This page has only limited features, please log in for full access.
The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.
Seunghwan Son; Yohan Park; Youngho Park. A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments. Sustainability 2021, 13, 9241 .
AMA StyleSeunghwan Son, Yohan Park, Youngho Park. A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments. Sustainability. 2021; 13 (16):9241.
Chicago/Turabian StyleSeunghwan Son; Yohan Park; Youngho Park. 2021. "A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments." Sustainability 13, no. 16: 9241.
Vehicular Ad Hoc Network (VANET) and Internet of Vehicle (IoV) technologies are particularly attracting attention from industry communities because of the intelligent transportation systems of smart city technologies. This study proposes an authentication and key agreement protocol for vehicle-to-vehicle(V2V) communication of IoV. Through V2V communication, traffic system management and road safety can be guaranteed. However, V2V communication cannot manage many vehicles as a whole, so it needs to be segmented and communicated by region. Therefore, considering locality, key agreement is made for V2V communication of the same or different regions, and a lightweight protocol is proposed for dynamic properties of vehicles to achieve such a goal. In addition, since the vehicle information is transmitted through a public channel, the security against various attacks is guaranteed by using mutual authentication and honey_list technology. It provides verification of safety through a detailed security analysis using the formal analysis using the widely-accepted Real-Or-Random(ROR) model, formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) software validation tool and non-mathematical(informal) security analysis. In addition, a detailed comparative study that the proposed scheme can be applied in the communication environment between actual vehicles as compared to other existing competing schemes.
Joonyoung Lee; Geonhwan Kim; Ashok Kumar Das; Youngho Park. Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks. IEEE Transactions on Network Science and Engineering 2021, PP, 1 -1.
AMA StyleJoonyoung Lee, Geonhwan Kim, Ashok Kumar Das, Youngho Park. Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks. IEEE Transactions on Network Science and Engineering. 2021; PP (99):1-1.
Chicago/Turabian StyleJoonyoung Lee; Geonhwan Kim; Ashok Kumar Das; Youngho Park. 2021. "Secure and Efficient Honey List-Based Authentication Protocol for Vehicular Ad Hoc Networks." IEEE Transactions on Network Science and Engineering PP, no. 99: 1-1.
In the Internet of Vehicles (IoV), numerous potential applications have come up with the use of the Internet of Things (IoT)-empowered smart devices. In IoV, vehicles, roads, street signs and traffic lights can accordingly adjust to changing conditions in order to assist drivers, and also to improve safety, ease congestion and pollution reduction. Since various entities in an IoV environment make communications over public channels, there are potential security threats. To deal with such serious threats, we design a new blockchain-assisted certificateless key agreement protocol for IoV in smart transportation context, called Block-CLAP. To manage the dynamic vehicles efficiently, the vehicles are grouped into the dynamic clusters, and each cluster will have a cluster head (CH) with its members as other neighbor vehicles and an road-side unit (RSU). In Block-CLAP, through authentication key management, data reach to the CH and then to its nearby RSU securely using the established secret keys. The cloud server then securely collects the information from its attached RSUs and create the transactions. Later, the transactions are formed into blocks by the cloud server (CS) in a Peer-to-Peer (P2P) cloud servers network, and the blocks are verified and added through voting-based consensus algorithm in the blockchain. The detailed security analysis through formal, informal and formal security verification, and comparative study show that Block-CLAP provides superior security and has low communication and computational overheads as compared with other existing competing authentication schemes in the IoV environment. Finally, the blockchain-based implementation of Block-CLAP has been performed to measure computational time needed for a varied number of transactions per block and also for a varied number of blocks mined in the blockchain.
Durbadal Chattaraj; Basudeb Bera; Ashok Kumar Das; Sourav Saha; Pascal Lorenz; Youngho Park. Block-CLAP: Blockchain-Assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation. IEEE Transactions on Vehicular Technology 2021, 70, 8092 -8107.
AMA StyleDurbadal Chattaraj, Basudeb Bera, Ashok Kumar Das, Sourav Saha, Pascal Lorenz, Youngho Park. Block-CLAP: Blockchain-Assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation. IEEE Transactions on Vehicular Technology. 2021; 70 (8):8092-8107.
Chicago/Turabian StyleDurbadal Chattaraj; Basudeb Bera; Ashok Kumar Das; Sourav Saha; Pascal Lorenz; Youngho Park. 2021. "Block-CLAP: Blockchain-Assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation." IEEE Transactions on Vehicular Technology 70, no. 8: 8092-8107.
Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key
Ashok Kumar Das; Basudeb Bera; Mohammad Wazid; Sajjad Shaukat Jamal; Youngho Park. iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment. IEEE Access 2021, 9, 1 -1.
AMA StyleAshok Kumar Das, Basudeb Bera, Mohammad Wazid, Sajjad Shaukat Jamal, Youngho Park. iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment. IEEE Access. 2021; 9 ():1-1.
Chicago/Turabian StyleAshok Kumar Das; Basudeb Bera; Mohammad Wazid; Sajjad Shaukat Jamal; Youngho Park. 2021. "iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment." IEEE Access 9, no. : 1-1.
Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.
Soumya Banerjee; Ashok Das; Samiran Chattopadhyay; Sajjad Jamal; Joel Rodrigues; Youngho Park. Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment. Electronics 2021, 10, 1417 .
AMA StyleSoumya Banerjee, Ashok Das, Samiran Chattopadhyay, Sajjad Jamal, Joel Rodrigues, Youngho Park. Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment. Electronics. 2021; 10 (12):1417.
Chicago/Turabian StyleSoumya Banerjee; Ashok Das; Samiran Chattopadhyay; Sajjad Jamal; Joel Rodrigues; Youngho Park. 2021. "Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment." Electronics 10, no. 12: 1417.
In recent years, the Internet of things (IoT) has become an encouraging communication paradigm that has numerous applications including smart city, smart home and intelligent transportation system. The information sensed by several IoT smart devices can be security stored at the (cloud) servers. An external user, being a client, can access the services from a server for the sensing information, provided that a mutual authentication happens among them. Using the established session key among the user and the server, encrypted information with the help of session key can be delivered to the user by the server securely. Recently, Rana et al. proposed a smart-card based remote user authentication scheme using user password. In this comment paper, we carefully analyzed the scheme of Rana et al. and tracked down that their scheme is insecure against serious attacks, including stolen smart card attack, privileged-insider attack, user impersonation attack, password change attack and Ephemeral Secret Leakage (ESL) attack. Furthermore, their scheme does not preserve untraceability feature. To remedy these security pitfalls, we also provide some remedies that can help in building more secure and effective user authentication scheme to apply in securing next generation IoT infrastructure.
Ashok Kumar Das; Basudeb Bera; Mohammad Wazid; Sajjad Shaukat Jamal; Youngho Park. On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure. IEEE Access 2021, 9, 71856 -71867.
AMA StyleAshok Kumar Das, Basudeb Bera, Mohammad Wazid, Sajjad Shaukat Jamal, Youngho Park. On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure. IEEE Access. 2021; 9 (99):71856-71867.
Chicago/Turabian StyleAshok Kumar Das; Basudeb Bera; Mohammad Wazid; Sajjad Shaukat Jamal; Youngho Park. 2021. "On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure." IEEE Access 9, no. 99: 71856-71867.
Car-sharing systems can solve various urban problems by providing shared vehicles to people and reducing the operation of personal vehicles. With the development of the Internet of Things, people can easily use a shared car through simple operations on their mobile devices. However, the car-sharing system has security problems. Sensitive information, such as the user’s identity, location information, and access code, is transmitted through a public channel for car-sharing. Hence, an attacker can access this information for illegal purposes, making the establishment of a secure authentication protocol essential. Furthermore, the traditional car-sharing system is established on the centralized structure, so there is a single point of failure. Thus, the design of a decentralized car-sharing scheme is vital for solving the centralized problem. This study designed a decentralized car-sharing scheme using blockchain. Specifically, blockchain technology was used to provide a decentralization car-sharing service and ensure data integrity. The participant entities of the proposed system can be authenticated anonymously. The proposed car-sharing system can be secured against various attacks and provide mutual authentication using informal analysis, automated validation of internet security protocols and applications (AVISPA) simulation, and BAN logic analysis. The computation costs and communication costs of the proposed scheme were also analyzed.
Myeonghyun Kim; Joonyoung Lee; Kisung Park; Yohan Park; Kil Houm Park; Youngho Park. Design of Secure Decentralized Car-Sharing System Using Blockchain. IEEE Access 2021, 9, 54796 -54810.
