Marko Hölbl

A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion

Abstract The idea of the Internet of Things (IOT) notion is that everything within the global network is accessible and interconnected. As such Wireless Sensor Networks (WSN) play a vital role in such an environment, since they cover a wide application field. Such interconnection can be seen from the aspect of a remote user who can access a single desired sensor node from the WSN without the necessity of firstly connecting with a gateway node (GWN). This paper focuses on such an environment and proposes a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. The proposed scheme enables a remote user to securely negotiate a session key with a general sensor node, using a lightweight key agreement protocol. The proposed scheme ensures mutual authentication between the user, sensor node, and the gateway node (GWN), although the GWN is never contacted by the user. The proposed scheme has been adapted to the resource-constrained architecture of the WSN, thus it uses only simple hash and XOR computations. Our proposed scheme tackles these risks and the challenges posed by the IOT, by ensuring high security and performance features.

An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment

The concept of Internet of Things (IOT), which is already at our front doors, is that every object in the Internet infrastructure (II) is interconnected into a global dynamic expanding network. Sensors and smart objects are beside classical computing devices key parties of the IOT. We can already exploit the benefits of the IOT by using various weareables or smart phones which are full of diverse sensors and actuators and are connected to the II via GPRS or Wi-Fi. Since sensors are a key part of IOT, thus are wireless sensor networks (WSN). Researchers are already working on new techniques and efficient approaches on how to integrate WSN better into the IOT environment. One aspect of it is the security aspect of the integration. Recently, Turkanovic et?al.s proposed a highly efficient and novel user authentication and key agreement scheme (UAKAS) for heterogeneous WSN (HWSN) which was adapted to the IOT notion. Their scheme presented a novel approach where a user from the IOT can authenticate with a specific sensor node from the HWSN without having to communicate with a gateway node. Moreover their scheme is highly efficient since it is based on a simple symmetric cryptosystem. Unfortunately we have found that Turkanovic et?al.s scheme has some security shortcomings and is susceptible to some cryptographic attacks. This paper focuses on overcoming the security weaknesses of Turkanovic et?al.s scheme, by proposing a new and improved UAKAS. The proposed scheme enables the same functionality but improves the security level and enables the HWSN to dynamically grow without influencing any party involved in the UAKAS. The results of security analysis by BAN-logic and AVISPA tools confirm the security properties of the proposed scheme.

Privacy antecedents for SNS self-disclosure

Social networking sites privacy issues and self-disclosure are examined.A research model of privacy issues and self-disclosure is built.Structural equations modeling is used to assess the model fit.Path analysis is done to analyze hypothesis whereas 11 out of 14 are accepted.Final model shows privacy and its shaping of self-disclosure in Facebook. In recent years, social networking sites have spread rapidly, raising new issues in terms of privacy and self-disclosure online. For a better understanding of how privacy issues determine self-disclosure, a model which includes privacy awareness, privacy social norms, privacy policy, privacy control, privacy value, privacy concerns and self-disclosure was built. A total of 661 respondents participated in an online survey and a structural equation modeling was used to evaluate the model. The findings indicated a significant relationship between privacy value/privacy concerns and self-disclosure, privacy awareness and privacy concerns/self-disclosure, privacy social norms and privacy value/self-disclosure, privacy policy and privacy value/privacy concerns/self-disclosure, privacy control and privacy value/privacy concerns. The model from the study should contribute new knowledge concerning privacy issues and their shaping of self-disclosure on social networking sites. It could also help networking sites service providers understand how to encourage users to disclose more information.

Two proposed identity-based three-party authenticated key agreement protocols from pairings

The use of pairings has been shown promising for many two-party and three-party identity-based authenticated key agreement protocols. In recent years, several identity-based authenticated key agreement protocols have been proposed and most of them broken. In this paper, we propose two three-party identity-based authenticated key agreement protocols applying bilinear pairings. We show that the proposed protocols are secure (i.e. conform to defined security attributes) while being efficient.

