Search Results (92)

Wireless medical sensor networks (WMSNs) have evolved alongside the development of communication systems, and the integration of cloud computing has enabled scalable and efficient medical data management. However, since the messages in WMSNs are transmitted over open channels, they are vulnerable to eavesdropping, replay, impersonation, and other various attacks. In response to these security concerns, Keshta et al. suggested an authentication protocol to establish secure communication in the cloud-assisted WMSNs. However, our analysis reveals their protocol cannot prevent session key disclosure, impersonation of the user and sensor node, and denial of service (DoS) attacks. Moreover, Keshta et al.’s protocol cannot support user untraceability due to fixed hidden identity. To address these weaknesses, we propose a physical unclonable function (PUF) based secure authentication protocol for cloud-assisted WMSNs. The protocol uses lightweight operations, provides mutual authentication between user, cloud server, and sensor node, and supports user anonymity and untraceability. We validate the proposed protocol’s security through informal analysis on various security attacks and formal analysis including “Burrows–Abadi–Needham (BAN) logic”, “Real-or-Random (RoR) model” for session key security, and “Automated Validation of Internet Security Protocols and Application (AVISPA) simulations”. Performance evaluation demonstrates lower communication cost and computation overhead compared with existing protocols, making the proposed protocol suitable for WMSN environments. Full article

The large-scale deployment of distributed devices in the Internet of Things (IoT) brings urgent demands for secure, scalable, and lightweight identity authentication. For example, virtual power plants integrate numerous heterogeneous energy terminals to support grid dispatch and market operations, while posing challenges such as real-time access, resource constraints, and identity privacy protection. To address these challenges, this paper proposes NIABIAuth, a non-interactive attribute binding identity authentication protocol for IoT terminals. NIABIAuth supports dynamic challenge computation and binds cryptographic identity proofs with terminal attributes, enabling fine-grained and privacy preserving access control. By storing identity credentials and verification records on the chain, this protocol ensures traceability and tamper resistance. Experiments demonstrate that NIABIAuth maintains low authentication latency and is consistent throughput, even under constrained conditions. Compared with baseline methods, NIABIAuth achieves substantial reductions in communication and computation cost. The proposed NIABIAuth was formally verified using the AVISPA tool, which proved that it could resist common attacks, including replay attacks, man-in-the-middle attacks, etc. A large number of simulation experiments have demonstrated that the proposed protocol can provide real-time identity authentication for Internet of Things terminals. Full article

The Industrial Internet of Things (IIoT) integrates a wide range of devices and identities, making the protection of sensitive industrial data a critical challenge. However, existing centralized systems still face limitations such as single points of failure, inefficient identity authentication, and dependence on trusted third parties (TTPs). To address these issues, we present a blockchain-based authentication and data access control scheme for IIoT systems. The proposed scheme eliminates TTP involvement by employing decentralized identifiers (DIDs) and key-aggregate searchable encryption (KASE), utilizing scalable authentication without requiring all industrial data to be stored on the blockchain. Security robustness is demonstrated through informal analysis, the Real-or-Random (ROR) model, and the AVISPA simulation tool (v1.6). Furthermore, performance evaluation using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) SDK shows that the proposed scheme achieves computational efficiency compared with existing solutions. Overall, the results confirm that the proposed scheme provides secure, efficient, scalable, and TTP-free data management for IIoT environments. Full article

Computational task offloading is a key technology in the field of vehicle-to-everything (V2X) communication, where security issues represent a core challenge throughout the offloading process. We must ensure the legitimacy of both the offloading entity (requesting vehicle) and the offloader (edge server or assisting vehicle), as well as the confidentiality and integrity of task data during transmission and processing. To this end, we propose a security authentication scheme for the V2X computational task offloading environment. We conducted rigorous formal and informal analyses of the scheme, supplemented by verification using the formal security verification tool AVISPA. This demonstrates that the proposed scheme possesses fundamental security properties in the V2X environment, capable of resisting various threats and attacks. Furthermore, compared to other related authentication schemes, our proposed solution exhibits favorable performance in terms of computational and communication overhead. Finally, we conducted network simulations using NS-3 to evaluate the scheme’s performance at the network layer. Overall, the proposed scheme provides reliable and scalable security guarantees tailored to the requirements of computing task offloading in V2X environments. Full article