AMA StyleMyeonghyun Kim, Joonyoung Lee, Kisung Park, Yohan Park, Kil Houm Park, Youngho Park. Design of Secure Decentralized Car-Sharing System Using Blockchain. IEEE Access. 2021; 9 (99):54796-54810.
Chicago/Turabian StyleMyeonghyun Kim; Joonyoung Lee; Kisung Park; Yohan Park; Kil Houm Park; Youngho Park. 2021. "Design of Secure Decentralized Car-Sharing System Using Blockchain." IEEE Access 9, no. 99: 54796-54810.
Smart home is intended to be able to enhance home automation systems and achieves goals such as reducing operational costs and increasing comfort while providing security to mobile users. However, an attacker may attempt security attacks in smart home environments because he/she can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel.Secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2020, Iqbal et al. presented an anonymous lightweight authentication protocol for software-defined networking (SDN) enabled smart home, called ALAM. They claimed that ALAM protocol could resist security threats, and also provide secure mutual authentication and user anonymity. his comment demonstrates that ALAM protocol is fragile to various attacks, including session key disclosure, impersonation, and man-in-the-middle attacks, and also their scheme cannot provide user anonymity and mutual authentication. We propose the essential security guidelines to overcome the security flaws of ALAM protocol.
Sungjin Yu; Ashok Kumar Das; Youngho Park. Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”. IEEE Access 2021, PP, 1 -1.
AMA StyleSungjin Yu, Ashok Kumar Das, Youngho Park. Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”. IEEE Access. 2021; PP (99):1-1.
Chicago/Turabian StyleSungjin Yu; Ashok Kumar Das; Youngho Park. 2021. "Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”." IEEE Access PP, no. 99: 1-1.
With the information and communication technologies (ICT) and Internet of Things (IoT) gradually advancing, smart homes have been able to provide home services to users. The user can enjoy a high level of comfort and improve his quality of life by using home services provided by smart devices. However, the smart home has security and privacy problems, since the user and smart devices communicate through an insecure channel. Therefore, a secure authentication protocol should be established between the user and smart devices. In 2020, Xiang and Zheng presented a situation-aware protocol for device authentication in smart grid-enabled smart home environments. However, we demonstrate that their protocol can suffer from stolen smart device, impersonation, and session key disclosure attacks and fails to provide secure mutual authentication. Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed protocol by performing informal and formal security analyses, using the real or random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security properties between the proposed protocol and related existing protocols. We demonstrate that the proposed protocol ensures better security and lower computational costs than related protocols, and is suitable for practical IoT-based smart home environments.
Jihyeon Oh; Sungjin Yu; Joonyoung Lee; Seunghwan Son; Myeonghyun Kim; Youngho Park. A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes. Sensors 2021, 21, 1488 .
AMA StyleJihyeon Oh, Sungjin Yu, Joonyoung Lee, Seunghwan Son, Myeonghyun Kim, Youngho Park. A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes. Sensors. 2021; 21 (4):1488.
Chicago/Turabian StyleJihyeon Oh; Sungjin Yu; Joonyoung Lee; Seunghwan Son; Myeonghyun Kim; Youngho Park. 2021. "A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes." Sensors 21, no. 4: 1488.
With the tremendous growth of Information and Communications Technology (ICT), Cyber Physical Systems (CPS) have opened the door for many potential applications ranging from smart grids and smart cities to transportation, retail, public safety and networking, healthcare and industrial manufacturing. However, due to communication via public channel occurring among various entities in an industrial CPS (ICPS) with the help of the 5G technology and Software-Defined Networking (SDN), it poses several potential security threats and attacks. To mitigate these issues, we propose a new three-factor user authentication and key agreement scheme (UAKA-5GSICPS) for 5G-enabled SDN based ICPS environment. UAKA-5GSICPS allows an authorized user to access the real-time data directly from some designated Internet of Things (IoT)-based smart devices provided that a successful mutual authentication among them is executed via their controller node in the SDN network. It is shown to be robust against various potential attacks through detailed security analysis including the simulation-based formal security verification. A detailed comparative study with the help of experimental results shows that UAKA-5GSICPS achieves better trade-off among security and functionality features, communication and computation overheads as compared to other existing competing schemes.
Anil Kumar Sutrala; Mohammad S. Obaidat; Sourav Saha; Ashok Kumar Das; Mamoun Alazab; Youngho Park. Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems. IEEE Transactions on Intelligent Transportation Systems 2021, PP, 1 -15.
