Sanggon Lee

E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks

A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

Impact and Performance of Mobility Models in Wireless Ad-hoc Networks

This paper has discussed some of the common Mobility Models and few uncommon ones and their impact on various networks and routing parameters. In the past, mobility models were rather casually used to evaluate network performance under different routing protocols. Therefore, the network performance will be strongly influenced by the nature of the mobility pattern. The mobility model plays an essential role especially in routing on mobile ad-hoc networks. Mobility management in ad hoc wireless networks faces many challenges. Mobility constantly causes the network topology to change. In order to keep accurate routes, the routing protocols must dynamically readjust to such changes. Thus, routing update traffic overhead is significantly high. Different mobility patterns have in general different impact on a specific network protocol or application.

An enhanced ID-based deniable authentication protocol on pairings

Deniability is defined as a privacy property which enables protocol principals to deny their involvement after they had taken part in a particular protocol run. Lately, Chou et al. had proposed their ID-based deniable authentication protocol after proving the vulnerability to Key-Compromise Impersonation (KCI) attack in Cao et al.s protocol. In addition, they claimed that their protocol is not only secure, but also able to achieve both authenticity and deniability properties. However, in this paper, we demonstrate that Chou et al.s protocol is not flawless as it remains insecure due to its susceptibility to the KCI attack. Based on this, we propose an enhanced scheme which will in fact preserves the authenticity, the deniability and the resistance against the KCI attack.

An enhanced one-round pairing-based tripartite authenticated key agreement protocol

A tripartite authenticated key agreement protocol is generally designed to accommodate the need of three specific entities in communicating over an open network with a shared secret key, which is used to preserve confidentiality and data integrity. Since Joux proposed the first pairing-based one-round tripartite key agreement protocol in 2000, numerous authenticated protocols have been proposed after then. However, most of them have turned out to be flawed due to their inability in achieving some desirable security attributes. In 2005, Lin-Li had identified the weaknesses of Shims protocol and subsequently proposed their improved scheme by introducing an extra verification process. In this paper, we prove that Lin-Lis improved scheme remains insecure due to its susceptibility to the insider impersonation attack. Based on this, we propose an enhanced scheme which will not only conquer their defects, but also preserves the desired security attributes of a key agreement protocol.

Multi-channel Wireless Mesh Networks Test-Bed with Embedded Systems

There are many commercial wireless mesh networks(WMN) products available in the market but incompatibility issues exist as the method to achieve WMN for each vendor is different and proprietary. This has led to the research of the embedded solution that implements the WMN in accordance with the 802.11s draft standard. In this implementation, it allows the legacy system to connect to the WMN regardless of the platform with the help of the second channel. Besides that, the multi-channel implementation is also used to distribute the load between the 2 non-overlapping channels. The 2 channels are used for the legacy stations to connect to the WMN and the WMN backbone connection respectively. This paper was written as an explanation on how to build the embedded version of Free BSD to work as a wireless mesh router with PC Engines Alix 3d2 and the details of the configurations done. The WMN implementation of the Free BSD 8.2 operating system (OS) was used and system evaluations were done on the embedded systems.

A Ping Pong Based One-Time-Passwords Authentication System

Several techniques using technology based on biometrics, passwords, certificates, and smart cards can be used for user authentication in the accessible network system. One of the most popular areas in OTP authentication protocol can be used for authenticating a user by a server. It increases security by using a new password for each authentication while the previous password scheme iteratively uses a same password. In this paper we propose a secure user authentication protocol with one time password based on PingPong128 stream cipher

Security Framework for Hybrid Wireless Mesh Protocol in Wireless Mesh Networks

Wireless Mesh Networks (WMNs) are emerging as promising, convenient next generation wireless network technology. There is a great need for a secure framework for routing in WMNs and several research studies have proposed secure versions of the default routing protocol of WMNs. In this paper, we propose a security framework for Hybrid Wireless Mesh Protocol (HWMP) in WMNs. Contrary to existing schemes, our proposed framework ensures both endto-end and point-to-point authentication and integrity to both mutable and non-mutable fields of routing frames by adding message extension fields to the HWMP path selection frame elements. Security analysis and simulation results show that the proposed approach performs significantly well in spite of the cryptographic computations involved in routing.

Cryptanalysis on Improved Chou et al.'s ID-Based Deniable Authentication Protocol

A deniable authentication protocol enables the protocol participants to authenticate their respective peers, while able to deny their participation after the protocol execution. This protocol can be extremely useful in some practical applications such as online negotiation, online shopping and electronic voting. Recently, we have improved a deniable authentication scheme proposed by Chou et al. due to its vulnerability to the key compromise impersonation attack in our previous report. However, we have later discovered that our previous enhanced protocol is vulnerable to the insider key compromise impersonation attack and key replicating attack. In this paper, we will again secure this protocol against these attacks and demonstrate its heuristic security analysis.