Waseem Iqbal

A Survey of Authentication Schemes in Telecare Medicine Information Systems

E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions

e-Healthcare promises to be the next big wave in healthcare. It offers all the advantages and benefits imaginable by both the patient and the user. However, current e-Healthcare systems are not yet fully developed and mature, and thus lack the degree of confidentiality, integrity, privacy, and user trust necessary to be widely implemented. Two primary aspects of any operational healthcare enterprise are the quality of healthcare services and patient trust over the healthcare enterprise. Trust is intertwined with issues like confidentiality, integrity, accountability, authenticity, identity, and data management, to name a few. Privacy remains one of the biggest obstacles to ensuring the success of e-Healthcare solutions in winning patient trust as it indirectly covers most security concerns. Addressing privacy concerns requires addressing security issues like access control, authentication, non-repudiation, and accountability, without which end-to-end privacy cannot be ensured. Achieving privacy from the point of data collection in wireless sensor networks, to incorporating the Internet of Things, to communication links, and to data storage and access, is a huge undertaking and requires extensive work. Privacy requirements are further compounded by the fact that the data handled in an enterprise are of an extremely personal and private nature, and its mismanagement, either intentionally or unintentionally, could seriously hurt both the patient and future prospects of an e-Healthcare enterprise. Research carried out in order to address privacy concerns is not homogenous in nature. It focuses on the failure of certain parts of the e-Healthcare enterprise to fully address all aspects of privacy. In the middle of this ongoing research and implementation, a gradual shift has occurred, moving e-Healthcare enterprise controls away from an organizational level toward the level of patients. This is intended to give patients more control and authority over decision making regarding their protected health information/electronic health record. A lot of works and efforts are necessary in order to better assess the feasibility of this major shift in e-Healthcare enterprises. Existing research can be naturally divided on the basis of techniques used. These include data anonymization/pseudonymization and access control mechanisms primarily for stored data privacy. This, however, results in giving a back seat to certain privacy requirements (accountability, integrity, non-repudiation, and identity management). This paper reviews research carried out in this regard and explores whether this research offers any possible solutions to either patient privacy requirements for e-Healthcare or possibilities for addressing the (technical as well as psychological) privacy concerns of the users.

Feasibility analysis for incorporating/deploying SIEM for forensics evidence collection in cloud environment

Cloud computing is the emerging field nowadays and it has truly revolutionized the domain of Information Technology. This domain is very large and not easy to handle especially when it comes to the forensic in a cloud environment that is considered a very cumbersome process. This paper presents a feasibility analysis of performing digital forensics via SIEM (Security Information and Event Management) system in cloud environment. The research work mainly focuses on passive attacks while some active attacks are also covered and the forensics analysis is done while considering the service provider end. The preliminary analysis presented in this paper will provide a comprehensive overview of the various artifacts that may be considered for performing an in-depth forensic analysis in cloud environment using Security Information and Event Management System.

Attaining accessibility and personalization with Socio-Captcha (SCAP)

Many websites have made use of motions, videos, flash, gif animations and static images to implement Captcha in order to ensure that the entity trying to connect to their website(s) or system is not a Bot, but a human being. A wide variety of Captcha types and solution methods are available and few are described in section II. All of these Captcha systems possess the functionality of distinguishing humans and Bots but lack in providing personalization attribute(s) whilst browsing the internet or using any networking application. This paper has suggested a novel scheme for generation of Captcha by attaining accessibility and personalization through users social media profile attributes Socio-Captcha (SCAP). This Socio-Captcha Scheme relies on Socio-Captcha application which is discussed in this paper.

Correlation power analysis of modes of encryption in AES and its countermeasures

Abstract Secure implementation of cryptographic algorithms is an important area of research. Cryptographer prefers to secure algorithms against known attacks; however designer focuses on efficient implementation. It has been established in several researches that an attack on implementation of a cipher requires far less effort than exploiting mathematical weakness of the structure. Implementation vulnerabilities are utilized by side channel attacks (SCA). In practical environment a block cipher is implemented in one of the modes of encryption like ECB, CBC, CTR. Our research focuses on finding leakage points in different modes of encryption including GCM to build hypothetical power consumption model for correlation power analysis (CPA) attack. CPA is simulated on AES-128-ECB in PIC18F4520 which yields secret key extraction in 2346 traces. Algorithmic level countermeasures for Counter mode and GCM mode are also presented. Proposed Counter and GCM mode implementation in FPGA yields 0.179% and 6.66% area overhead respectively. Authentication structure of proposed GCM is tolerant against fault injection attacks and propagates error with high probability. Single bit modifies approximately 51% bits in subsequent multiplications and disturbing the Tag by 48%. This research also highlights future recommendations for designing new resilient modes of encryption against power analysis attacks.

An efficient elliptic curve based signcryption scheme for firewalls

In this paper, a modified digital signcryption model has been proposed keeping in view the requirements of firewall signcryption. Based on this model, the security and efficiency of existing signcryption schemes that are presented over the years have been analyzed. The analysis shows that these schemes lack certain security attributes and violate the basic principles of firewall signcryption. Furthermore, a new signcryption scheme has been proposed that provides all essential security attributes and complies with all the requirements of firewall signcryption. The proposed scheme also has computational advantages over existing schemes. Since the construction of the proposed scheme is based on elliptic curve cryptography, it is also suitable for resource constrained applications.

Forensic investigation to detect forgeries in ASF files of contemporary IP cameras

Recent years have seen tremendous increase in crime and terrorism all over the world which has necessitated continuous surveillance of public spaces, commercial entities and residential areas. CCTV cameras are an integral part of any modern surveillance system and have evolved significantly. They are a vital part of any investigation that follows a criminal or terrorism incident by providing invaluable evidence. In this paper, we show that the Advance Systems Format (ASF) file used in most IP cameras, which is also the main file containing metadata about the streaming packets, is vulnerable to forgery. This file is stored in plain text and any technically savvy person can forge it; therefore, a mechanism is needed to prevent it. To that end, we have gathered critical artifacts from an ASF file of IP cameras and carried out their forensic analysis. The analysis performed during this study demonstrates successful detection of forgery/tampering of evidence in IP cameras.