AMA StyleAnil Kumar Sutrala, Mohammad S. Obaidat, Sourav Saha, Ashok Kumar Das, Mamoun Alazab, Youngho Park. Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems. IEEE Transactions on Intelligent Transportation Systems. 2021; PP (99):1-15.
Chicago/Turabian StyleAnil Kumar Sutrala; Mohammad S. Obaidat; Sourav Saha; Ashok Kumar Das; Mamoun Alazab; Youngho Park. 2021. "Authenticated Key Agreement Scheme With User Anonymity and Untraceability for 5G-Enabled Softwarized Industrial Cyber-Physical Systems." IEEE Transactions on Intelligent Transportation Systems PP, no. 99: 1-15.
Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.
Deokkyu Kwon; Sungjin Yu; Joonyoung Lee; Seunghwan Son; Youngho Park. WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks. Sensors 2021, 21, 936 .
AMA StyleDeokkyu Kwon, Sungjin Yu, Joonyoung Lee, Seunghwan Son, Youngho Park. WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks. Sensors. 2021; 21 (3):936.
Chicago/Turabian StyleDeokkyu Kwon; Sungjin Yu; Joonyoung Lee; Seunghwan Son; Youngho Park. 2021. "WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks." Sensors 21, no. 3: 936.
A secure authentication protocol plays a crucial role in securing communications over wireless and mobile networks. Due to resource-limitations and the nature of the wireless channel, the global mobile networks are highly susceptible to various attacks. Recently, an efficient authentication system for global roaming has been proposed in the literature. In this article, we first show that the analyzed authentication system is vulnerable man-in-the-middle attack, replay attack and Denial-of-Service (DoS) attack, and it does not ensure untraceability and local password-verification process to identify wrong passwords. To fix these security flaws, we propose a more efficient and robust authentication system for roaming in mobility networks. We use the formal verification tools like ProVerif, Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) logic to check the regularity of the authentication protocol. Moreover, we prove the secrecy of a session key through the formal security using the random oracle model, known as Real-Or-Random (ROR) model. Finally, a detailed performance evaluation proves that the security protocol not only provides a security strength, but also preserves the low computational overhead. Thus, the proposed authentication protocol is secure and computationally efficient as compared to other relevant schemes.
R. Shashidhara; Sanjeet Kumar Nayak; Ashok Kumar Das; Youngho Park. On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-Limited Mobility Networks. IEEE Access 2021, 9, 12879 -12895.
AMA StyleR. Shashidhara, Sanjeet Kumar Nayak, Ashok Kumar Das, Youngho Park. On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-Limited Mobility Networks. IEEE Access. 2021; 9 (99):12879-12895.
Chicago/Turabian StyleR. Shashidhara; Sanjeet Kumar Nayak; Ashok Kumar Das; Youngho Park. 2021. "On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-Limited Mobility Networks." IEEE Access 9, no. 99: 12879-12895.
Internet of Vehicles (IoV), a distributed network involving connected vehicles and Vehicular Ad Hoc Networks (VANETs), allows connected vehicles to communicate with other Internet-connected entities in real time. The communications among these entities (e.g. vehicles, pedestrians, fleet management systems, and road-side infrastructure) take place via an open channel. In other words, such an open communication can be targeted by the adversary to eavesdrop, modify, insert fabricated (or malicious) messages, or delete any data-in-transit; thus, resulting in replay, impersonation, man-in-the-middle, privileged-insider, and other related attacks. In addition to security, anonymity and untraceability are two other important features that should be achieved in an authentication protocol. In this paper, we propose a new mutual authentication and key agreement protocol in an IoV-enabled Intelligent Transportation System (ITS). Using both formal and informal security analysis, as well as formal security verification using an automated verification tool, we show that the proposed scheme is secure against several known attacks in an IoV-enabled ITS environment. Furthermore, a detailed comparative analysis shows that the proposed scheme has low communication and computational overheads, and offers better security and functionality attributes in comparison to seven other competing schemes. We also evaluate the performance of the proposed scheme using NS2.
Palak Bagga; Ashok Kumar Das; Mohammad Wazid; Joel J. P. C. Rodrigues; Kim-Kwang Raymond Choo; Youngho Park. On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System. IEEE Transactions on Vehicular Technology 2021, 70, 1736 -1751.
AMA StylePalak Bagga, Ashok Kumar Das, Mohammad Wazid, Joel J. P. C. Rodrigues, Kim-Kwang Raymond Choo, Youngho Park. On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System. IEEE Transactions on Vehicular Technology. 2021; 70 (2):1736-1751.