Smart farming is an agricultural technology integrating advanced technology such as cloud computing, Artificial Intelligence (AI), the Internet of Things (IoT), and robots into traditional farming. Smart farming can help farmers by increasing agricultural production and managing resources efficiently. However, malicious attackers can attempt security attacks because communication in smart farming is conducted via public channels. Therefore, an authentication scheme is necessary to ensure security in smart farming. In 2024, Rahaman et al. proposed a privacy-centric authentication scheme for smart farm monitoring. However, we demonstrated that their scheme is vulnerable to stolen mobile device, impersonation, and ephemeral secret leakage attacks. This paper suggests a secure and privacy-preserving scheme to resolve the security defects of the scheme proposed by Rahaman et al. We also verified the security of our scheme through “the Burrows-Abadi-Needham (BAN) logic”, “Real-or-Random (RoR) model”, and “Automated Validation of Internet Security Protocols and Application (AVISPA) tool”. Furthermore, a performance analysis of the proposed scheme compared with related studies was conducted. The comparison result proves that our scheme was more efficient and secure than related studies in the smart farming environment. Full article

Fog computing technology grants computing and storage resources to nearby IoT devices, enabling a fast response and ensuring data locality. Thus, fog-enabled IoT environments provide real-time and convenient services to users in healthcare, agriculture, and road traffic monitoring. However, messages are exchanged on public channels, which can be targeted to various security attacks. Hence, secure authentication protocols are critical for reliable fog-enabled IoT services. In 2024, Harbi et al. proposed a remote user authentication protocol for fog-enabled IoT environments. They claimed that their protocol can resist various security attacks and ensure session key secrecy. Unfortunately, we have identified several vulnerabilities in their protocol, including to insider, denial of service (DoS), and stolen verifier attacks. We also prove that their protocol does not ensure user untraceability and that it has an authentication problem. To address the security problems of their protocol, we propose a security-enhanced blockchain-based secure authentication protocol for fog-enabled IoT environments. We demonstrate the security robustness of the proposed protocol via informal and formal analyses, including Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the proposed protocol with related protocols to demonstrate the excellence of the proposed protocol in terms of efficiency and security. Finally, we conduct simulations using NS-3 to verify its real-world applicability. Full article

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols. Full article

The accelerated uptake of unmanned aerial vehicles (UAVs) has significantly altered communication and data exchange landscapes but has also introduced substantial security challenges, especially in open-access UAV communication environments. To address these, Elliptic curve cryptography (ECC) offers robust security with computational efficiency, ideal for resource-constrained Internet of Drones (IoD) systems. This study proposes a Secure and Efficient Three-Way Key Exchange (SETKE) protocol using ECC, specifically tailored for IoD. The SETKE protocol’s security was rigorously analyzed within an extended Bellare–Pointcheval–Rogaway (BPR) model under the random oracle assumption, demonstrating its resilience. Formal verification using the AVISPA tool confirmed the protocol’s safety against man-in-the-middle (MITM) attacks, and formal proofs establish its Authenticated Key Exchange (AKE) security. In terms of performance, SETKE is highly efficient, requiring only 3 ECC scalar multiplications for the Service Requester drone, 4 for the Service Provider drone, and 3 for the Control Server, which is demonstrably lower than several existing schemes. My approach achieves this robust protection with minimal communication overhead (e.g., a maximum payload of 844 bits per session), ensuring its practicality for resource-limited IoD environments. The significance of this work for the IoD field lies in providing a provably secure, lightweight, and computationally efficient key exchange mechanism vital for addressing critical security challenges in IoD systems. Full article

