Search Results (45)

Blockchain-assisted authentication frameworks have been introduced to mitigate the single point-of-failure problem in centralized IoT collaboration environments. Recently, a lightweight trust management framework based on a permissioned blockchain was proposed for distributed authentication and interaction traceability. However, our analysis shows that this protocol is vulnerable to offline password guessing, terminal device impersonation, session-key disclosure, and user traceability attacks. It also fails to provide perfect forward secrecy. Accordingly, we propose a secure and lightweight authentication and key agreement protocol for blockchain-assisted IoT collaboration environments. The proposed scheme integrates Physically Unclonable Functions to improve resistance against physical capture and device cloning attacks. It also uses a fuzzy extractor to support biometric-based authentication and a dynamic pseudo-identity update mechanism managed through a consortium blockchain to protect user anonymity and untraceability. The proposed protocol is verified using the Real-or-Random model, BAN logic, and AVISPA simulations. Full article

Wireless sensor networks comprise many resource-constrained nodes that must protect both local readings and routing metadata. The sensors collect data from the environment or from the individual to whom they are attached and transmit it to the nearest gateway node via a wireless network for further delivery to external users. Due to wireless communication, the transmitted messages may be intercepted, rerouted, or even modified by an attacker. Consequently, security and privacy issues are of utmost importance, and the nodes must be protected against unauthorized access during transmission over a public wireless channel. To address these issues, we propose the Probabilistic Bit-Similarity-Based Key Agreement Protocol (PBS-KAP). This novel method enables two nodes to iteratively converge on a shared secret key without transmitting it or relying on pre-installed keys. PBS-KAP enables two nodes to agree on a symmetric session key using probabilistic similarity alignment with explicit key confirmation (MAC). Optimized Garbled Circuits facilitate secure computation with minimal computational and communication overhead, while Secure Sketches combined with Fuzzy Extractors correct residual errors and amplify entropy, producing reliable and uniformly random session keys. The resulting protocol provides a balance between security, privacy, and usability, standing as a practical solution for real-world WSN and IoT applications without imposing excessive computational or communication burdens. Security relies on standard computational assumptions via a one-time elliptic–curve–based base Oblivious Transfer, followed by an IKNP Oblivious Transfer extension and a small garbled threshold circuit. No pre-deployed long-term keys are required. After the bootstrap, only symmetric operations are used. We analyze confidentiality in the semi-honest model. However, entity authentication, though feasible, requires an additional Authenticated Key Exchange step or malicious-secure OT/GC. Under the semi-honest OT/GC assumption, we prove session-key secrecy/indistinguishability; full entity authentication requires an additional AKE binding step or malicious-secure OT/GC. Full article

Underwater wireless sensor networks (UWSNs) are increasingly used in marine monitoring and naval coastal surveillance, where limited bandwidth, long propagation delays, and physically exposed nodes make efficient authentication critical. This paper analyzes the maritime-surveillance-oriented protocol of Jain and Hussain and identifies vulnerabilities to physical capture, replay, and denial-of-service (DoS) attacks. We propose a PUF-assisted mutual authentication and session key agreement protocol for UWSNs. The design relies on lightweight symmetric primitives (one-way hash and XOR) and uses a fuzzy extractor to support stable PUF-based key material. In addition, a lightweight continuous authentication procedure is introduced to facilitate fast re-authentication under intermittent link disruptions commonly observed in underwater communication. Security is evaluated using BAN logic, the Real-or-Random (ROR) model, and security verification with the Scyther tool. An analytical overhead evaluation reports a computational cost of 5.972 ms per mutual authentication and a 1152-bit communication overhead, supporting a practical security–efficiency trade-off for resource-constrained UWSN deployments. Full article

