Search results

1 – 10 of 20
To view the access options for this content please click here
Article
Publication date: 12 June 2017

Vivek V. Jog and Senthil Murugan T.

Due to the connectivity of the multiple devices and the systems on the same network, rapid development has become possible in Internet of Things (IoTs) for the last…

Abstract

Purpose

Due to the connectivity of the multiple devices and the systems on the same network, rapid development has become possible in Internet of Things (IoTs) for the last decade. But, IoT is mostly affected with severe security challenges due to the potential vulnerabilities happened through the multiple connectivity of sensors, devices and system. In order to handle the security challenges, literature presents a handful of security protocols for IoT. The purpose of this paper is to present a threat profiling and elliptic curve cryptography (ECC)-based mutual and multi-level authentication for the security of IoTs. This work contains two security attributes like memory and machine-related attributes for maintaining the profile table. Also, the profile table stores the value after encrypting the value with ECC to avoid storage resilience using the proposed protocol. Furthermore, three entities like, IoT device, server and authorization centre (AC) performs the verification based on seven levels mutually to provide the resilience against most of the widely accepted attacks. Finally, DPWSim is utilized for simulation of IoT and verification of proposed protocol to show that the protocol is secure against passive and active attacks.

Design/methodology/approach

In this work, the authors have presented a threat profiling and ECC-based mutual and multi-level authentication for the security of IoTs. This work contains two security attributes like memory and machine-related attributes for maintaining the profile table. Also, the profile table stores the value after encrypting the value with ECC to avoid storage resilience using the proposed protocol. Furthermore, three entities like, IoT device, server and AC performs the verification based on seven levels mutually to provide the resilience against most of the widely accepted attacks.

Findings

DPWSim is utilized for simulation of IoT and verification of the proposed protocol to show that this protocol is secure against passive and active attacks. Also, attack analysis is carried out to prove the robustness of the proposed protocol against the password guessing attack, impersonation attack, server spoofing attack, stolen verifier attack and reply attack.

Originality/value

This paper presents a threat profiling and ECC-based mutual and multi-level authentication for the security of IoTs.

Details

International Journal of Intelligent Computing and Cybernetics, vol. 10 no. 2
Type: Research Article
ISSN: 1756-378X

Keywords

To view the access options for this content please click here
Article
Publication date: 2 November 2015

Michael Hölzl, Endalkachew Asnake, Rene Mayrhofer and Michael Roland

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile…

Abstract

Purpose

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

Design/methodology/approach

A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

Findings

To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

Originality/value

By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Details

International Journal of Pervasive Computing and Communications, vol. 11 no. 4
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 2 November 2015

Nancy Ambritta P, Poonam N. Railkar and Parikshit N. Mahalle

This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a…

Abstract

Purpose

This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative Mutual Identity Establishment (CMIE) scheme which adopts the elliptical curve cryptography (ECC), to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as denial-of-service (DoS) and replay attack.

Design/methodology/approach

This paper provides a comparative analysis of the existing protocols that address the security issues in the FI and also provides a CMIE scheme, by adopting the ECC and digital signature verification mechanism, to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as DoS and replay attack. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Further, the algorithm is evaluated against Automated Validation of Internet Security Protocols and Application (AVISPA) tool to verify the security solutions that the CMIE scheme has claimed to address to have been effectively achieved in reality.

Findings

The algorithm is evaluated against AVISPA tool to verify the security solutions that the CMIE scheme has claimed to address and proved to have been effectively achieved in reality. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI.

Research limitations/implications

Considering the Internet of Things (IoT) scenario, another important aspect that is the device-to-location (D2L) aspect has not been considered in this protocol. Major focus of the protocol is centered around the device-to-device (D2D) and device-to-server (D2S) scenarios. Also, IoT basically works upon a confluence of hundreds for protocols that support the achievement of various factors in the IoT, for example Data Distribution Service, Message Queue Telemetry Transport, Extensible Messaging and Presence Protocol, Constrained Application Protocol (CoAP) and so on. Interoperability of the proposed CMIE algorithm with the existing protocols has to be considered to establish a complete model that fits the FI. Further, each request for mutual authentication requires a querying of the database and a computation at each of the participating entities side for verification which could take considerable amount of time. However, for applications that require firm authentication for maintaining and ensuring secure interactions between entities prior to access control and initiation of actual transfer of sensitive information, the negligible difference in computation time can be ignored for the greater benefit that comes with stronger security. Other factors such as quality of service (QoS) (i.e. flexibility of data delivery, resource usage and timing), key management and distribution also need to be considered. However, the user still has the responsibility to choose the required protocol that suits one’s application and serves the purpose.

Originality/value

The originality of the work lies in adopting the ECC and digital signature verification mechanism to develop a new scheme that ensures mutual authentication between participating entities in the FI based upon certain user information such as identities. ECC provides efficiency in terms of key size generated and security against main-in-middle attack. The proposed scheme provides secured interactions between devices/entities in the FI.

