Yazar "Hussain, Sajid" seçeneğine göre listele

Listeleniyor 1 - 5 / 5
  • Küçük Resim
    Öğe
    Amassing the Security: An ECC-Based Authentication Scheme for Internet of Drones
    (IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855-4141, 2021) Hussain, Sajid; Chaudhry, Shehzad Ashraf; Alomari, Osama Ahmad; Alsharif, Mohammed H.; Khan, Muhammad Khurram; Kumar, Neeraj
    The continuous innovation and progression in hardware, software and communication technologies helped the expansion and accelerated growth in Internet of Things based drone networks (IoD), for the devices, applications and people to communicate and share data. IoD can enhance comfort in many applications including, daily life, commercial, and military/rescue operations in smart cities. However, this growth in infrastructure smartness is also subject to new security threats and the countermeasures require new customized solutions for IoD. Many schemes to secure IoD environments are proposed recently; however, some of those were proved as insecure and some degrades the efficiency. In this article, using elliptic curve cryptography, we proposed a new authentication scheme to secure the communication between a user and a drone flying in some specific flying zone. The security of the proposed scheme is solicited using formal Random oracle method along with a brief discussion on security aspects provided by proposed scheme. Finally, the comparisons with some related and latest schemes is illustrated.
  • Küçük Resim
    Öğe
    Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment”
    (IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855-4141, 2019) Hussain, Sajid; Chaudhry, Shehzad Ashraf
    Very recently, Das et al. (IEEE Internet of Things Journal, pp. 4900–4913, 5(6), DOI: 10.1109/JIOT.2018.2877690, 2018) presented a biometric-based solution for security and privacy in Industrial Internet of Things architecture. Das et al. claimed that their protocol is secure against known attacks. However, this comment shows that their protocol is defenseless against stolen verifier, stolen smart device, and traceability attacks. The attacker having access to public parameters and any of the verifier and parameters stored in smart device can easily expose the session key shared among the user and the smart device. Moreover, their protocol fails to provide perfect forward secrecy. Finally, this article also provides some necessary guidelines on attack resilience for the authentication schemes based on merely the symmetric key primitives, which are overlooked by Das et al.
  • Küçük Resim
    Öğe
    Designing secure and lightweight user access to drone for smart city surveillance
    (ELSEVIER, RADARWEG 29, 1043 NX AMSTERDAM, NETHERLANDS, 2022) Hussain, Sajid; Mahmood, Khalid; Khan, Muhammad Khurram; Chen, Chien-Ming; Alzahrani, Bander A.; Chaudhry, Shehzad Ashraf
    The Internet of drones (IoD) is a very useful application of the Internet of things (IoT) and it can help the daily life comfort through various functions including the smart city surveillance. The IoD can enhance the comfort to reach inaccessible and hard to access sites and can save lot of effort, time and cost. However, in addition to traditional threats, the IoD may suffer from new threats and requires customized methods to combat the security weaknesses. Very recently, Wazid et al. proposed a security solution for securing IoD application scenario and claimed its security. However, in this paper we show that their scheme cannot resist stolen verifier and traceability attacks. Moreover, an attacker with access to the verifier, can impersonate any user, drone or server of the system. An enhanced scheme is then proposed to cope with these weaknesses. The security claims of proposed scheme are endorsed by formal and informal security analysis. Moreover, the performance and security comparisons show that proposed scheme completes a cycle of authentication with a slight increase in computation time, but it offers all the required security features as compared with the scheme of Wazid et al.
  • Küçük Resim
    Öğe
    An Improved Authentication Scheme for Digital Rights Management System
    (WILEY-HINDAWI, ADAM HOUSE, 3RD FL, 1 FITZROY SQ, LONDON WIT 5HE, ENGLAND, 2022) Hussain, Sajid; Bin Zikria, Yousaf; Mallah, Ghulam Ali; Chen, Chien-Ming; Alshehri, Mohammad Dahman; Ishmanov, Farruh; Chaudhry, Shehzad Ashraf
    With the increasing number and popularity of digital content, the management of digital access rights has become an utmost important field. Through digital rights management systems (DRM-S), access to digital contents can be defined and for this, an efficient and secure authentication scheme is required. The DRM authentication schemes can be used to give access or restrict access to digital content. Very recently in 2020, Yu et al. proposed a symmetric hash and xor-based DRM and termed their system to achieve both security and performance efficiency. Contrarily, in this study, we argue that their scheme has several issues including nonresistance to privileged insider and impersonation attacks. Moreover, it is also to show in this study that their scheme has an incorrect authentication phase and due to this incorrectness, the scheme of Yu et al. lacks user scalability. An improved scheme is then proposed to counter the insecurities and incorrectness of the scheme of Yu et al. We prove the security of the proposed scheme using BAN logic. For a clear picture of the security properties, we also provide a textual discussion on the robustness of the proposed scheme. Moreover, due to the usage of symmetric key-based hash functions, the proposed scheme has a comparable performance efficiency.
  • Küçük Resim
    Öğe
    ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments
    (IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855-4141, 2020) Ali, Zeeshan; Hussain, Sajid; Rehman, Rana Haseeb Ur; Munshi, Asmaa; Liaqat, Misbah; Kumar, Neeraj; Chaudhry, Shehzad Ashraf
    A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the users. Whereas, in a multi-server environment, users only need to register once to resort various services for exploiting the benefits of a multi-server environment. Recently, Barman et al. proposed an authentication scheme for ehealthcare by employing a fuzzy commitment and asserted that the scheme can endure many known attacks. Nevertheless, after careful analysis, this paper presents the shortcoming related to its design. Furthermore, it proves that the scheme of Barman et al. is prone to many attacks including: server impersonation, session-key leakage, user impersonation, secret temporary parameter leakage attacks as well as its lacks user anonymity. Moreover, their scheme has the scalability issue. In order to mitigate the aforementioned issues, this work proposes an amended three-factor symmetric-key based secure authentication and key agreement scheme for multi-server environments (ITSSAKA-MS). The security of ITSSAKA-MS is proved formally under automated tool AVISPA along with a security feature discussion. Although, the proposed scheme requisites additional communication and computation costs. In contrast, the informal and automated formal security analysis indicate that only proposed scheme withstands several known attacks as compared to recent benchmark schemes.