Mohamed Hamdy Eldefrawy

Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem

Secure broadcasting is an essential feature for critical operations in wireless sensor network (WSNs). However, due to the limited resources of sensor networks, verifying the authenticity for broadcasted messages is a very difficult issue. μTESLA is a broadcast authentication protocol, which uses network-wide loose time synchronization with one-way hashed keys to provide the authenticity verification. However, it suffers from several flaws considering the delay tolerance, and the chain length restriction. In this paper, we propose a protocol which provides broadcast authentication for wireless sensor networks. This protocol uses a nested hash chain of two different hash functions and the Chinese Remainder Theorem (CRT). The two different nested hash functions are employed for the seed updating and the key generation. Each sensor node is challenged independently with a common broadcasting message using the CRT. Our algorithm provides forward and non-restricted key generation, and in addition, no time synchronization is required. Furthermore, receivers can instantly authenticate packets in real time. Moreover, the comprehensive analysis shows that this scheme is efficient and practical, and can achieve better performance than the μTESLA system.

Mobile one-time passwords: two-factor authentication using mobile phones

Static password authentication has security drawbacks. In two-factor authentication (2FA,) each user carries a device, called token, to generate passwords that are valid only one time. 2FA based on one-time passwords (OTPs) provides improved protection because users are prompted to provide something they know (i.e., PIN) and something they have (i.e., token). Many systems have satisfied the 2FA requirements by sending an OTP through an SMS to the users phone device. Unfortunately, international roaming, and SMS costs, delays, and security put restrictions on this system reliability. Also, time synchronous-based solutions are not applicable for mobile phones. In this paper, we present a novel 2FA scheme whereby multiple OTPs are being produced by utilizing an initial seed and two different nested hash chains: one dedicated to seed updating and the other used for OTP production. We overcome all the restrictions that come from other techniques. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms. Copyright

One-Time Password System with Infinite Nested Hash Chains

Hash chains have been used as OTP generators. Lamport hashes have an intensive computation cost and a chain length restriction. A solution for signature chains addressed this by involving public key techniques, which increased the average computation cost. Although a later idea reduced the user computation by sharing it with the host, it couldn’t overcome the length limitation. The scheme proposed by Chefranov to eliminate the length restriction had a deficiency in the communication cost overhead. We here present an algorithm that overcomes all of these shortcomings by involving two different nested hash chains: one dedicated to seed updating and the other used for OTP production. Our algorithm provides forward and non-restricted OTP generation. We propose a random challenge–response operation mode. We analyze our proposal from the viewpoint of security and performance compared with the other algorithms.

Hardcopy Document Authentication Based on Public Key Encryption and 2D Barcodes

In document authentication, the context refers to the ability to trace the origins of a document to a given person, the device that produced it, or the time and/or place it was produced. Forgeries pose significant dangers in terms of authentication and trust. Therefore, it is essential to maintain the integrity of important documents to prevent document content modification by an intruder. Here, we explain the possibility of adding a two-dimensional (2D)barcode that contains the required information to ensure integrity verification, the original authentication, and the confidentiality of documents in the hardcopy formats. We utilize some cryptographic algorithms such as RSA, the ElGamal Cryptosystem, and the Chinese Remainder Theorem, in achieving the required security attributes. We then verify safe and secure document transfer.

Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone

With the new, state-of-the-art printing devices and equipment, there has been rapid growth in the counterfeiting of banknotes. Traditional security features on banknotes are easy targets for counterfeiters, and they can easily imitate the original banknotes with fake ones. Conventional methods for validating currency require specialized devices for the authentication of banknotes. However, cost and lack of mobility of sophisticated banknote validation devices are big problems for general consumers. Modern digital solutions are attempting to complement the traditional security features through embedding radio frequency identification (RFID) chips in the banknotes, for example, Euro currency. Unfortunately, the requirement of specialized RFID readers for banknote validation impedes their widespread proliferation among consumers. To overcome this problem, a new method of banknote validation using an RFID chip and an NFC-enabled smartphone is presented. The consumer sends a banknote validation request to the Monetary Agency () using her or his smartphone and an Internet connection. The replies by sending a random challenge to the consumer’s smartphone. The RFID chip in the banknote receives the challenge, via the NFC, and calculates an equivalent response to the ’s challenge. If any of the messages are incorrect, authentication is denied. By the proposed method, consumers can easily and instantly check the originality of currency notes with the using their smartphones and an Internet connection. The proposed system is less expensive, computationally, than regular methods and preserves the privacy of people who carry banknotes.

