Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Three‐party password‐authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol. Copyright © 2014 John Wiley & Sons, Ltd.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture

From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

Secure multicast routing protocols in mobile ad‐hoc networks

A mobile ad‐hoc network (MANET) is a collection of autonomous nodes that communicate with each other by forming a multi‐hop radio network. Routing protocols in MANETs define how routes between source and destination nodes are established and maintained. Multicast routing provides a bandwidth‐efficient means for supporting group‐oriented applications. The increasing demand for such applications coupled with the inherent characteristics of MANETs (e.g., lack of infrastructure and node mobility) have made secure multicast routing a crucial yet challenging issue. Recently, several multicast routing protocols (MRP) have been proposed in MANETs. Depending on whether security is built‐in or added, MRP can be classified into two types: secure and security‐enhanced routing protocols, respectively. This paper presents a survey on secure and security‐enhanced MRP along with their security techniques and the types of attacks they can confront. A detailed comparison for the capability of the various routing protocols against some known attacks is also presented and analyzed. Copyright © 2013 John Wiley & Sons, Ltd.     

Forgery attacks of an identity‐based multi‐proxy signature scheme

Multi‐proxy signature is used to delegate a permission of an owner to at least two proxies in the digital world. Recently, Sahu and Padhye gave a new construction of identity‐based multi‐proxy signature. Their scheme's security was supported by a reduction proof against a hard mathematical problem. Even supported by such security proofs, we present some forgery attacks against Sahu and Padhye's scheme. We demonstrate that any dishonest insider or any malicious outsider can break the security of Sahu and Padhye's scheme by forging either a permission or a multi‐proxy signature. In fact, our forgery attacks exploit the security weakness in their underlying identity‐based signature scheme, which is the fundamental constructing component of their proposed scheme. Copyright © 2014 John Wiley & Sons, Ltd.     

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off‐line and online password‐guessing, identity‐guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3‐factor–based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows‐Abadi‐Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.     

FPGA implementation of highly secure,hardware‐efficient QC‐LDPC code–based nonlinear cryptosystem for wireless sensor networks

This paper presents the design and implementation of an integrated architecture for embedding security into quasi‐cyclic (QC) low‐density parity‐check (LDPC) code–based cryptographic system through a nonlinear function of low hardware complexity. Instead of using standard S ‐boxes for implementation of nonlinear function, this paper considers a method on the basis of maximum length cellular automata (CA), so that enhanced security can be achieved with simple hardware structure. The proposed system adopts a lightweight random bit stream generator on the basis of linear feedback shift register (LFSR) for generating random error vectors, so that a large number of vectors with very good cryptographic properties can be made available with low hardware cost. Different permutation patterns generated for different message blocks help to provide good degrees of freedom for tuning security with reasonable key size. The hardware architecture for the proposed system is developed and validated through implementation on Xilinx Spartan 3S500E. Analytical and synthesis results show that the proposed scheme is lightweight and offers very high security through continuously changing parameters, thus making it highly suitable for resource‐constrained applications.     

An improved anonymous multi‐receiver identity‐based encryption scheme

Anonymous receiver encryption is an important cryptographic primitive. It allows a sender to use the public identities of multiple receivers to encrypt messages so that only the authorized receivers or a privileged set of users can decrypt the messages, and the identities of the receivers are not revealed. Recently, Zhang et al. proposed a novel anonymous multi‐receiver encryption scheme and claimed that their scheme could realize the receiver's identity privacy. Unfortunately, in this paper, we pointed out that the scheme by Zhang et al. did not achieve the anonymity of the receiver identity after analyzing the security of the scheme. At the same time, we give the corresponding attack. After analyzing the reason to produce such attacks, a novel anonymous multi‐receiver encryption scheme is given to achieve the anonymity of the receiver's identities. And we formally prove that the proposed scheme is semantically secure for confidentiality and receiver identities’ anonymity. The security of the scheme is based on decisional bilinear Diffie‐Hellman problem. Compared with the scheme by Zhang et al., Fan et al., Wang et al., and Chien et al., our scheme is shown to be better performance and robust security. To the best of our knowledge, our scheme is most efficient in terms of computational cost and communication overhead. Copyright © 2013 John Wiley & Sons, Ltd.     

