An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off‐line and online password‐guessing, identity‐guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3‐factor–based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows‐Abadi‐Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

An anonymous and robust multi‐server authentication protocol using multiple registration servers

The concept of multi‐server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi‐server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi‐server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi‐server environments compared to other protocols with similar nature.     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

Privacy‐preserving authentication protocols with efficient verification in VANETs

As an important component of intelligent transportation systems, vehicular ad hoc networks can provide safer and more comfortable driving circumstance for the drivers. However, communication security and privacy issues present practical concerns to the deployment of vehicular ad hoc networks. Although recent related studies have already addressed most of these issues, most of them have only considered a posteriori countermeasures or a priori countermeasures to prevent the attacks of an adversary. To the best of our knowledge, up to now, only two privacy‐preserving authentication schemes can provide a posteriori countermeasures and a priori countermeasures. But, the computational cost of verifying a signature is relatively high or security proof of the scheme is loose in the two schemes. In this paper, we propose two novel privacy‐preserving authentication schemes. The first one cannot only provide a posteriori and a priori countermeasures, but also has low computational cost in the verification phase and tight security proof. The second one can achieve batch verification on multiple messages. Comparison with Wu et al.'s scheme and Chen et al's scheme, our scheme shows higher efficiency in terms of the computational cost of verifying signature.Copyright © 2013 John Wiley & Sons, Ltd.     

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.     

MDPA: multidimensional privacy‐preserving aggregation scheme for wireless sensor networks

In this paper, we propose a novel multidimensional privacy‐preserving data aggregation scheme for improving security and saving energy consumption in wireless sensor networks (WSNs). The proposed scheme integrates the super‐increasing sequence and perturbation techniques into compressed data aggregation, and has the ability to combine more than one aggregated data into one. Compared with the traditional data aggregation schemes, the proposed scheme not only enhances the privacy preservation in data aggregation, but also is more efficient in terms of energy costs due to its unique multidimensional aggregation. Extensive analyses and experiments are given to demonstrate its energy efficiency and practicability. Copyright © 2009 John Wiley & Sons, Ltd.     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

Simulation analyses of weighted fair bandwidth‐on‐demand (WFBoD) process for broadband multimedia geostationary satellite systems

Advanced resource management schemes are required for broadband multimedia satellite networks to provide efficient and fair resource allocation while delivering guaranteed quality of service (QoS) to a potentially very large number of users. Such resource management schemes must provide well‐defined service segregation to the different traffic flows of the satellite network, and they must be integrated with some connection admission control (CAC) process at least for the flows requiring QoS guarantees. Weighted fair bandwidth‐on‐demand (WFBoD) is a resource management process for broadband multimedia geostationary (GEO) satellite systems that provides fair and efficient resource allocation coupled with a well‐defined MAC‐level QoS framework (compatible with ATM and IP QoS frameworks) and a multi‐level service segregation to a large number of users with diverse characteristics. WFBoD is also integrated with the CAC process. In this paper, we analyse via extensive simulations the WFBoD process in a bent‐pipe satellite network. Our results show that WFBoD can be used to provide guaranteed QoS for both non‐real‐time and real‐time variable bit rate (VBR) flows. Our results also show how to choose the main parameters of the WFBoD process depending on the system parameters and on the traffic characteristics of the flows. Copyright © 2005 John Wiley & Sons, Ltd.     

Dynamic bandwidth allocation and buffer dimensioning under equal segment scheme to support video‐on‐demand services

This paper focuses on the optimization of network bandwidth allocation and buffer dimensioning to transport pre‐stored MPEG video data from source to playback destination across ATM networks. This is one of the most important issues in the support of video‐on‐demand (VoD) service. This paper provides a novel scheme in the dynamic allocation of bandwidth to segments of video using ABR mode. The dynamic bandwidth allocation is based on a new concept, called playback tunnel which is obtained from the traffic characteristics of the pre‐stored MPEG video trace to determine the optimum of transmission bandwidth as well as the buffer capacity to ensure that the playback buffer neither underflows nor overflows. The proposed scheme is tested with real‐life MPEG video traces. The obtained results have shown its significant performance improvement in terms of the capacity of playback buffer, the start‐up playback delay, the size of video segment and the network multiplexing gain. Copyright © 2001 John Wiley & Sons, Ltd.     

SDN‐based fault‐tolerant on‐demand and in‐advance bandwidth reservation in data center interconnects

Geographically distributed data centers are interconnected through provisioned dedicated WAN links, realized by circuit/wavelength–switching that support large‐scale data transfer between data centers. These dedicated WAN links are typically shared by multiple services through on‐demand and in‐advance resource reservations, resulting in varying bandwidth availability in future time periods. Such an inter‐data center network provides a dynamic and virtualized environment when augmented with cloud infrastructure supporting end‐host migration. In such an environment, dynamically provisioned network resources are recognized as extremely useful capabilities for many types of network services. However, the existing approaches to in‐advance reservation services provide limited reservation capabilities, eg, limited connections over links returned by the traceroute over traditional IP‐based networks. Moreover, most existing approaches do not address fault tolerance in the event of node or link failures and do not handle end‐host migrations; thus, they do not provide a reliability guarantee for in‐advance reservation frameworks. In this paper, we propose using multiple paths to increase bandwidth usage in the WAN links between data centers when a single path does not provide the requested bandwidth. Emulation‐based evaluations of the proposed path computation show a higher reservation acceptance rate compared to state‐of‐art reservation frameworks, and such computed paths can be configured with a limited number of static forwarding rules on switches. Our prototype provides the RESTful Web service interface for link‐fail and end‐host migration event management and reroutes paths for all the affected reservations.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS.     

