Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumers via high-speed internet. The consumer can access these services anytime and anywhere on a balanced service cost. Many traditional authentication protocols are proposed to secure public cloud computing. However, the rapid development of high-speed internet and organizations’ race to develop quantum computers is a nightmare for existing authentication schemes. These traditional authentication protocols are based on factorization or discrete logarithm problems. As a result, traditional authentication protocols are vulnerable in the quantum computing era. Therefore, in this article, we have proposed an authentication protocol based on the lattice technique for public cloud computing to resist quantum attacks and prevent all known traditional security attacks. The proposed lattice-based authentication protocol is provably secure under the Real-Or-Random (ROR) model. At the same time, the result obtained during the experiments proved that our protocol is lightweight compared to the existing lattice-based authentication protocols, as listed in the performance analysis section. The comparative analysis shows that the protocol is suitable for practical implementation in a quantum-based environment.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

A Secure Three-Factor Authenticated Key Agreement Scheme for Multi-Server Environment

Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years. However, traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service. Moreover, it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party. In order to overcome these difficulties, we designed a secure threefactor multi-server authenticated key agreement protocol based on elliptic curve cryptography, which needs the user to register only once at the registration center in order to access all semi-trusted servers. The proposed scheme can not only against various known attacks but also provides high computational efficiency. Besides, we have proved our scheme fulfills mutual authentication by using the authentication test method.     

Cloud Security Service for Identifying Unauthorized User Behaviour

Recently, an innovative trend like cloud computing has progressed quickly in Information Technology. For a background of distributed networks, the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model. The cloud computing environment extracts the execution details of services and systems from end-users and developers. Additionally, through the system’s virtualization accomplished using resource pooling, cloud computing resources become more accessible. The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper. With the help of multi-agents, we attempt to represent Open-Identity (ID) design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud. This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner. Based on attack-oriented threat model security, the evaluation works. By considering security for both authentication and authorization systems, possible security threats are analyzed by the proposed security systems.     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

Transparent Access to Heterogeneous IoT Based on Virtual Resources

The Internet of Things (IoT) inspires industries to deploy a massive number of connected devices to provide smart and ubiquitous services to influence our daily life. Edge computing leverages sufficient computation and storage at the edge of the network to enable deploying complex functions closer to the environment using Internet-connected devices. According to the purpose of the environment including privacy level, domain functionality, network scale and service quality, various environment-specific services can be provided through heterogeneous applications with sensors and actuators based on edge computing. However, for providing user-friendly service scenarios based on the transparent access to heterogeneous devices in edge computing, a consistent interface shall be provided to deliver services from edge computing to clients. In this paper, we propose transparent computing based on virtual resources to access heterogeneous IoT devices without considering the underlying network configuration at the edge of the networks. For supporting transparent access to different edge computing environments through a consistent interface, the virtual resource of edge gateway is proposed to bridge the Internet and devices which are deployed on the edge of the network. The proposed edge gateway exposes the services of the Internet of Things devices to the Internet using virtual resources that represent the resources of physical devices. The virtual resources provide a consistent interface to enable clients to access devices in edge computing without considering underlying protocols. The virtual resource is generated by the resource directory in the edge gateway through the registration of a device. Based on the device registration, the device information is stored in the gateway to link virtual resources and devices for translating messages according to the destination protocols and identifying physical devices that are represented by virtual resources. Moreover, through collaboration with the service provider, the function of device discovery and monitoring is provided to clients.     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

Efficient Authentication Scheme for UAV-Assisted Mobile Edge Computing

Preserving privacy is imperative in the new unmanned aerial vehicle (UAV)-assisted mobile edge computing (MEC) architecture to ensure that sensitive information is protected and kept secure throughout the communication. Simultaneously, efficiency must be considered while developing such a privacy-preserving scheme because the devices involved in these architectures are resource constrained. This study proposes a lightweight and efficient authentication scheme for the UAV-assisted MEC environment. The proposed scheme is a hardware-based password-less authentication mechanism that is based on the fact that temporal and memory-related efficiency can be significantly improved while maintaining the data security by adopting a hardware-based solution with a simple implementation. The proposed scheme works in four stages: system initialization, EU registration, EU authentication, and session establishment. It is implemented as a single hardware chip comprising registers and XOR gates, and it can run the entire process in one clock cycle. Consequently, the proposed scheme has significantly higher efficiency in terms of runtime and memory consumption compared to other prevalent methods in the area. Simulations are conducted to evaluate the proposed authentication algorithm. The results show that the scheme has an average execution time of 0.986 ms and consumes average memory of 34 KB. The hardware execution time is approximately 0.39 ns, which is a significantly less than the prevalent schemes, whose execution times range in milliseconds. Furthermore, the security of the proposed scheme is examined, and it is resistant to brute-force attacks. Around 1.158 × 10⁷⁷ trials are required to overcome the system’s security, which is not feasible using fastest available processors.     