Improvement of robust smart‐card‐based password authentication scheme

Smart‐card‐based password authentication scheme is one of the commonly used mechanisms to prevent unauthorized service and resource access and to remove the potential security threats over the insecure networks and has been investigated extensively in the last decade. Recently, Chen et al. proposed a smart‐card‐based password authentication scheme and claimed that the scheme can withstand offline password guessing attacks even if the information stored in the smart card is extracted by the adversary. However, we observe that the scheme of Chen et al. is insecure against offline password guessing attacks in this case. To remedy this security problem, we propose an improved authentication protocol, which inherits the merits of the scheme of Chen et al. and is free from the security flaw of their scheme. Compared with the previous schemes, our improved scheme provides more security guarantees while keeping efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

Multi‐carrier platform for wireless communications. Part 2: OFDM and MC‐CDMA systems with high‐performance,high‐throughput via innovations in spreading

Multi‐carrier technologies in general, and OFDM and MC‐CDMA in particular, are an integral part of the wireless landscape. In this second part of a two‐part survey, the authors present an innovative set of spreading codes known as CI codes, and demonstrate how these significantly increase performance and capacity in OFDM and MC‐CDMA systems, all the while eliminating PAPR concerns. Regarding OFDM: the spreading of each symbol over all N carriers using CI spreading codes (replacing the current one symbol per carrier strategy) are presented. CI codes are ideally suited for spreading OFDM since, when compared to traditional OFDM, CI‐based OFDM systems achieve the performance of coded OFDM (COFDM) while maintaining the throughput of uncoded OFDM, and, at the same time, eliminate PAPR concerns. When applied to MC‐CDMA, CI codes provide a simple means of supporting 2N users on N carriers while maintaining the performance of an N‐user Hadamard Walsh code MC‐CDMA system, i.e., CI codes double MC‐CDMA network capacity without loss in performance. The CI codes used in OFDM and MC‐CDMA systems are directly related to the CI pulse (chip) shapes used to enhance TDMA and DS‐CDMA (see part 1): hence, the CI approach provides a common hardware platform for today's multi‐carrier/multiple‐access technologies, enabling software radio applications. Copyright © 2002 John Wiley & Sons, Ltd.     

Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce

Nowadays, many people perform their commercial activities, such as electronic payment and electronic banking, through their mobile phones. Mobile commerce (m‐commerce) refers to manipulating electronic commerce (e‐commerce) by using mobile devices and wireless networks. Radio‐frequency identification (RFID) is a technology which can be employed to complete payment functions on m‐commerce. As an RFID subsystem is applied in m‐commerce and supply chains, the related security concerns are very important. Recently, Fan et al. have proposed an ultra‐lightweight RFID authentication scheme for m‐commerce (ULRAS) and claimed that their protocol is efficient enough and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve it to a protocol that is resistant to the attacks presented in this paper and the other known attacks in the context of RFID authentication. We further analyze the security of the improved protocol through the Burrows–Abadi–Needham logic (BAN‐logic). Moreover, our proposed improvement does not impose any additional workload on the RFID tag.     

Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol

Two‐factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off‐line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off‐line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off‐line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security‐enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus. Copyright © 2014 John Wiley & Sons, Ltd.     

A lightweight authentication scheme based on self‐updating strategy for space information network

The security of space information network (SIN) is getting more and more important now. Because of the special features of SIN (e.g., the dynamic and unstable topology, the highly exposed links, the restricted computation power, the flexible networking methods, and so on), the security protocol for SIN should have a balance between security properties and computation/storage overhead. Although a lot of security protocols have been proposed recently, few can provide overall attacks resistance power with low computation and storage cost. To solve this problem, in this paper we propose a lightweight authentication scheme for space information network. It is mainly based on the self‐updating strategy for user's temporary identity. The scheme consists of two phases, namely, the registration phase and the authentication phase. All the computing operations involved are just hash function (h), the bit‐wise exclusive‐or operation (⊕), and the string concatenation operation (||), which are of low computation cost. The security properties discussion and the attacks–resistance power analysis show that the proposed authentication scheme can defend against various typical attacks, especially denial of service attacks. It is sufficiently secure with the lowest computation and storage costs. Furthermore, the formal security proof in SVO logic also demonstrates that the scheme can satisfy the security goals very well. Copyright © 2016 John Wiley & Sons, Ltd.     