The rapid deployment of the Internet of Drones (IoD) across different fields has brought forth enormous security threats in real-time data communication. To overcome authentication vulnerabilities, this paper introduces a secure lightweight framework integrating deep learning-based user behavior analysis and cryptographic protocols. The proposed framework is verified through AVISPA security verification against replay, man-in-the-middle, and impersonation attacks. Performance analysis via NS2 simulations based on changing network parameters (5–50 drones, 1–20 users, 2–8 ground stations) validates enhancements in computation overhead, authentication delay, memory usage, power consumption, and communication effectiveness in comparison with recent models such as LDAP, TAUROT, IoD-Auth, and LEMAP, thereby establishing our system as an optimal choice for safe IoD operation. Full article

Ensuring secure communication for mobile patients in e-healthcare requires an efficient and robust key distribution mechanism. This study introduces a novel hierarchical key distribution architecture inspired by federated learning (FL), enabling seamless authentication for patients moving across different healthcare centers. Unlike existing approaches, the proposed system allows a central healthcare authority to share global security parameters with subordinate units, which then combine these with their own local parameters to generate and distribute symmetric keys to mobile patients. This FL-inspired method ensures that patients only need to store a single key, significantly reducing storage overhead while maintaining security. The architecture was rigorously evaluated using SPAN-AVISPA for formal security verification and BAN logic for authentication protocol analysis. Performance metrics—including storage, computation, and communication costs—were assessed, demonstrating that the system minimizes the computational load and reduces the number of exchanged messages during authentication compared to traditional methods. By leveraging FL principles, the solution enhances scalability and efficiency, particularly in dynamic healthcare environments where patients frequently switch between facilities. This work bridges a critical gap in e-healthcare security, offering a lightweight, scalable, and secure key distribution framework tailored for mobile patient authentication. Full article

The limited resources available for Smart Meter (SM) devices on large-scale Smart Grid (SG) networks impose several constraints on SMs authentication. Currently, available authentication schemes are not suitable for this type of network. In particular, factors such as power and memory consumption impact the protocol efficiency and the device lifetime. Furthermore, high computational complexity leads to scalability issues in real-world scenarios, wherein large SGs need to handle a huge number of requests coming at a high rate. In this paper, we propose a lightweight authentication protocol for Smart Grids (LAP-SG), a novel scheme accounting for real resource-constrained SM providing reduced computation power, memory requirements, communication overhead, and electricity consumption. We prove the security of LAP-SG using both informal security analysis and a formal security model. We further prove the security of LAP-SG by testing it using AVISPA and ProVerif tools, showing its security against all known attacks. To assess LAP-SG performance in a real-world scenario, we measure its performance using the configuration of the Atmel family of SM devices. When compared to the state of the art, LAP-SG attains three times Smaller computation cost, reduced communication costs (up to 400 bits), and nearly four times lower storage cost. Full article

The Internet of Drones (IoD) is an emerging industry that offers convenient services for humans due to the high mobility and flexibility of drones. The IoD substantially enhances human life by enabling diverse drone applications across various domains. However, a malicious adversary can attempt security attacks because communication within an IoD environment is conducted through public channels and because drones are vulnerable to physical attacks. In 2023, Sharma et al. proposed a physical unclonable function (PUF)-based authentication and key agreement (AKA) scheme for the IoD. Regrettably, we discover that their scheme cannot prevent impersonation, stolen verifier, and ephemeral secret leakage (ESL) attacks. Moreover, Sharma et al.’s scheme cannot preserve user untraceability and anonymity. In this paper, we propose a secure and lightweight AKA scheme which addresses the shortcomings of Sharma et al.’s scheme. The proposed scheme has resistance against diverse security attacks, including physical capture attacks on drones, by leveraging a PUF. Furthermore, we utilize lightweight operations such as hash function and XOR operation to accommodate the computational constraints of drones. The security of the proposed scheme is rigorously verified, utilizing “Burrows–Abadi–Needham (BAN) logic”, “Real-or-Random (ROR) model”, “Automated Validation of Internet Security Protocols and Application (AVISPA)”, and informal analysis. Additionally, we compare the security properties, computational cost, communication cost, and energy consumption of the proposed scheme with other related works to evaluate performance. As a result, we determine that our scheme is efficient and well suited for the IoD. Full article

