|
|
|
 |
Search published articles |
 |
|
Showing 6 results for Key Agreement
, ,
Volume 10, Issue 2 (3-2022)
Abstract
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireless sensor network. An authentication scheme in a wireless sensor network must have the following security features: anonymity, Unlink sessions, session key agreement, session key security, and perfect forward secrecy and prevent attacker’s attacks. An important feature of the authentication scheme is that by capturing the sensor, the attacker will not be able to obtain the private values of the protocol parties. Chen et al propose an authentication scheme with key agreement using wireless sensor network for an agricultural monitoring system, which claims to have security features. This articcle proves that Chen et al’s scheme is vulnerable to sensor capture attacks that Obtain session key, sensor impersonation, User anonymity violation, forward and backward secrecy violation, and sessions link. In the rest of the article, the proposed solution to improve the design of Chen et al. will be presented and the improved design will be evaluated.
Seyed Hamid Baghestani , Farokhlagha Moazami,
Volume 11, Issue 1 (9-2022)
Abstract
The conventional electricity infrastructure relies on the usage of fossil fuels, which harms the environment greatly. A smart grid is an infrastructure that enables the integration of renewable resources with the distribution system, as well as the potential of establishing a two-way flow of energy and data between network management and subscribers in order to optimize energy use. However, this data flow may be misused by attackers to disrupt security and causes power network imbalances.Therefore, it is necessary to exploit different security protocols to exchange data in this platform. One of these security protocols is the authenticated key agreement protocol, which allows the parties to authenticate each other and share a key to encrypt data. Recently Zhang et al. proposed a lightweight key authentication protocol based on hash functions. In this paper, we examine their protocol and show that vulnerable to denial of service (DOS) attack and also is not optimized to implement on smart grid. Then we present a lightweight and secure authentication protocol based on hash functions.
Amir Allahdadi Ghiyasabadi , Javad Alizadeh,
Volume 11, Issue 1 (9-2022)
Abstract
With the development of new information and communication technologies such as developments related to Internet of Things applications, the importance of information and maintaining its security is more and more considered. Key agreement and authentication protocols play an important role in ensuring information security. One of the important components used in many applications of the Internet of Things is wireless sensor networks, whose security is ensured by using appropriate protocols of these networks. In 2020, Sikarwar and Das presented a key agreement protocol with authentication for wireless sensor networks and claimed that this protocol is secure against well-known attacks such as feedback attacks, password discovery, and man-in-the-middle attacks. In this paper, it is shown that the Sikarvar and DOS protocol is not secure and an attacker can easily obtain this key. In addition, it is shown that the protocol cannot be secure against password discovery and spoofing attacks.
Saba Marandi, Farrokhlagha Moazzami,
Volume 11, Issue 2 (3-2023)
Abstract
In medical fields, a wearable body area sensors network is a network of sensors placed inside human bodies or on their skin. These multi-functional sensors provide all patients and medical personnel with optimized and comfortable services. The patient’s physiological information transferred in this network is very sensitive and confidential; Therefore, transmitting through an insecure channel requires high anonymity, un-traceability, and privacy-preserving of personal data. Furthermore, the wearable body area network is a small part of the Internet of Things (IoT) community, and as the devices are resource-constraint, lightweight protocols are needed to guarantee the information’s authenticity, confidentiality, and integrity. Hence, a large number of schemes were proposed by different researchers to improve the reliability of the protocols. Recently Ankur Gupta and his colleagues proposed a lightweight mutual authentication and key agreement protocol and proved its security against well-known attacks. In this paper, we will demonstrate that their proposed protocol is vulnerable to the sensor node impersonation attack and does not provide the necessary security for communicating data; Then, we will offer a new solution to overcome this problem.
Zahra Jafari, Sahar Palimi, Mohamadamin Sabaei, Rahman Hajian, Hossein Erfani,
Volume 12, Issue 2 (2-2024)
Abstract
In the Internet of Things (IoT) environment, security and privacy are paramount concerns for critical applications. The LoRa protocol efficiently enables long-range communication for resource-constrained end devices in LoRaWAN networks. To foster technology adoption and user trust, safeguarding the data collected by end devices is essential. Authentication and key agreement protocols play a pivotal role in achieving this goal. Here, we introduce a novel scheme for authentication and key exchange in LoRaWAN, enabling mutual authentication among participants. This scheme empowers users/end devices and network servers to establish secure end-to-end session keys without unconditional trust. We assess the scheme's security informally and provide formal verification using AVISPA tools and the BAN logic. Furthermore, we compare it to existing authentication schemes, demonstrating its efficiency in terms of computational and communication overhead.
Javad Alizadeh, Seyyed Hadi Noorani Asl,
Volume 12, Issue 2 (2-2024)
Abstract
The Internet of Drones (IoD) refers to the use of unmanned aerial vehicles (UAVs) connected to the Internet. This concept is a specific application of IoT. The IoD may offer opportunities, but it also poses security vulnerabilities. It is necessary to use authentication and key agreement protocols in drone communications to prevent these vulnerabilities. In 2020, Alladi et al presented an authentication and key agreement protocol based on physical unclonable functions called SecAutUAV. They analyzed the security of their scheme through both formal and informal methods. In this paper, we demonstrate the vulnerability of the SecAuthUAV protocol to a key recovery attack. An adversary can obtain a session key between a drone and a ground station by intercepting and analyzing the session data. In addition, we present a secret value recovery attack with complexity  , which is lower than the complexity of brute force attacks. An adversary could spoof and track the drone by using these values. In order to improve the security and efficiency of SecAuthUAV, we present a new version and compare it to the original. We utilize both the informal method and formal-based ProVerif to analyze the
security of the latest protocol. To compare the efficiency of the new protocol and SecAuthUAV, we counted their number of operators and functions. The new protocol is more secure and efficient than SecAutUAV.
|
|