An on‐demand data broadcasting scheduling algorithm based on dynamic index strategy

On‐demand data broadcasting scheduling is an effective wireless data dissemination technique. Existing scheduling algorithms usually have two problems: (1) with the explosive growth of mobile users and real‐time individual requirements, broadcasting systems present a shortage of scalability, dynamics and timeliness (request drop ratio); (2) with the growth of intelligent and entertained application, energy consumption of mobile client cannot be persistent (tuning time). This paper proposes an effective scheduling algorithm LxRxW. It takes into account the number of lost requests during next item broadcasting time, the number of requests and the waiting time. LxRxW can reduce the request drop ratio. At the same time, the algorithm employs a dynamic index strategy to put forward a dynamic adjusting method on the index cycle length (DAIL) to determine the proper index cycle. Extensive experimental results show that the LxRxW algorithm has better performance than other state‐of‐the‐art scheduling algorithms and can significantly reduce the drop ratio of user requests by 40%–50%. The request drop ratio and accessing time of LxRxW with index increase by 1%–2% than LxRxW algorithm without index, but the tuning time decreases by 70%. The index strategy shows that when the index cycle length is less than 20units, it can significantly reduce the average tuning time but when the index cycle length continues increasing, the average tuning time will increase contrarily. DAIL can dynamically determine the length of index cycle. Moreover, it can reach optimal integrated performance of the request drop ratio, the average accessing time and the average tuning time. Copyright © 2013 John Wiley & Sons, Ltd.     

A simplified deniable authentication scheme in cloud‐based pay‐TV system with privacy protection

Cloud computing is a milestones for computing model, which enables on‐demand, flexible, and low‐cost usage of computing resources, especially for cloud storage. Nowadays, the services of cloud‐based pay‐TV systems are emerging endlessly. But these pay‐TV systems' privacy is not given enough attention. The users not only care about their information revealed during transmission processes but are also concerned about whether the video contents that they have seen were recorded by the pay‐TV systems or not. In this work, I propose a novel deniable authentication protocol in a cloud‐based pay‐TV system, named DAP‐TV, aiming to achieve mutual authentication, deniability, and privacy protection in cloud‐based pay‐TV systems. The unique feature of our scheme is deniability which means a pay‐TV system to identify a user is a legal user, but the pay‐TV system cannot prove video contents that the user has seen to any third party over an unsecured network. In additon, our scheme is based on chaotic maps, which is a highly efficient cryptosystem and is firstly used to construct a deniable authentication scheme in pay‐TV systems. Finally, we give the formal security proof and efficiency comparison with recently related works.     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

React‐on‐Demand (RoD) Fabrication of Highly Conductive Metal–Polymer Hybrid Structure for Flexible Electronics via One‐Step Direct Writing or Printing

As a fast prototyping technique, direct writing of flexible electronics is gaining popularity for its low‐cost, simplicity, ultrahigh portability, and ease of use. However, the latest handwritten circuits reported either have relative low conductivity or require additional post‐treatment, keeping this emerging technology away from end‐users. Here, a one‐step react‐on‐demand (RoD) method for fabricating flexible circuits with ultralow sheet resistance, enhanced safety, and durability is proposed. With the special functionalized substrate, a real‐time 3D synthesis of silver plates in microscale is triggered on‐demand right beneath the tip in the water‐swelled polyvinyl alcohol (PVA) coating, forming a 3D metal–polymer hybrid structure of ≈7 µm with one single stroke. The as‐fabricated silver traces show an enhanced durability and ultralow sheet resistance down to 4 mΩ sq^?1 which is by far the lowest sheet resistance reported in literatures achieved by direct writing. Meanwhile, PVA seal small particles inside the film, adding additional safety to this technology. Since neither nanomaterials nor a harsh fabrication environment are required, the proposed method remains low cost, user friendly, and accessible to end users. With little effort, the RoD approach can be extended to various printing systems, offering a particle‐free, sintering‐free solution for high‐resolution, high‐speed production of flexible electronics.     

LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

Detection and measurement of radio frequency feedback for an on‐frequency repeater

The radio frequency feedback (RFF) occurs when the insulation is insufficient between the antennas of an on‐frequency repeater, increasing digital transmission errors. In addition, a strong RFF could compromise system stability of the on‐frequency repeater because of the growing power in the closed‐loop. Automatic gain control is widely used by the on‐frequency repeater to regulate the power, this solution being generally used with echo cancellation processes. Most of echo cancellation techniques are based on digital processing such as adaptive filters whose the effectiveness and the algorithm speed are depending on the signal frequency, the bandwidth and the closed‐loop parameters. This paper describes a solution of RFF estimation and detection regardless of the receiving signal modulation. By using the frequency scanning and the analysis of the power spectral density peaks in the system, this solution is reliable whatever are the values of the gain‐margin and the loop‐delay. Simulations and experimental implementation using field‐programmable gate array validate the solution. In addition, an example of applications is given in the context of the interference cancellation.