Recently, the application of fog-computing technology to vehicular ad hoc networks (VANETs) has rapidly advanced. Despite these advancements, challenges remain in ensuring efficient communication and security. Specifically, there are issues such as the high communication and computation load of authentications and insecure communication over public channels between fog nodes and vehicles. To address these problems, a lightweight and secure authenticated key agreement protocol for confidential communication is proposed. However, we found that the protocol does not offer perfect forward secrecy and is vulnerable to several attacks, such as privileged insider, ephemeral secret leakage, and stolen smart card attacks. Furthermore, their protocol excessively uses elliptic curve cryptography (ECC), resulting in delays in VANET environments where authentication occurs frequently. Therefore, this paper proposes a novel authentication protocol that outperforms other related protocols regarding security and performance. The proposed protocol reduced the usage frequency of ECC primarily using hash and exclusive OR operations. We analyzed the proposed protocol using informal and formal methods, including the real-or-random (RoR) model, Burrows–Abadi–Nikoogadam (BAN) logic, and automated validation of internet security protocols and applications (AVISPA) simulation to show that the proposed protocol is correct and secure against various attacks. Moreover, We compared the computational cost, communication cost, and security features of the proposed protocol with other related protocols and show that the proposed methods have better performance and security than other schemes. As a result, the proposed scheme is more secure and efficient for fog-based VANETs. Full article

When it comes to the development of 4G and 5G technologies, long-range IoT or machine-to-machine (M2M) communication can be achieved with the help of cellular infrastructure. In non-standalone (NSA) 5G infrastructure, cellular-IoT (C-IoT) devices are attached and authenticated by a 4G core network even if it is connected to a 5G base station. In an NSA-based 5G network, the presence of dual connectivity sometimes raises interoperability and authentication issues due to technological differences between LTE and 5G. An attacker explores these technological differences, introduces the threats, and performs various types of attacks like session hijacking at the interfaces and Man-in-the-Middle (MITM) attacks. With the introduction of these attacks, the attackers exploit the network resources and pinch out various critical information sources. To resolve this issue, the NSA-based C-IoT network must incorporate robust and seamless authentication and authorization mechanisms. This article presents the ML-AKA protocol that is used to enhance interoperability and trust between 4G and 5G networks by using a uniform key-sharing (UKS) mechanism. The proposed ML-AKA protocol is analyzed with the help of the AVISPA tool and validated with the use of Proverif. Further, the proposed protocol is compared with other existing protocols like EPS-AKA and UAKA-D2D, and the outcome shows that the proposed protocol significantly reduces the chances of MITM, DDOS and Spoofing attacks during the interoperability in the NSA-C-IoT network. Full article

The Internet of Vehicles (IoV) is an emerging technology that enables vehicles to communicate with their surroundings, provide convenient services, and enhance transportation systems. However, IoV networks can be vulnerable to security attacks because vehicles communicate with other IoV components through an open wireless channel. The recent related work suggested a two-factor-based lightweight authentication scheme for IoV networks. Unfortunately, we prove that the related work cannot prevent various security attacks, such as insider and ephemeral secret leakage (ESL) attacks, and fails to ensure perfect forward secrecy. To address these security weaknesses, we propose an anonymous and efficient authentication scheme with conditional privacy-preserving capabilities in IoV networks. The proposed scheme can ensure robustness against various security attacks and provide essential security features. The proposed scheme ensures conditional privacy to revoke malicious behavior in IoV networks. Moreover, our scheme uses only one-way hash functions and XOR operations, which are low-cost cryptographic operations suitable for IoV. We also prove the security of our scheme using the “Burrows–Abadi–Needham (BAN) logic”, “Real-or-Random (ROR) model”, and “Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool”. We evaluate and compare the performance and security features of the proposed scheme with existing methods. Consequently, our scheme provides improved security and efficiency and is suitable for practical IoV networks. Full article