Abdallah Mhamed

A Fast and Secure Elliptic Curve Based Authenticated Key Agreement Protocol For Low Power Mobile Communications

The increasing progress in wireless mobile communication has attracted an important amount of attention on the security issue. To provide secure communication for mobile devices, authenticated key agreement protocol is an important primitive for establishing session key. So far, several protocols have been proposed to provide robust mutual authentication and key establishment for wireless local area network (WLAN). In this paper we present a fast and secure authenticated key agreement (EC-SAKA) protocol based on elliptic curve cryptography. Our proposed protocol provides secure mutual authentication, key establishment and key confirmation over an untrusted network. The new protocol achieves many of the required security and performance properties. It can resist dictionary attacks mounted by either passive or active networks intruders. It can resist Man-In-The Middle attack. It also offers perfect forward secrecy which protects past sessions and passwords against future compromise. In addition, it can resist known- key and resilience to server attack. Our proposed protocol uses ElGamal signature techniques (ECEGS). We show that our protocol meets the above security attributes under the assumption that the elliptic curve discrete logarithm problem is secure. Our proposed protocol offers significantly improved performance in computational and communication load over comparably many authenticated key agreement protocols such as B-SPEKE, SRP, AMP, PAK-RY, PAK-X, SKA, LR-AKE and EC-SRP.

A Secure Authenticated Key Agreement Protocol Based on Elliptic Curve Cryptography

To provide secure communication for mobile devices, authenticated key agreement protocol is an important primitive for establishing session key. So far, several protocols have been proposed to provide robust mutual authentication and key establishment for wireless local area network (WLAN). In this paper we present a secure authenticated key agreement (EC-SAKA) protocol based on elliptic curve cryptography. Our proposed protocol provides secure mutual authentication, key establishment and key confirmation over an untrusted network. The new protocol achieves many of the required security and performance properties. It can resist dictionary attacks mounted by either passive or active networks intruders. It can resist man-in-the middle attack. It also offers perfect forward secrecy which protects past sessions and passwords against future compromise. In addition, it can resist known-key and resilience to server attack. Our proposed protocol uses the signature techniques of ECDSA and the authentication protocol SKA concept. We show that our protocol meets the above security attributes under the assumption that the elliptic curve discrete logarithm problem is secure. Our proposed protocol offers significantly improved performance in computational and communication load over comparably many authenticated key agreement protocols such as B-SPEKE, SRP, AMP, PAK-RY, PAK-X, SKA, LR-AKE and EC-SRP.

Trust-based authentication scheme with user rating for low-resource devices in smart environments

In smart environments, pervasive computing contributes in improving daily life activities for dependent people by providing personalized services. Nevertheless, those environments do not guarantee a satisfactory level for protecting the user privacy and ensuring the trust between communicating entities. In this study, we propose a trust evaluation model based on user past and present behavior. This model is associated with a lightweight authentication key agreement protocol (Elliptic Curve-based Simple Authentication Key Agreement). The aim is to enable the communicating entities to establish a level of trust and then succeed in a mutual authentication using a scheme suitable for low-resource devices in smart environments. An innovation in our trust model is that it uses an accurate approach to calculate trust in different situations and includes a human-based feature for trust feedback, which is user rating. Finally, we tested and implemented our scheme on Android mobile phones in a smart environment dedicated for handicapped people.

A Secure Authenticated Key Agreement Protocol For Wireless Security

Several protocols have been proposed to provide robust mutual authentication and key establishment for wireless local area network (WLAN). In this paper we present a new secure authenticated key agreement (SAKA) protocol that provides secure mutual authentication, key establishment and key confirmation over an untrusted network. The new protocol achieves many of the required security and performance properties. It can resist dictionary attacks mounted by either passive or active networks intruders. It can resist Man-In-The Middle attack, and Impersonate attack. It also offers perfect forward secrecy which protects past sessions and passwords against future compromise. In addition, it can resist known-key and resilience to server attack. Our proposed protocol combines techniques of challenge- response protocols with symmetric key agreement protocols and offers significantly improved performance in computational and communication load over comparably many authenticated key agreement protocols such as B-SPEKE, SRP, AMP, PAK-RY, PAK-X, SKA and LR-AKE.

A USER PROFILE BASED ACCESS CONTROL MODEL AND ARCHITECTURE

Personalization and adaptation to the user profile capability are the hottest issues to ensure ambient assisted living and context awareness in nowadays environments. With the growing healthcare and wellbeing context aware applications, modeling security policies becomes an important issue in the design of future access control models. This requires rich semantics using ontology modeling for the management of services provided to dependant people. However, current access control models remain unsuitable due to lack of personalization, adaptability and smartness to the handicap situation. In this paper, we propose a novel adaptable access control model and its related architecture in which the security policy is based on the handicap situation analyzed from the monitoring of userss behavior in order to grant a service using any assistive device within intelligent environment. the design of our model is an ontology-learning and evolving security policy for predicting the future actions of dependent people. This is reached by reasoning about historical data, contextual data and user behavior according to the access rules that are used in the inference engine to provide the right service according to the users needs.