Detection of man‐in‐the‐middle attacks using physical layer wireless security techniques

Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could potentially be protected by security authentication mechanisms, malicious users can still intercept the information by mimicking the characteristics of normal user or a legitimate access point. This scenario is referred as a man‐in‐the‐middle (MITM) attack. In the MITM attack, the attackers can bypass the security mechanisms, intercept the unprotected transmission packets, and sniff the information. Because of several vulnerabilities in the IEEE 802.11 protocol, it is difficult to defend against a wireless MITM attack. In this paper, a received signal strength indicator (RSSI)‐based detection mechanism for MITM attacks is proposed. RSSI information is an arbitrary integer that indicates the power level being received by the antenna. The random RSSI values are processed via a sliding window, yielding statistic information about the signal characteristics such as mean and standard deviation profiles. By analyzing those profiles, the detection mechanism can detect if a rogue access point, the key component of an MITM attack, is launched. Our proposed approach has been validated via hardware experimentation using Backtrack 5 tools and MATLAB software suite. Copyright © 2014 John Wiley & Sons, Ltd.     

A fault‐tolerant group key agreement protocol exploiting dynamic setting

A fault‐tolerant group key agreement is an essential infrastructure for Internet communication among all involved participants; it can establish a secure session key no matter how many malicious participants exit simultaneously in an effort to disrupt the key agreement process. Recently, Zhao et al. proposed an efficient fault‐tolerant group key agreement protocol named efficient group key agreement that can resist denial‐of‐service attacks, reply attacks, man‐in‐middle attacks, and common modulus attacks; it can also preserve forward secrecy with lower computational cost than previous protocols. We show that it is still vulnerable to active attacks by malicious participants and modify the corresponding security weakness adaptively. Furthermore, we propose an efficient fault‐tolerant group key agreement based on a binary tree structure and enhance it to a dynamic setting where participants can leave or join the group arbitrarily according to their preferences with instant session key refreshment. Additionally, our session key refreshment is based on secure key updating to protect forward/backward confidentiality and is resistant to active/passive attacks. The performance analysis shows that our proposed protocol has lower computational cost and little additional communication cost exploiting dynamic setting. Copyright © 2013 John Wiley & Sons, Ltd.     

DDoS protection with stateful software‐defined networking

Distributed denial of service (DDoS) attacks represent one of the most critical security challenges facing network operators. Software‐defined networking (SDN) permits fast reactions to such threats by dynamically enforcing simple forwarding/blocking rules as countermeasures. However, the centralization of the control plane requires that the SDN controller, besides network management operations, should also collect information to identify and mitigate the security menaces. A major drawback of this approach is that it may overload the controller and the control channel. On the other hand, stateful SDN represents a new concept, developed to improve reactivity and offload the controller by delegating local treatments to the switches. In this article, we embrace this paradigm to protect end‐hosts from DDoS attacks. We propose StateSec, a novel approach based on in‐switch processing capabilities to detect and mitigate flooding threats. StateSec monitors packets matching configurable traffic features without resorting to the controller. By feeding an entropy‐based detection algorithm with such monitoring features, it detects and mitigates several threats such as (D)DoS with high accuracy. We implemented StateSec in an SDN platform comparing it with state‐of‐the‐art approaches. We show that StateSec is far more efficient: It achieves very accurate detection levels, reducing at the same time the control plane overhead. We have also evaluated the memory footprint of StateSec for a possible use in production. Finally, we deployed StateSec over a real network to tune its parameters and assess its suitability to real‐world deployments.