A secure end‐to‐end SMS‐based mobile banking protocol

Short message service (SMS) provides a wide channel of communication for banking in mobile commerce and mobile payment. The transmission of SMS is not secure in the network using global system for mobile communications or general packet radio service. Security threats in SMS restricted the use of SMS in mobile banking within certain limits. This paper proposed a model to address the security of SMS using elliptic curve cryptography. The proposed model provides end‐to‐end SMS communication between the customer and the bank through the mobile application. The main objective of the proposed model is to design and develop a security framework for SMS banking. Further, the protocol is verified for its correctness and security properties because most of the protocols are not having the facility to be verified by using the formal methods. Our proposed framework is experimentally validated by formal methods using model checking tool called automated validation of internet security protocols and Scyther tools. Security analysis shows that the proposed mechanism works better compared to existing SMS payment protocols for real‐world applications.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

Efficient and secure business model for content centric network using elliptic curve cryptography

Initially, Internet has evolved as a resource sharing model where resources are identified by IP addresses. However, with rapid technological advancement, resources/hardware has become cheap and thus, the need of sharing hardware over Internet is reduced. Moreover, people are using Internet mainly for information exchange and hence, Internet has gradually shifted from resource sharing to information sharing model. To meet the recent growing demand of information exchange, Content Centric Network (CCN) is envisaged as a clean‐slate future network architecture which is specially destined for smooth content distribution over Internet. In CCN, content is easily made available using network caching mechanism which is misaligned with the existing business policy of content providers/publishers in IP‐based Internet. Hence, the transition from contemporary IP‐based Internet to CCN demands attention for redesigning the business policy of the content publishers/providers. In this paper, we have proposed efficient and secure communication protocols for flexible CCN business model to protect the existing business policies of the content publisher while maintaining the salient CCN features like in‐network content caching and Interest packet aggregation. To enhance the efficiency and security, the Elliptic Curve Cryptography (ECC) is used. The proposed ECC‐based scheme is analyzed to show that it is resilient to relevant existing cryptographic attacks. The performance analysis in terms of less computation and communication overheads and increased efficiency is given. Moreover, a formal security verification of the proposed scheme is done using widely used AVISPA simulator and BAN logic that shows our scheme is well secured.     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

采用云和PUF的轻量级RFID双标签认证协议

针对医药系统中药品和说明书同时认证的应用需求,提出一种快速双标签身份认证方案。该方案引入云服务器和物理不可克隆函数,确保了射频识别系统的可扩展性和标签的不可克隆性。针对传统射频识别系统逐一认证双标签效率较低的问题,提出一种双标签响应合并流程;针对物理不可克隆函数引发的系统错误认证问题,计算了物理不可克隆函数响应的最佳认证阈值,以降低系统的认证错误率;针对云服务器的不可信问题,提出3种超轻量级位流函数以实现两种加密机制,从而保护前向信道免受云服务器隐私泄露的威胁。安全分析表明,快速双标签身份认证协议可满足标签匿名性和不可追踪性,并能有效地抵抗克隆攻击、去同步化攻击、重放攻击等恶意攻击。此外,使用BAN逻辑分析和AVISPA工具,进一步验证了协议的安全性。与近期的认证协议相比,快速双标签身份认证协议的服务器搜索耗时最短,在满足各项安全属性的同时,以近似单标签的资源开销实现了对双标签的快速认证,适用于资源受限的大规模双标签认证场景。     

5G异构网络中基于群组的切换认证方案

随着5G网络的发展,各类网络服务质量极大提升的同时网络环境也愈加复杂,从而带来了一系列安全挑战。切换认证可以解决用户在不同类型网络间的接入认证问题,但现存方案仍存在一些不足,还需要解决如全局切换认证、密钥协商、隐私保护、抵抗伪装攻击、抵抗中间人攻击、抵抗重放攻击以及群组用户切换效率等问题。针对这些问题,提出了一个5G异构网络中基于群组的切换认证方案。在所提出的方案中,注册域服务器在区块链上为每个用户存入一个通行证,任何实体都可以利用该通行证对用户进行认证,从而实现全局切换认证。对于群组用户,各用户分别设置可聚合的认证参数,验证者通过验证聚合签名实现对群组用户的批量验证。新方案不仅提升了群组用户切换时的效率,同时还满足上述安全性要求。基于形式化分析软件AVISPA的分析结果表明,所提出的方案是安全的。性能分析表明,所提出的方案执行批量验证时的效率比现存方案至少提升了89.8%。     

怎样用好AVISPA工具

AVISPA安全协议分析工具是一套完整、标准的形式化自动分析工具;结合XEmaes模式能够设置更加直观而简便的操作和编译环境,对安全协议进行分析并得出结论.     

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.     

OLSR协议的AVISPA分析研究

协议的安全目标分为认证性、非否认性、可追究性、公平性四种,其中,认证性应用最为广泛和重要,是网络安全性的基础。分析了先应式链路状态路由协议OLSR及其安性,并采用AVISPA工具对OLSR协议的既定目标进行分析验证,验证结果表明,该设计是安全的。     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.