The rapid convergence of artificial intelligence (AI), cloud computing, and 5G communication has positioned extended reality (XR) as a core technology bridging the physical and virtual worlds. Encompassing virtual reality (VR), augmented reality (AR), and mixed reality (MR), XR has demonstrated transformative potential across sectors such as healthcare, industry, education, and defense. However, the compact architecture and limited computational capabilities of XR devices render conventional cryptographic authentication schemes inefficient, while the real-time transmission of biometric and positional data introduces significant privacy and security vulnerabilities. To overcome these challenges, this study introduces PXRA (PUF-based XR authentication), a lightweight and secure authentication and key distribution protocol optimized for cloud-assisted XR environments. PXRA utilizes a physically unclonable function (PUF) for device-level hardware authentication and offloads elliptic curve cryptography (ECC) operations to the cloud to enhance computational efficiency. Authenticated encryption with associated data (AEAD) ensures message confidentiality and integrity, while formal verification through ProVerif confirms the protocol’s robustness under the Dolev–Yao adversary model. Experimental results demonstrate that PXRA reduces device-side computational overhead by restricting XR terminals to lightweight PUF and hash functions, achieving an average authentication latency below 15 ms sufficient for real-time XR performance. Formal analysis verifies PXRA’s resistance to replay, impersonation, and key compromise attacks, while preserving user anonymity and session unlinkability. These findings establish the feasibility of integrating hardware-based PUF authentication with cloud-assisted cryptographic computation to enable secure, scalable, and real-time XR systems. The proposed framework lays a foundation for future XR applications in telemedicine, remote collaboration, and immersive education, where both performance and privacy preservation are paramount. Our contribution lies in a hybrid PUF–cloud ECC architecture, context-bound AEAD for session-splicing resistance, and a noise-resilient BCH-based fuzzy extractor supporting up to 15% BER. Full article

The exponential growth of Internet infrastructure and the widespread adoption of smart sensing devices have empowered industrial personnel to conduct remote, real-time data analysis within the Industrial Internet of Things (IIoT) framework. However, transmitting this real-time data over public channels raises significant security and privacy concerns. To prevent unauthorized access, user authentication mechanisms are crucial in the IIoT environment. To mitigate security vulnerabilities within IIoT environments, a novel user authentication and key agreement protocol is proposed. The protocol is designed to restrict service access exclusively to authorized users of designated smart sensing devices. By incorporating cryptographic hash functions, chaotic maps, Physical Unclonable Functions (PUFs), and fuzzy extractors, the protocol enhances security and functional integrity. PUFs provide robust protection against tampering and cloning, while fuzzy extractors facilitate secure biometric verification through the integration of smart cards, passwords, and personal biometrics. Moreover, the protocol accommodates dynamic device enrollment, password and biometric updates, and smart card revocation. A rigorous formal security analysis employing the Real-or-Random (ROR) model was conducted to validate session key security. Complementary informal security analysis was performed to assess resistance to a broad spectrum of attacks. Comparative performance evaluations unequivocally demonstrate the protocol’s superior efficiency and security in comparison to existing benchmarks. Full article

Secure authentication in vehicular ad hoc networks (VANETs) remains a fundamental challenge due to their dynamic topology, susceptibility to attacks, and scalability constraints in multi-hop communication. Existing approaches based on elliptic curve cryptography (ECC), blockchain, and fog computing have achieved partial success but suffer from latency, resource overhead, and limited adaptability, leaving a gap for lightweight and hardware-rooted trust models. To address this, we propose a multi-hop mutual authentication protocol leveraging Physical Unclonable Functions (PUFs), which provide tamper-evident, device-specific responses for cryptographic key generation. Our design introduces a structured sequence of phases, including pre-deployment, registration, login, authentication, key establishment, and session maintenance, with optional multi-hop extension through relay vehicles. Unlike prior schemes, our protocol integrates fuzzy extractors for error tolerance, employs both inductive and game-based proofs for security guarantees, and maps BAN-logic reasoning to specific attack resistances, ensuring robustness against replay, impersonation, and man-in-the-middle attacks. The protocol achieves mutual trust between vehicles and RSUs while preserving anonymity via temporary identifiers and achieving forward secrecy through non-reused CRPs. Conceptual comparison with state-of-the-art PUF-based and non-PUF schemes highlights the potential for reduced latency, lower communication overhead, and improved scalability via cloud-assisted CRP lifecycle management, while pointing to the need for future empirical validation through simulation and prototyping. This work not only provides a secure and efficient solution for VANET authentication but also advances the field by offering the first integrated taxonomy-driven evaluation of PUF-enabled V2X protocols in multi-hop Wi-Fi environments. Full article

Driven by the demand for cost-effective vehicle access, enhanced flexibility, and sustainable transportation practices, smart car-sharing has emerged as a prominent alternative to traditional vehicle rental systems. Leveraging the Internet of Vehicles (IoV) and wireless communication, these systems feature dynamic renter-vehicle mappings, enabling users to access any available vehicle rather than being restricted to a specific one pre-assigned by the service provider. However, many existing schemes in the IoV field conflate users and vehicles, complicating the identification and tracking of the vehicle’s actual driver. Moreover, most current authentication protocols rely on a strict, initial binding between a user and a vehicle, rendering them unsuitable for the dynamic nature of car-sharing environments. To address these challenges, we propose an enhanced certificateless signature scheme tailored for smart car-sharing. By employing a biometric fuzzy extractor and the Chinese Remainder Theorem, our scheme provides a fine-grained authentication mechanism that eliminates the need for local computations on the user’s side, meaning users do not require a smartphone or other digital device. Furthermore, our scheme introduces category identifiers to facilitate vehicle selection based on specific classes within car-sharing contexts. A formal security analysis demonstrates that our scheme is existentially unforgeable against adversaries under the random oracle model. Finally, a comprehensive evaluation shows that our proposed scheme achieves competitive performance in terms of computational and communication overhead while offering enhanced practical functionalities. Full article