Chicago/Turabian StylePalak Bagga; Ashok Kumar Das; Mohammad Wazid; Joel J. P. C. Rodrigues; Kim-Kwang Raymond Choo; Youngho Park. 2021. "On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System." IEEE Transactions on Vehicular Technology 70, no. 2: 1736-1751.
In Internet of Everything (IoE), malicious attacks detection and mitigation are important issues. These issues can be resolved through an access control framework where two entities first authenticate each other prior to establish any secret key for their secure communication. The sensing data of various smart devices in an IoE environment are processed securely at the nearby fog servers and at the same time legitimate users can also access the real-time data directly from designated smart devices through access control mechanism. We first discuss various attack trends in IoE environment. After that we discuss evolution of the blockchain technology in the IoE. An Artificial Intelligence (AI)-based blockchain-envisioned access control framework for malicious attacks detection and mitigation has been suggested to secure the IoE environment. Finally, a blockchain based implementation has been conducted on the proposed blockchain-envisioned access control framework for measuring the computational time needed for varying number of blocks mined in the blockchain and also for varying number of transactions per block.
Basudeb Bera; Ashok Kumar Das; Mohammad S. Obaidat; Pandi Vijayakumar; Kuei-Fang Hsiao; Youngho Park. AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE. IEEE Consumer Electronics Magazine 2020, 10, 82 -92.
AMA StyleBasudeb Bera, Ashok Kumar Das, Mohammad S. Obaidat, Pandi Vijayakumar, Kuei-Fang Hsiao, Youngho Park. AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE. IEEE Consumer Electronics Magazine. 2020; 10 (5):82-92.
Chicago/Turabian StyleBasudeb Bera; Ashok Kumar Das; Mohammad S. Obaidat; Pandi Vijayakumar; Kuei-Fang Hsiao; Youngho Park. 2020. "AI-Enabled Blockchain-Based Access Control for Malicious Attacks Detection and Mitigation in IoE." IEEE Consumer Electronics Magazine 10, no. 5: 82-92.
Multi-server technology is widely utilized due to its enormous applicability in fields such as telecare medicine information system (TMIS), online shopping, remote surveillance, online banking, etc. However, a malicious attacker can perform various security attacks in the multi-server environments because he/she can easily modify, insert, inject, delete, and intercept exchanged messages over a public channel. Thus, secure authentication and key agreement (AKA) schemes are indispensable to provide useful services in multi-server environments. In 2020, Ali et al. presented a three-factor symmetric key based secure AKA scheme for privacy and security in multi-server environments. Ali et al. claimed that their scheme can prevent various security attacks, and also ensure secure authentication. However, this comment shows that Ali et al. ’s scheme suffers from many drawbacks, including session key exposure, man-in-the-middle (MITM), and masquerade attacks. Moreover, their scheme fails to ensure mutual authentication. Thus, we suggest the necessary security guidelines to resolve the security threats of Ali et al. ’s scheme.
Sungjin Yu; Youngho Park. Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”. IEEE Access 2020, 8, 1 -1.
AMA StyleSungjin Yu, Youngho Park. Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”. IEEE Access. 2020; 8 ():1-1.
Chicago/Turabian StyleSungjin Yu; Youngho Park. 2020. "Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”." IEEE Access 8, no. : 1-1.
Telecare medical information system (TMIS) implemented in wireless body area network (WBAN) is convenient and time-saving for patients and doctors. TMIS is realized using wearable devices worn by a patient, and wearable devices generate patient health data and transmit them to a server through a public channel. Unfortunately, a malicious attacker can attempt performing various attacks through such a channel. Therefore, establishing a secure authentication process between a patient and a server is essential. Moreover, wearable devices have limited storage power. Cloud computing can be considered to resolve this problem by providing a storage service in the TMIS environment. In this environment, access control of the patient health data is essential for the quality of healthcare. Furthermore, the database of the cloud server is a major target for an attacker. The attacker can try to modify, forge, or delete the stored data. To resolve these problems, we propose a secure authentication protocol for a cloud-assisted TMIS with access control using blockchain. We employ ciphertext-policy attribute-based encryption (CP-ABE) to establish access control for health data stored in the cloud server, and apply blockchain to guarantee data integrity. To prove robustness of the proposed protocol, we conduct informal analysis and Burrows-Adabi-Needham (BAN) logic analysis, and we formally validate the proposed protocol using automated validation of internet security protocols and applications (AVISPA). Consequently, we show that the proposed protocol provides more security and has better efficiency compared to related protocols. Therefore, the proposed protocol is proper for a practical TMIS environment.