Authenticated Key Agreement with Rekeying for Secured Body Sensor Networks

Many medical systems are currently equipped with a large number of tiny, non-invasive sensors, located on, or close to, the patient’s body for health monitoring purposes. These groupings of sensors constitute a body sensor network (BSN). Key management is a fundamental service for medical BSN security. It provides and manages the cryptographic keys to enable essential security features such as confidentiality, integrity and authentication. Achieving key agreement in BSNs is a difficult task. Many key agreement schemes lack sensor addition, revocation, and rekeying properties, which are very important. Our proposed protocol circumvents these shortcomings by providing node rekeying properties, as well as node addition and revocation. It proposes a key distribution protocol based on public key cryptography—the RSA (Rivest, Shamir and Adleman) algorithm, and the DHECC (Diffie-Hellman Elliptic Curve Cryptography) algorithm. The proposed protocol does not trust individual sensors, and partially trusts the base station (hospital). Instead of loading full pair-wise keys into each node, after installation our protocol establishes pair-wise keys between nodes according to a specific routing algorithm. In this case, each node doesn’t have to share a key with all of its neighbors, only those involved in the routing path; this plays a key role in increasing the resiliency against node capture attacks and the network storage efficiency. Finally we evaluate our algorithm from the BSN security viewpoint and evaluate its performance in comparison with other proposals.

BAN Logic-Based Security Proof for Mobile OTP Authentication Scheme

A Mobile One-Time Password (OTP) mechanism solves the password security problem that could result from reusing the same password multiple times. Eldefrawy et al., has presented a two-factor OTP-based authentication scheme using mobile phones which provides forward and infinite OTP generation using two nested hash functions. However, they have not formally analyzed their protocol. In this paper, we are going to formally analyze their presented algorithm with a BAN logic analysis to proof its security in a formal way. The logical postulate is applied to proof the desired attributes of our mobile OTP based two factor authentication using mobile phone. The analysis shows that the security of illustrated protocol has been formally proved.

Cryptanalysis and Enhancement of a Password-Based Authentication Scheme

Password-based authentication has been used extensively as a one of authentication techniques. Wu et al. presented a robust password authentication technique, in which they can face guessing, stolen-verifier, replaying, and impersonation attacks. However, in this paper, we are going to show that Wu et al. protocol is vulnerable to theft attack and consequentially construct a modified authentication scheme to prevent the shortcomings as a recovery. Proposed technique maintains the Wu et als security features as well as remedies its security weakness.

NMACA Approach Used to Build a Secure Message Authentication Code

Secure storage systems should consider the integrity and authentication of long-term stored information. When information is transferred through communication channels, different types of digital information can be represented, such as documents, images, and database tables. The authenticity of such information must be verified, especially when it is transferred through communication channels. Authentication verification techniques are used to verify that the information in an archive is authentic and has not been intentionally or maliciously altered. In addition to detecting malicious attacks, verifying the integrity also identifies data corruption. The purpose of Message Authentication Code (MAC) is to authenticate messages, where MAC algorithms are keyed hash functions. In most cases, MAC techniques use iterated hash functions, and these techniques are called iterated MACs. Such techniques usually use a MAC key as an input to the compression function, and this key is involved in the compression function, f, at every stage. Modification detection codes (MDCs) are un-keyed hash functions, and are widely used by authentication techniques such as MD4, MD5, SHA-1, and RIPEMD-160. There have been new attacks on hash functions such as MD5 and SHA-1, which requires the introduction of more secure hash functions. In this paper, we introduce a new MAC methodology that uses an input MAC key in the compression function, to change the order of the message words and shifting operation in the compression function. The new methodology can be used in conjunction with a wide range of modification detection code techniques. Using the SHA-1 algorithm as a model, a new (SHA-1)-MAC algorithm is presented. The (SHA-1)-MAC algorithm uses the MAC key to build the hash functions by defining the order for accessing source words and defining the number of bit positions for circular left shifts.