基于情境感知的哮喘移动医疗应用的设计策略研究

目的 探索在哮喘移动医疗应用设计中情境感知理论的介入点,以期改善目前哮喘移动医疗服务的质量低、同质化等问题,从而提升哮喘移动医疗应用的实际诊疗效果和用户体验。方法 通过对情境感知理论发展的简单梳理和哮喘管理情境因素的分析,结合当前社会大数据、云计算和智能移动设备背景下的哮喘移动医疗服务特性,凝练出包含用户、任务、社群、设备这4种情境因素的哮喘移动医疗服务情境模型,并从优化应用功能、提升服务深度、加强用户体验的角度入手,提出基于上述情境因素的设计策略。结论 情境感知理论的运用,加强了应用对于情境信息的感知能力,有助于理解患者特征和行为,深度挖掘患者需求,向患者提供更具个性化、情感化的哮喘移动医疗服务,提升哮喘自我管理的效果。     

面向用户个性化需求的云服务商推荐

针对当前不具备专业知识的用户难以从海量云服务中选择满足其偏好的云服务商的问题，构建了满足用户需求偏好的云服务商推荐模型。该模型包括以下3部分：首先，从用户角度，通过模糊评价的方法确定并衡量用户对云服务的需求偏好；其次，从云服务商角度，通过模糊评价法和熵权法确定并衡量其满足用户需求的能力；最后，利用相似距离公式，将用户与候选服务商的相似性程度进行排序，向用户推荐最匹配的云服务商。算例结果表明，与传统的推荐方法相比，该模型能够更好地针对用户对云服务各项指标的偏好进行推荐，提高了用户选择云服务商的准确性。     

An Efficient Lightweight Authentication and Key Agreement Protocol for Patient Privacy

Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers. In this system, service providers consider user authentication as a critical requirement. To address this crucial requirement, various types of validation and key agreement protocols have been employed. The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws. This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol. The secureness of the proposed protocol undergoes an informal analysis, whose findings show that different security features are provided, including perfect forward secrecy and a resistance to DoS attacks. Furthermore, it is simulated and formally analyzed using Scyther tool. Simulation results indicate the protocol’s robustness, both in perfect forward security and against various attacks. In addition, the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost. The time complexity of the proposed protocol only involves time of performing a hash function T_h, i.e.,: O(12T_h). Average time required for executing the authentication is 0.006 seconds; with number of bit exchange is 704, both values are the lowest among the other protocols. The results of the comparison point to a superior performance by the proposed protocol.     

Cloud Data Encryption and Authentication Based on Enhanced Merkle Hash Tree Method

Many organizations apply cloud computing to store and effectively process data for various applications. The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity. In this research, an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data. Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data. Merkle Hash tree provides the efficient mapping of data and easily identifies the changes made in the data due to proper structure. The developed model supports privacy-preserving public auditing to provide a secure cloud storage system. The data owners upload the data in the cloud and edit the data using the private key. An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches. The data files requested by the data owner are audit by a third-party auditor and the multi-owner authentication method is applied during the modification process to authenticate the user. The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.     

Resource Allocation in Edge-Computing Based Wireless Networks Based on Differential Game and Feedback Control

In this paper, we have proposed a differential game model to optimally solve the resource allocation problems in the edge-computing based wireless networks. In the proposed model, a wireless network with one cloud-computing center (CC) and lots of edge services providers (ESPs) is investigated. In order to provide users with higher services quality, the ESPs in the proposed wireless network should lease the computing resources from the CC and the CC can allocate its idle cloud computing resource to the ESPs. We will try to optimally allocate the edge computing resources between the ESPs and CC using the differential game and feedback control. Based on the proposed model, the ESPs can choose the amount of computing resources from the CC using feedback control, which is affected by the unit price of computing resources controlled by the CC. In the simulation part, the optimal allocated resources for users’ services are obtained based on the Nash equilibrium of the proposed differential game. The effectiveness and correctness of the proposed scheme is also verified through the numerical simulations and results.     

