Tsu-Yang Wu scite author profile

Abstract:The advancement of Wireless Body Area Networks (WBAN) have led to significant progress in medical and health care systems. However, such networks still suffer from major security and privacy threats, especially for the data collected in medical or health care applications. Lack of security and existence of anonymous communication in WBAN brings about the operation failure of these networks. Recently, Li et al. proposed a lightweight protocol for wearable sensors in wireless body area networks. In their paper, the authors claimed that the protocol may provide anonymous mutual authentication and resist against various types of attacks. This study shows that such a protocol is still vulnerable to three types of attacks, i.e., the offline identity guessing attack, the sensor node impersonation attack and the hub node spoofing attack. We then present a secure scheme that addresses these problems, and retains similar efficiency in wireless sensors nodes and mobile phones.

show abstract

An Authenticated Key Exchange Protocol for Multi-Server Architecture in 5G Networks

Lee

Obaidat

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Currently, the popularity of the Internet of Things (IoT) has brought about an increase in the amount of data, so multi-server distributed cloud computing has been widely used in various applications that have brought convenience to our daily lives. At the same time, the development of the fifth generation (5G) of mobile communication technology has gradually become the main driving force for the popularization of the IoT. Because the 5G network is a heterogeneous network with multiple servers and small cells, the mutual authentication protocol under multiple servers is also applicable to the 5G network environment. However, much of the data will have serious storage and security issues during transmission. Aiming at the security issues in a multi-server (M-S) architecture, in 2018, Wu et al. proposed an authentication protocol in a distributed cloud environment. They claimed that their protocol is secure and resistant to various known types of attacks. However, we found that their protocol does not guarantee perfect forward secrecy (PFS) and suffers from privileged insider (PI) attacks. Such attacks will cause data to be out of sync. Therefore, we improved Wu et al.'s protocol and proposed an improvement in the 5G network environment. Finally, we performed a security analysis on the proposed protocol, including the automatic encryption protocol tool ProVerif, BAN logic, and informal security analysis, which proved that our protocol is secure. Compared with similar existing schemes, we have proved the efficiency of the scheme and achieved higher security standards. INDEX TERMS Authentication, multi-server, 5G networks, cryptanalysis, lightweight. Applying this for each component, we get S6:S j |≡ U i |≡ N i. Using A29, S6, and the jurisdiction rule, we get S7: S j |≡ N i. According to the message M2 and using the seeing rule, we get S8: CS {PID i , B 2 : N i , PID i x ; B 3 : ID i h(PID i N i) ; B 4 , T j }. Using the seeing rule for components we get S9: CS { N i , PID i x }. Using A4, S9, and the MM rule, we get S10: CS |≡ U i |∼ (N i , PID i). Using A5, S3, the freshness rule, and the N-V rule, we get S11: CS |≡ U i |≡ (N i , PID i). Using S11 and the belief rule, we get S12: CS |≡ U i |≡ (N i). S13: CS |≡ U i |≡ (PID i). Using A7, S12, and the jurisdiction rule, we get S14: CS |≡ N i. According to S8 and using the seeing rule, we get S15: CS { ID i h(PID i N i) }. Using A5, S14, and the MM rule, we get S16: CS |≡ U i |∼ ID i. Using A11, S16, and the N-V rule, we get S17: CS |≡ U i |≡ ID i. Using A9, S17, and the jurisdiction rule, we get S18: CS |≡ ID i. Using A14, S14, S18, and the belief rule, we get S19: CS |≡ (ID i , N i , HP i). Because K i = h(N i ID i HP i), we can get S20: CS |≡ k i. According to message M3 and using the seeing rule, we get S21: CS {PSID j , B 5 : N j , PSID i x ; B 6 : SID j h(PSID j N j) ; B 7 , T j }. Using the seeing rule for components we get S22: CS { N j , PSID i x }. Using A15, S22, and the message-meaning rule, we get S23: CS |≡ S j |∼ (N j , PSID j). Using A6, S23, the fresh...

show abstract

Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications

Chen

Wang

Yeh

et al. 2018

J Ambient Intell Human Comput

126

View full text Add to dashboard Cite

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

Chen

et al. 2017

Sensors

102

View full text Add to dashboard Cite

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

show abstract

An efficient user authentication and key exchange protocol for mobile client–server environment

Tseng

2010

Computer Networks

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tsu-Yang Wu

An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks

An Authenticated Key Exchange Protocol for Multi-Server Architecture in 5G Networks

Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

An efficient user authentication and key exchange protocol for mobile client–server environment

Contact Info

Product

Resources

About