A flexible privacy and trust based context-aware secure framework

Ubiquitous and pervasive technologies contribute significantly to the quality of life of dependent people by providing personalized services in context aware environments. The deployment of these services within indoor and outdoor environments still require security, privacy and trust issues for dependent persons. Considering the strong links between these three issues, our challenging task was to integrate them in a common and flexible framework using contextual information. In this paper, we propose a security framework that integrates context awareness to perform authentication and access control in a very flexible and scalable model while ensuring both privacy and trust. The framework focuses on the authentication of users who request access to the resources of smart environment system through static devices (i.e. smart card, RFID, etc.), or dynamic devices (i.e. PDA, mobile phones, etc.).

Secured and Trusted Service Provision in Pervasive Environment

Thanks to pervasive environment, users can remotely have access to various resources and services within their public or private living space. Consequently, several security and privacy issues are raised especially due to the wireless access used to get services and to the privacy aspect that could be involved. To securely deploy these services in multiple smart spaces, we propose a secured service provision mechanisms based on trust relationship between involved actors (service platform and mobile nodes). These mechanisms integrate a service discovery as a preliminary step to build a secured channel between a user (U) and a Service Platform (SP). A trust model is used to interconnect several users with a service platform based on recommendation and trust management.

A trustworthy framework for impromptu service discovery with mobile devices

Wireless hotspots are permeating our workplace, home and public places bringing interesting services and spontaneous connectivity to mobile users. While its ideal to enable the mobile clients to discover services automatically with the device-to-hand across the augmented physical spaces, its equally important to guarantee the security and privacy of the mobile clients and service providers. In this paper, we propose a trustworthy framework that can support impromptu service discovery with mobile devices in WLAN enabled environments. Different from the existing service discovery approaches, the framework requires no specialized hardware or software installation in mobile client devices, it can preserve the privacy of mobile users during the authentication process by not requesting their identities. We prototyped a set of assistive services in a shopping mall which can be spontaneously discovered and accessed by a disabled person from his WLAN enabled mobile device, we show how both the security and privacy are achieved in a unified manner using trusted computing platforms.

Behavior and Capability Based Access Control Model for Personalized TeleHealthCare Assistance

With the growing proportion of dependant people (ageing, disabled users), Tele-assistance and Tele-monitoring platforms will play a significant role to deliver an efficient and less-costly remote care in their assistive living environments. Sensor based technology would greatly contribute to get valuable information which should help to provide personalized access to the services available within their living spaces. However, current access control models remain unsuitable due to the lack of completeness, flexibility and adaptability to the user profile. In this paper, we propose a new access control model based on the user capabilities and behavior. This model is evaluated using the data sensed from our tele-monitoring platform in order to assist automatically the dependent people according to the occurred situation. The design of our model is a dynamic ontology and evolving security policy according to the access rules that are used in the inference engine to provide the right service according to the user’s needs. Our security policy reacts according to the detected distress situation derived from the data combination of both the wearable devices and the pervasive sensors. The security policy is managed through the classification and reasoning process. Our classification process aims to extract the behavior patterns which are obtained by mining the data set issued from our Tele-monitoring platform according to the discriminating attributes: fall, posture, movement, time, user presence, pulse and emergency call. Our reasoning process aims to explore the recognized context and the extracted behavior patterns which set up the rule engine to infer the right decision security policy.

Towards a robust privacy and anonymity preserving architecture for ubiquitous computing

Anonymous authentication is a means of authorizing a user without revealing his/her identification. Mobile technologies such as radiofrequency identification (RFID) tags, PDAs and mobile phone systems are increasingly being deployed in pervasive computing. These mobile devices have raised public concern regarding violation of privacy, anonymity and information confidentiality. Considering these concerns, there is a growing need to discover and develop techniques and methods to overcome the threats described above. In this paper we propose an architecture which enhances the privacy and anonymity of users in ubiquitous computing and yet preserves the security requirements of the system. Our proposed architecture is based on elliptic curve techniques, on MaptoCurve or MapToPoint function, on Weil pairing techniques and finally on elliptic curve based Okamoto identification scheme. In addition, we present a formal validation of our protocol by using the AVISPA tool. The main comparative study of our proposed architecture is to provide privacy and anonymity for mobile users. Our proposed architecture achieves many of desirable security requirements.