Details

International Journal of Pervasive Computing and Communications, vol. 11 no. 4
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 26 November 2019

Sanchari Saha and Dinesh K. Anvekar

Security of wireless body area network communication is highly important as it directly impacts human life. This paper aims to focus on battlefield application area of…

Abstract

Purpose

Security of wireless body area network communication is highly important as it directly impacts human life. This paper aims to focus on battlefield application area of WBAN for implementing security where data must be protected against various possible attacks before delivering over a public network.

Design/methodology/approach

Providing a strong security system is still a research challenge due to low computational power of used sensors for protecting transmission data. In this paper, the authors have proposed an optimized security solution for multithreaded wireless body area network (MWBAN) using trust-based distributed group key management technique to overcome the drawbacks of existing elliptical curve cryptography-homomorphism (ECC-Homomorphism) scheme as well as coded cooperative data exchange group key management (CCDE_GKM) scheme.

Findings

The proposed optimized security solution is implemented for a particular deployment strategy and test runs are conducted. It is found that when number of attack nodes increased to 25, compared to ECC–Homomorphism and CCDE_GKM for the proposed trust-based distributed group key management technique there is an improvement in performance parameters such as throughput is dropped to only 10.11 Kbps, average delay is just 3.4 s, energy consumption is maximum 29 joules, packet loss is only 12.3 per cent, 90.9 per cent truly can detect attack, only 8.9 per cent false attack detection and 84 per cent true negative detection.

Social implications

Medical care can be provided to human beings with much ease and flexibility via remote monitoring. The user can be at any place, can do his/her everyday work while remotely being monitored of their health parameters and secured transmission of their data to the health-care center for medical service in need.

Originality/value

This paper presents an optimized security solution for MWBAN using trust-based distributed group key management technique where bilinear pairing theory is used as major cryptographic base. Optimal key is selected based on trust value and also attack nodes are detected based on trust value to control participation in communication.

Details

International Journal of Pervasive Computing and Communications, vol. 17 no. 2
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 1 March 2006

Krzysztof Piotrowski, Peter Langendörfer, Oliver Maye and Zoya Dyka

To enhance security and privacy of e‐cash systems that apply revocable anonymity by presenting a statistical attack that reveals the hidden ID and suitable protection…

Abstract

Purpose

To enhance security and privacy of e‐cash systems that apply revocable anonymity by presenting a statistical attack that reveals the hidden ID and suitable protection means against this kind of attack.

Design/methodology/approach

The feasibility of a statistical attack that reveals the ID of user of e‐cash schemes with revocable anonymity is shown. To avoid such attacks the application of modulo operations while constructing e‐cash coins is proposed. Measurement results are used to back up the suitability of this approach.

Findings

Revocable anonymity systems can successfully be attacked. Applying modulo operations can prevent such attacks.

Practical implications

The recommendations given in this paper should be applied whenever an e‐cash scheme or similar system with revocable anonymity is designed. Otherwise the promised feature may be compromised very easily.

Originality/value

The paper identifies a formerly unknown attack against systems with revocable identities, and presents a mathematical solution to protect such systems against the attack presented.

Details

Internet Research, vol. 16 no. 2
Type: Research Article
ISSN: 1066-2243

Keywords

To view the access options for this content please click here
Article
Publication date: 17 June 2021

Ankush Balaram Pawar, Dr. Shashikant U. Ghumbre and Dr. Rashmi M. Jogdand

Cloud computing plays a significant role in the initialization of secure communication between users. The advanced technology directs to offer several services, such as…

Abstract

Purpose

Cloud computing plays a significant role in the initialization of secure communication between users. The advanced technology directs to offer several services, such as platform, resources, and accessing the network. Furthermore, cloud computing is a broader technology of communication convergence. In cloud computing architecture, data security and authentication are the main significant concerns.

Design/methodology/approach

The purpose of this study is to design and develop authentication and data security model in cloud computing. This method includes six various units, such as cloud server, data owner, cloud user, inspection authority, attribute authority, and central certified authority. The developed privacy preservation method includes several stages, namely setup phase, key generation phase, authentication phase and data sharing phase. Initially, the setup phase is performed through the owner, where the input is security attributes, whereas the system master key and the public parameter are produced in the key generation stage. After that, the authentication process is performed to identify the security controls of the information system. Finally, the data is decrypted in the data sharing phase for sharing data and for achieving data privacy for confidential data. Additionally, dynamic splicing is utilized, and the security functions, such as hashing, Elliptic Curve Cryptography (ECC), Data Encryption Standard-3 (3DES), interpolation, polynomial kernel, and XOR are employed for providing security to sensitive data.

Findings

The effectiveness of the developed privacy preservation method is estimated based on other approaches and displayed efficient outcomes with better privacy factor and detection rate of 0.83 and 0.65, and time is highly reduced by 2815ms using the Cleveland dataset.

Originality/value

This paper presents the privacy preservation technique for initiating authenticated encrypted access in clouds, which is designed for mutual authentication of requester and data owner in the system.