Fuzzy signature (${\mathsf{SIG}}_{\mathsf{F}}$) is a type of digital signature that preserves the core functionalities of traditional signatures, while accommodating variations and non-uniformity in the signing key. This property enables the direct use of high-entropy fuzzy data, such as biometric information, as the signing key. In this paper, we define the m-existentially unforgeable under chosen message attack ($\mathfrak{m}{-\mathrm{EUF}-\mathrm{CMA}}^{\ast }$) security of fuzzy signature. Furthermore, we propose a generic construction of fuzzy signature, which is composed of a homomorphic secure sketch ($\mathsf{SS}$) with an error-recoverable property, a homomorphic average-case strong extractor ($\mathsf{Ext}$), and a homomorphic and key-shift* secure signature scheme ($\mathsf{SIG}$). By instantiating the foundational components, we present a $\mathfrak{m}{-\mathrm{EUF}-\mathrm{CMA}}^{\ast }$ secure fuzzy signature instantiation based on the Computational Diffie–Hellman (CDH) assumption over bilinear groups in the standard model. Full article

The multi-factor authentication (MFA) protocol requires users to provide a combination of a password, a smart card and biometric data as verification factors to gain access to the services they need. In a single-server MFA system, users accessing multiple distinct servers must register separately for each server, manage multiple smart cards, and remember numerous passwords. In contrast, an MFA system designed for multi-server architecture allows users to register once at a registration center (RC) and then access all associated servers with a single smart card and one password. MFA with an offline RC addresses the computational bottleneck and single-point failure issues associated with the RC. In this paper, we propose a post-quantum secure MFA protocol for a multi-server architecture with an offline RC. Our MFA protocol utilizes the post-quantum secure Kyber key encapsulation mechanism and an information-theoretically secure fuzzy extractor as its building blocks. We formally prove the post-quantum semantic security of our MFA protocol under the real or random (ROR) model in the random oracle paradigm. Compared to related protocols, our protocol achieves higher efficiency and maintains reasonable communication overhead. Full article

A fuzzy extractor is a foundational cryptographic component that enables the extraction of reproducible and uniformly random strings from sources with inherent noise, such as biometric traits. Reusable fuzzy extractor guarantees the security of multiple extractions from the same noisy source. In addition, although isogeny-based cryptography has become an important branch in post-quantum cryptography, the study of fuzzy extractors based on isogeny assumptions is still in its early stages and holds much room for improvement. In this paper, we give two reusable fuzzy extractor schemes derived from isogeny-based assumptions: one is based on the linear hidden shift assumption over group actions, while the other is built upon the group-action decisional Diffie–Hellman assumption within the isogeny framework. Both proposed constructions achieve post-quantum security and are capable of correcting a linear proportion of errors. They rely solely on fundamental cryptographic primitives, which ensure simplicity and efficiency. Additionally, the second construction is based on restricted effective group action, which is weaker than the effective group action used in the first construction, thereby offering greater practical applicability. Full article

The Internet of Drones (IoD) is rapidly expanding into sensitive applications, necessitating robust and efficient authentication. Traditional methods struggle against prevalent attacks, especially considering the unique vulnerabilities of the IoD, such as drone physical capture. This paper proposes Bio-2FA-IoD, a novel biometric-enhanced two-factor authentication protocol designed for secure IoD operations. Drawing on established 2FA principles and fuzzy extractor technology, Bio-2FA-IoD achieves strong mutual authentication between an operator (via an operator device), a drone (as a relay), and a ground control station (GCS), supported by a trusted authority. We detail the protocol’s registration and authentication phases, emphasizing reliable biometric key generation. A formal security analysis using BAN logic demonstrates secure belief establishment and key agreement, while a proof sketch under the Bellare–Pointcheval–Rogaway (BPR) model confirms its security against active adversaries in Authenticated Key Exchange (AKE) contexts. Furthermore, a comprehensive performance evaluation conducted using the Contiki OS and Cooja simulator illustrates Bio-2FA-IoD’s superior efficiency in computational and communication costs, alongside very low latency, high packet delivery rate, and minimal energy consumption. This positions it as a highly viable and lightweight solution for resource-constrained IoD environments. Additionally, this paper conceptually explores potential extensions to Bio-2FA-IoD, including the integration of Diffie–Hellman for enhanced perfect forward secrecy and a Sybil-free pseudonym management scheme for improved user anonymity and unlinkability. Full article

