Yazar "Alazab, Mamoun" seçeneğine göre listele

Listeleniyor 1 - 3 / 3
  • Küçük Resim Yok
    Öğe
    Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment
    (Assoc Computing Machinery, 2021) Chaudhry, Shehzad Ashraf; Irshad, Azeem; Yahya, Khalid; Kumar, Neeraj; Alazab, Mamoun; Bin Zikria, Yousaf
    The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.
  • Küçük Resim
    Öğe
    A secure and lightweight authentication scheme for next generation IoT infrastructure
    (ELSEVIER, RADARWEG 29, 1043 NX AMSTERDAM, NETHERLANDS, 2021) Rana, Minahil; Shafiq, Akasha; Altaf, Izwa; Alazab, Mamoun; Mahmood, Khalid; Chaudhry, Shehzad Ashraf; Bin Zikria, Yousaf
    While the 6G/IoT transition is on the cards, the real advantage of this transition can be realized only if the user privacy and security are guaranteed. The smartcard and password based authentication protocols can help the transition in a rapid way. However, due to insecurities and/or heavy computation, many such protocols cannot cope with the dynamic requirements of future generation networks. Recently, Kaul and Awasthi presented a robust and secure user authentication protocol based on resource friendly symmetric cryptography primitives. They declared that their introduced protocol is convenient, efficient, and secure for the applications in realworld. In contrast, this article describes that protocol of Kaul and Awasthi is not secure because an attacker can easily find the identity of a legal user that is being sent on the public channel. Further, by using the identity of a legitimate user, an attacker can impersonate himself as a legitimate user of the system and can enjoy the services given by the server. So, their protocol is susceptible to user impersonation attacks, and their claim of being secure is proven to be wrong. Therefore, we have extended their work and presented an upgraded scheme by ensuring secure communication over the entire channel. Moreover, our proposed scheme is safe not solely against user impersonation attack but also major security attacks with reasonable communication, computation, and storage costs and is a better candidate for deployment in 6G/IoT networks.
  • Küçük Resim
    Öğe
    A secure demand response management authentication scheme for smart grid
    (ELSEVIER, RADARWEG 29, 1043 NX AMSTERDAM, NETHERLANDS, 2021) Irshad, Azeem; Chaudhry, Shehzad Ashraf; Alazab, Mamoun; Kanwal, Ambrina; Zia, M. Sultan; Bin Zikria, Yousaf
    The electricity demands are floated through smart grid (SG) devices to a remote power management system and utility center (UC) for utilizing energy-based services, while the UCs manage the distribution of power. Nevertheless, in smart grid systems, the communication messages are susceptible to various threats, since the information related to power consumption is communicated over an unsafe public channel. Therefore, a secure authenticated key agreement scheme is crucial for dispensing energy-based services to legal subscribers. In this regard, Yu et al. designed a secure authentication scheme for smart grid-based demand response management. Nevertheless, we discover that Yu et al.’s protocol is prone to replay attack, denial-of-service attack, and many technical defects in the protocol. Thus, we propose an anonymous and lightweight authenticated key agreement protocol for smart grid-based demand response management countering the limitations in Yu et al.’s scheme. Our scheme may withstand known security attacks, and also supports privacy as well as mutual authentication. We evaluate the security properties of contributed protocol employing informal security analysis and proved the security of session key between the utility center and smart grid using Burrows Abadi Needham (BAN) logic analysis and ProVerif automated simulation. The achieved results sufficiently advocate the practical implementation of the scheme.