Details

International Journal of Pervasive Computing and Communications, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 17 February 2012

Gianmarco Baldini, Franco Oliveri, Michael Braun, Hermann Seuschek and Erwin Hess

Humanitarian logistics is an essential element of disaster management and it presents many challenges due to the unique disaster relief environment. The paper describes…

Abstract

Purpose

Humanitarian logistics is an essential element of disaster management and it presents many challenges due to the unique disaster relief environment. The paper describes the main features and challenges of humanitarian logistics and the potential role of technology. Radio frequency identification (RFID) technology has been increasingly considered to improve the efficiency of supply chain management. Security is an important requirement for disaster management. The purpose of this paper is to propose and describe the application of secure RFID technology to improve the management and security of relief supply chains.

Design/methodology/approach

The paper describes the challenges of disaster of supply chains and how secure RFID can address them in the overall framework of disaster management.

Findings

The paper describes the efficiency of the crypotgraphic algorithm used in the design of the secure RFID, the system architecture and the deployment workflow.

Practical implications

The establishment of a logistics tracking framework based on secure RFID has the potential to greatly increase the effectiveness of future emergency crises response operations.

Originality/value

The originality of the paper is to present the application of secure RFID to the context of disaster management, where the security of supply chains is often not addressed.

Details

Disaster Prevention and Management: An International Journal, vol. 21 no. 1
Type: Research Article
ISSN: 0965-3562

Keywords

To view the access options for this content please click here
Article
Publication date: 16 March 2012

Guillermo Azuara, José Luis Tornos and José Luis Salazar

The purpose of this paper is to develop an efficient tool to ensure traceability data entry based on RFID and improve the detection of fakes inside the supply chain.

Abstract

Purpose

The purpose of this paper is to develop an efficient tool to ensure traceability data entry based on RFID and improve the detection of fakes inside the supply chain.

Design/methodology/approach

First, the authors put forward a secure traceability system with a cryptographic operator that improves efficiency, saves costs and is adaptable to all types of supply chains. Second, the authors implement the system in a food manufacturing company, show the compatibility of the system with the initial production chain and demonstrate its improvement.

Findings

The authors have economically and technologically improved the detection of faked goods in the supply chain by means of a cheap and scalable system based on RFID.

Research limitations/implications

The system has been tested in a manufacturing point of the supply chain, not in the supply chain as a whole. As traceability is additive in character, the results can be generalized and applied to each part of the supply chain.

Practical implications

A prototype has been built and implemented for a food manufacturing company. It meets all the specifications required for detection of fakes in manufactured products.

Originality/value

Unlike other existing products used to detect fakes through traceability, this system identifies fakes and potential counterfeits, significantly reducing the cost of security management. Another important difference is that verification can be performed by a third party not involved in the system, without loss of security.

Details

Industrial Management & Data Systems, vol. 112 no. 3
Type: Research Article
ISSN: 0263-5577

Keywords

To view the access options for this content please click here
Article
Publication date: 3 April 2009

Rodrigo Roman and Javier Lopez

This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing…

Abstract

Purpose

This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.

Design/methodology/approach

The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.

Findings

By providing the services of the network through a front‐end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.

Research limitations/implications

The complete integration of sensor networks and the internet still remains as an open issue.

Practical implications

With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.

Originality/value

The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.

Details

Internet Research, vol. 19 no. 2
Type: Research Article
ISSN: 1066-2243

Keywords

To view the access options for this content please click here
Article
Publication date: 3 August 2020

Chen Kuilin, Feng Xi, Fu Yingchun, Liu Liang, Feng Wennan, Jiang Minggang, Hu Yi and Tang Xiaoke

The data protection is always a vital problem in the network era. High-speed cryptographic chip is an important part to ensure data security in information interaction…

Abstract

Purpose

The data protection is always a vital problem in the network era. High-speed cryptographic chip is an important part to ensure data security in information interaction. This paper aims to provide a new peripheral component interconnect express (PCIe) encryption card solution with high performance, high integration and low cost.

Design/methodology/approach

This work proposes a System on Chip architecture scheme of high-speed cryptographic chip for PCIe encryption card. It integrated CPU, direct memory access, the national and international cipher algorithm (data encryption standard/3 data encryption standard, Rivest–Shamir–Adleman, HASH, SM1, SM2, SM3, SM4, SM7), PCIe and other communication interfaces with advanced extensible interface-advanced high-performance bus three-level bus architecture.

Findings

This paper presents a high-speed cryptographic chip that integrates several high-speed parallel processing algorithm units. The test results of post-silicon sample shows that the high-speed cryptographic chip can achieve Gbps-level speed. That means only one single chip can fully meet the requirements of cryptographic operation performance for most cryptographic applications.

Practical implications

The typical application in this work is PCIe encryption card. Besides server’s applications, it can also be applied in terminal products such as high-definition video encryption, security gateway, secure routing, cloud terminal devices and industrial real-time monitoring system, which require high performance on data encryption.

Social implications

It can be well applied on many other fields such as power, banking, insurance, transportation and e-commerce.

Originality/value

Compared with the current strategy of high-speed encryption card, which mostly uses hardware field-programmable gate arrays or several low-speed algorithm chips through parallel processing in one printed circuit board, this work has provided a new PCIe encryption card solution with high performance, high integration and low cost only in one chip.

Details

Circuit World, vol. 47 no. 2
Type: Research Article
ISSN: 0305-6120

Keywords

1 – 10 of 20