With the explosion of vehicle-to-infrastructure (V2I) communications in the internet of vehicles (IoV), it is still very important to ensure secure authentication and efficient key agreement because of the vulnerabilities in the existing protocols such as physical capture attacks, privacy leakage, and low computational efficiency. This paper proposes a physical unclonable function (PUF)-based multi-factor authentication and key agreement protocol tailored for V2I environments, named as PMAKA-IoV. The protocol integrates hardware-based PUFs with biometric features, utilizing fuzzy extractors to mitigate biometric template risks, while employing dynamic pseudonyms and lightweight cryptographic operations to enhance anonymity and reduce overhead. Security analysis demonstrates its resilience against physical capture attacks, replay attacks, man-in-the-middle attacks, and desynchronization attacks, and it is verified by formal verification using the strand space model and the automated Scyther tool. Performance analysis demonstrates that, compared to other related schemes, the PMAKA-IoV protocol maintains lower communication and storage overhead. Full article

The min–max fuzzy relation inequalities are currently considered for representing the place-to-place (P2P) education knowledge, including resource sharing from one terminal to another. One terminal is the acceptor—receiving information—while the other terminal is the sink resource for educational information sharing, acting like an extractor. In the current manuscript, the idea of sharing educational information is established in the form of a dynamical system in which the unknown quantities represent the quality of downloading educational resources on different terminals. The download quality, measured in bits per second (bps), has been converted to a fuzzy format as it oscillates from low to high. Every solution of the min–max dynamical model is surely an optimal interval approach in the corresponding terminal-to-terminal network sharing system. Such a solution implies the stability of the interval solution with fluctuations from the minimum (low) to maximum (high) values of the interval. Furthermore, like the objective function in the linear programming and stability of the system, we study the system with the maximum fluctuation for a given solution in the form of download quality educational informative resources. Further, the solution will be treated in optimal relative local regions (MRO) and global regions (MAO). Bi-approaches are constructed to solve these maximal symmetrical interval fuzzy solutions for our analysis. The illustrations show that the bi-approaches are valid and effective for the studied model. Full article

The MIPI (Mobile Industry Processor Interface) Alliance provides a security framework for in-vehicle network connections between sensors and processing electronic control units (ECUs). One approach within this framework is data integrity verification for sensors with limited hardware resources. In this paper, the security risks associated with image sensor data are described. Adversarial examples (AEs) targeting the MIPI interface can induce misclassification, making image data integrity verification essential. A CMOS image sensor with a message authentication code (CIS-MAC) is then proposed as a defense mechanism starting from the image sensor to protect image data from malicious manipulations, such as AE attacks. Evaluation results of the physically unclonable function (PUF) response and random number, which are utilized for generating the cryptographic key and MAC tag, are presented using a 2 Mpixel CMOS image sensor. The area of the CIS-MAC circuit is estimated based on a Verilog HDL design and synthesis using a 0.18 μm CMOS process. Various hash topologies are evaluated to select a hash function suitable for key generation and MAC tag generation within the CMOS image sensor. The estimated area of the CIS-MAC circuit is 67 kGE and $0.86{\mathrm{mm}}^2$, demonstrating feasibility for implementation in a CMOS image sensor typically fabricated using analog process technology. Full article

With the advancement of communication technology, smart cities can provide remote services to users using mobile devices and Internet of Things (IoT) sensors in real time. However, the collected data in smart cities include sensitive personal information and data transmitted over public wireless channels, leaving the network vulnerable to security attacks. Thus, robust and secure authentication is critical to verify legitimate users and prevent malicious attacks. This paper reviews a recent authentication scheme for smart cities and identifies its susceptibilities to attacks, including insider attacks, sensor node capture, user impersonation, and random number leakage. We propose a secure and privacy-preserving authentication scheme for smart cities to resolve these security weaknesses. The scheme enables mutual authentication by incorporating biometric features to verify identity and using the physical unclonable function to prevent physical attacks. We evaluate the security of the proposed scheme via informal and formal analyses, including Burrows–Abadi–Needham logic, the real-or-random model, and the Automated Validation of Internet Security Protocols and Applications simulation tool. Finally, we compare the performance, demonstrating that the proposed scheme has better efficiency and security than existing schemes. Consequently, the proposed scheme is suitable for resource-constrained IoT-enabled smart cities. Full article