Seunghwan Son; Joonyoung Lee; Myeonghyun Kim; Sungjin Yu; Ashok Kumar Das; Youngho Park. Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain. IEEE Access 2020, 8, 1 -1.
AMA StyleSeunghwan Son, Joonyoung Lee, Myeonghyun Kim, Sungjin Yu, Ashok Kumar Das, Youngho Park. Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain. IEEE Access. 2020; 8 ():1-1.
Chicago/Turabian StyleSeunghwan Son; Joonyoung Lee; Myeonghyun Kim; Sungjin Yu; Ashok Kumar Das; Youngho Park. 2020. "Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain." IEEE Access 8, no. : 1-1.
With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.
Joonyoung Lee; Sungjin Yu; Myeonghyun Kim; Youngho Park; SangWoo Lee; BoHeung Chung. Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing. Applied Sciences 2020, 10, 6268 .
AMA StyleJoonyoung Lee, Sungjin Yu, Myeonghyun Kim, Youngho Park, SangWoo Lee, BoHeung Chung. Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing. Applied Sciences. 2020; 10 (18):6268.
Chicago/Turabian StyleJoonyoung Lee; Sungjin Yu; Myeonghyun Kim; Youngho Park; SangWoo Lee; BoHeung Chung. 2020. "Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing." Applied Sciences 10, no. 18: 6268.
With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.
Sungjin Yu; Joonyoung Lee; Kisung Park; Ashok Kumar Das; Youngho Park. IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment. IEEE Access 2020, 8, 167875 -167886.
AMA StyleSungjin Yu, Joonyoung Lee, Kisung Park, Ashok Kumar Das, Youngho Park. IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment. IEEE Access. 2020; 8 (99):167875-167886.
Chicago/Turabian StyleSungjin Yu; Joonyoung Lee; Kisung Park; Ashok Kumar Das; Youngho Park. 2020. "IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment." IEEE Access 8, no. 99: 167875-167886.
Wireless sensor networks (WSN) are composed of multiple sensor nodes with limited storage, computation, power, and communication capabilities and are widely used in various fields such as banks, hospitals, institutes to national defense, research, and so on. However, useful services are susceptible to security threats because sensitive data in various fields are exchanged via a public channel. Thus, secure authentication protocols are indispensable to provide various services in WSN. In 2019, Mo and Chen presented a lightweight secure user authentication scheme in WSN. We discover that Mo and Chen’s scheme suffers from various security flaws, such as session key exposure and masquerade attacks, and does not provide anonymity, untraceability, and mutual authentication. To resolve the security weaknesses of Mo and Chen’s scheme, we propose a secure and lightweight three-factor-based user authentication protocol for WSN, called SLUA-WSN. The proposed SLUA-WSN can prevent security threats and ensure anonymity, untraceability, and mutual authentication. We analyze the security of SLUA-WSN through the informal and formal analysis, including Burrows–Abadi–Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the performance of SLUA-WSN with some existing schemes. The proposed SLUA-WSN better ensures the security and efficiency than previous proposed scheme and is suitable for practical WSN applications.
Sungjin Yu; Youngho Park. SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks. Sensors 2020, 20, 4143 .
AMA StyleSungjin Yu, Youngho Park. SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks. Sensors. 2020; 20 (15):4143.
Chicago/Turabian StyleSungjin Yu; Youngho Park. 2020. "SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks." Sensors 20, no. 15: 4143.
Kisung Park; SungKee Noh; Hyunjin Lee; Ashok Kumar Das; Myeonghyun Kim; Youngho Park; Mohammad Wazid. LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things. IEEE Access 2020, 8, 119387 -119404.
AMA StyleKisung Park, SungKee Noh, Hyunjin Lee, Ashok Kumar Das, Myeonghyun Kim, Youngho Park, Mohammad Wazid. LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things. IEEE Access. 2020; 8 ():119387-119404.
Chicago/Turabian StyleKisung Park; SungKee Noh; Hyunjin Lee; Ashok Kumar Das; Myeonghyun Kim; Youngho Park; Mohammad Wazid. 2020. "LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things." IEEE Access 8, no. : 119387-119404.