that is an automatic cryptographic protocol verifier.

Abstract: Existing conditional anonymous authentication protocols to secure the group communication in VANETs (Vehicular Ad hoc Networks) render challenges such as dynamically updating membership in a domain and achieving vehicle user's privacy preservation. This paper elegantly addresses these challenges by proposing a novel conditional privacy-preserving authentication with dynamic membership for VANETs depending on chinese remainder theorem (CRT). Specifically, the CRT is utilized by a trusted authority to securely disseminate a domain key for the authorized vehicles in the same domain, where each vehicle in this domain is able to obtain the domain key by only performing one modulo division operation in case of domain key updating. Distinct from the previous works in this field, our proposed protocol not only achieves message authentication, anonymity and conditional privacy-preserving, but also provides forward security and backward security of vehicles. Theoretical analysis and experiment simulation demonstrate that the proposed protocol is provably secure and highly feasible.

Abstract: The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.

Abstract: The Industrial Internet of Things (IIoT) is expected to provide a promising opportunity to revolutionize the production operation of the existing industrial systems by leveraging smart devices. Due to the untrusted nature of communication channels, ensuring data authenticity is a critical challenge. Besides, devices’ privacy and communication heterogeneity raise crucial concerns about the IIoT applications since the existing authentication protocols for the IIoT environment face the potential threats of privacy leakage and cannot achieve secure communication between heterogeneous industrial systems. To address these challenges, this article proposes an efficient privacy-preserving authentication protocol for heterogeneous systems in IIoT using proxy resignature. The presented protocol not only provides heterogeneous communication between ID-based and certificateless-based cryptosystems but also achieves various security requirements. The security of our protocol has been proven based on the extended Computational Diffie–Hellman (eCDH) assumption in the random oracle model. The experimental simulation demonstrates that our protocol is feasible for the IIoT-based environment.

Abstract: Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN , that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.