Game-Oriented Security Strategy Against Hotspot Attacks for Internet of Vehicles

With the rapid development of mobile communication technology, the application of internet of vehicles (IoV) services, such as for information services, driving safety, and traffic efficiency, is growing constantly. For businesses with low transmission delay, high data processing capacity and large storage capacity, by deploying edge computing in the IoV, data processing, encryption and decision-making can be completed at the local end, thus providing real-time and highly reliable communication capability. The roadside unit (RSU), as an important part of edge computing in the IoV, fulfils an important data forwarding function and provides an interactive communication channel for vehicles and server providers. Additional computing resources can be configured to accommodate the computing requirements of users. In this study, a virtual traffic defense strategy based on a differential game is proposed to solve the security problem of user-sensitive information leakage when an RSU is attacked. An incentive mechanism encourages service vehicles within the hot range to send virtual traffic to another RSU. By attracting the attention of attackers, it covers the target RSU and protects the system from attack. Simulation results show that the scheme provides the optimal strategy for intelligent vehicles to transmit virtual data, and ensures the maximization of users’ interests.     

Root-Of-Trust for Continuous Integration and Continuous Deployment Pipeline in Cloud Computing

Cloud computing has gained significant use over the last decade due to its several benefits, including cost savings associated with setup, deployments, delivery, physical resource sharing across virtual machines, and availability of on-demand cloud services. However, in addition to usual threats in almost every computing environment, cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm. Furthermore, since there are a growing number of attacks directed at cloud environments (including dictionary attacks, replay code attacks, denial of service attacks, rootkit attacks, code injection attacks, etc.), customers require additional assurances before adopting cloud services. Moreover, the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches. In this study, the model based on the root of trust for continuous integration and continuous deployment is proposed, instead of only relying on a single sign-on authentication method that typically uses only id and password. The underlying study opted hardware security module by utilizing the Trusted Platform Module (TPM), which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers. The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.     

一种新的轻量级的RFID认证协议(英文)

无线射频识别技术(RFID)有望在不久的将来取代条形码系统,它的信息存储量以及传输信息的能力相比条形码都有明显的优势。然而,由此引发的用户隐私入侵和系统安全威胁一直是用户日益关注的问题。由于其设备的资源受限,以及无法执行强加密算法,因此于RFID系统中安全协议的执行是一个极大的挑战。为此,近来许多认证协议已被提出以防止未经授权的定位跟踪、检测、假冒、克隆等。本文提出了一种新的有效的轻量级射频识别认证协议,对于某些应用,它已能提供足够的安全级别。该协议中标签只需执行hash和异或运算而阅读器和后台服务器承担大部分的运算量包括伪随机数的产生以及加解密的运算。相比于其他协议,我们实现了防止隐私泄露、伪装等安全攻击的特点,适合于低成本、低计算量的RFID系统。     

Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps

To secure web applications from Man-In-The-Middle (MITM) and phishing attacks is a challenging task nowadays. For this purpose, authentication protocol plays a vital role in web communication which securely transfers data from one party to another. This authentication works via OpenID, Kerberos, password authentication protocols, etc. However, there are still some limitations present in the reported security protocols. In this paper, the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method. The proposed OpenID-based encrypted Email’s Authentication, Authorization, and Accounting (EAAA) protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String (SSEAS). This string is deployed on both the relying party and the email server, which is unique and trustworthy. The first authentication, OpenID Uniform Resource Locator (URL) identity, is performed on the identity provider side. A second authentication is carried out by the hidden Email’s server side and receives a third authentication link. This Email’s third SSEAS authentication link manages on the relying party (RP). Compared to existing cryptographic single sign-on protocols, the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks. This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods, such as Single Sign-On (SSO) and OpenID. The experimental sites were examined by 72 information technology (IT) specialists, who found that 88.89% of respondents successfully validated the user authorization provided to them via Email. The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.     

A Multi-Tenant Usage Access Model for Cloud Computing

Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures. It offers tremendous advantages for enterprises and service providers. It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service. To realize access control in a multi-tenant cloud computing environment, this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants. The model consists of three submodels, which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios. With an established trust relation in MT-UCON (Multi-tenant Usage Access Control), the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor. In addition, the security of the model is analyzed by an information flow method. The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.