An improved two-party identity-based authenticated key agreement protocol using pairings

Two-party authenticated key agreement protocols using pairings have gained much attention in the cryptographic community. Several protocols of this type where proposed in the past of which many were found to be flawed. This resulted in attacks or the inability to conform to security attributes. In this paper, we propose an efficient identity-based authenticated key agreement protocol employing pairings which employs a variant of a signature scheme and conforms to security attributes. Additionally, existing competitive and the proposed protocol are compared regarding efficiency and security. The criteria for efficiency are defined in this paper, whereas the criteria for security are defined by the fulfilment of security attributes from literature.

Two improved two-party identity-based authenticated key agreement protocols

Many authenticated key agreement protocols based on identity information were published in recent years. Hsieh et al. presented their protocol in 2002. However, Tseng et al. found a flaw in the protocol which resulted in a key compromise impersonation attack. Later, Tseng proposed his protocol conforming which conforms to all desirable security properties and is efficient. In this paper we propose two new two-party identity-based authenticated key agreement protocols. The first is based on Hsieh et al.s protocol and makes it immune against Tseng et al.s attack, while the second is an efficiently improved protocol based on Tsengs protocol.

Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol

Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5-6) (2006) 660-667] proposed a protocol for secure remote user access over insecure networks. Shortly after the protocol was published Shim [K.A. Shim, Security flaws of remote user access over insecure networks, Computer Communications 30 (1) (2006) 117-121] and Munilla et al. [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-Jeffriess remote user authentication protocol, Computer Communications 30 (1) (2006) 52-54] independently presented an off-line guessing attack on the protocol. Based on their findings we present an improved secure password-based protocol for remote user authentication, password change, and session key establishment over insecure networks, which is immune against the attack.

Notes on A Temporal-Credential-Based Mutual Authentication and Key Agreement Scheme for Wireless Sensor Networks

Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.

Attacks and Improvement of an Efficient Remote Mutual Authentication and Key Agreement Scheme

Abstract In 2006, Shieh et al. proposed an efficient remote mutual authentication and key agreement scheme which uses smart cards and requires only hash function operations. In this paper, we show that Shieh et al.s scheme is vulnerable to guessing attacks, forgery attacks and key compromise attacks. To eliminate these weaknesses, an improvement of Shieh et al.s scheme with increased security is proposed. The security and efficiency of the improved scheme raises the attractiveness for implementation.

Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?

Background Medical data are gold mines for deriving the knowledge that could change the course of a single patient’s life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confidentiality of medical data legal regulations, especially when the data analyst is not affiliated with the data owner. Objective Our first objective was to analyze the privacy and confidentiality issues and the associated regulations pertaining to medical data, and to identify technologies to properly address these issues. Our second objective was to develop a procedure to protect medical data in such a way that the outsourced analyst would be capable of doing analyses on protected data and the results would be comparable, if not the same, as if they had been done on the original data. Specifically, our hypothesis was there would not be a difference between the outsourced decision trees built on encrypted data and the ones built on original data. Methods Using formal definitions, we developed an algorithm to protect medical data for outsourced analyses. The algorithm was applied to publicly available datasets (N=30) from the medical and life sciences fields. The analyses were performed on the original and the protected datasets and the results of the analyses were compared. Bootstrapped paired t tests for 2 dependent samples were used to test whether the mean differences in size, number of leaves, and the accuracy of the original and the encrypted decision trees were significantly different. Results The decision trees built on encrypted data were virtually the same as those built on original data. Out of 30 datasets, 100% of the trees had identical accuracy. The size of a tree and the number of leaves was different only once (1/30, 3%, P=.19). Conclusions The proposed algorithm encrypts a file with plain text medical data into an encrypted file with the data protected in such a way that external data analyses are still possible. The results show that the results of analyses on original and on protected data are identical or comparably similar. The approach addresses the privacy and confidentiality issues that arise with medical data and is adherent to strict legal rules in the United States and Europe regarding the processing of the medical data.