Papers by Ashok Kumar Das
The ISC International Journal of Information Security, 2019
Smart grid concept is introduced to modify the power grid by utilizing new information and commun... more Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Due to the complex design of smart grid systems, and utilizing different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. We found that Mahmood et al.'s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted BAN logic and AVISPA tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.
https://www.isecure-journal.com/article_91969.html
IEEE Access
Recently, the Digital Twin (DT) technology has procured a lot of attention because of its applica... more Recently, the Digital Twin (DT) technology has procured a lot of attention because of its applicability in the manufacturing and space industries. The DT environment involves the formation of a clone of the tangible object to perform simulations in the virtual space. The combination of conceptual development, predictive maintenance, real-time monitoring, and simulation characteristics of DT has increased the utilization of DT in different scenarios, such as medical environments, healthcare, manufacturing industries, aerospace, etc. However, these utilizations have also brought serious security pitfalls in DT deployment. Towards this, several authentication protocols with different security and privacy features for DT environments have been proposed. In this article, we first review a recently proposed two-factor authentication protocol for DT environments that utilizes the blockchain technology. However, the analyzed scheme is unable to offer the desirable security and cannot withstand various security attacks like offline password-guessing attack, smart card stolen attack, anonymity property, and known session-specific temporary information attack. We also demonstrate that an attacker can impersonate the analyzed protocol's legal user, owner, and cloud server. To mitigate these security loopholes, we devise an effective three-factor privacy-preserving authentication scheme for DT environments. The proposed work is demonstrated to be secure by performing the informal security analysis, the formal security analysis using the widely recognized Burrows-Abadi-Needham (BAN) logic, and the Real-or-Random (ROR) model. A detailed comparative study on existing competing schemes including the analyzed scheme demonstrates that the devised framework furnishes better security features while also having lower computation costs and comparable communication costs than the existing schemes. INDEX TERMS Digital twin, blockchain, authentication, key agreement, security.
Journal of Computers, 2011
Mobile ad hoc networks (MANETs) are known to be unprotected due to the nature of message propagat... more Mobile ad hoc networks (MANETs) are known to be unprotected due to the nature of message propagation and the openness of public channel. Another important characteristic of MANETs is their being basically energy constrained. While it is known that symmetric key cryptography provides a high degree of secrecy and efficiency, but has a number of significant difficulties for the MANET domain in key distribution, key management, scalability and provision of non-repudiation. Public key cryptography (PKC) on other hand provides solutions to the problems inherent in symmetric key cryptography with authenticated key agreement protocols. However the constraints of MANETs such as mobility of nodes, lack of network services and servers make such a proposition difficult. In this paper, we propose a PKC based new energy efficient twoparty mutual authenticated key agreement protocol suitable for MANETs. Its security is based on the elliptic curve discrete logarithm assumption. We provide proof here for the security of the proposed protocol and show its relative better performance when compared with other relevant protocols.
Security and Communication Networks, 2016
A novel biometric identity-based digital multi-signature (BIO-IDMS) scheme is put forwarded in th... more A novel biometric identity-based digital multi-signature (BIO-IDMS) scheme is put forwarded in this paper. The proposed scheme is constructed with the help of fuzzy extractor and elliptic curve bilinear pairings. Furthermore, we designed the formal model and the security model of the proposed BIO-IDMS scheme. The formal security analysis demonstrates that the forgery of the proposed scheme is infeasible in the random oracle model based on the intractability assumption of the computational Diffie-Hellman (CDH) problem. The proposed scheme outperforms in terms of computational cost compared with other related existing multi-signature schemes.
Proceedings of the Twentieth ACM Conference on Embedded Networked Sensor Systems
Smart Energy Systems (SES) are the need of the hour, given the looming dangers of power crises am... more Smart Energy Systems (SES) are the need of the hour, given the looming dangers of power crises amid changing climatic conditions. However, sensitive data play a critical role in such systems deserving high privacy and security protection. This paper proposes a novel blockchain-based authentication scheme that preserves privacy using the zero-knowledge protocol. During informal analysis, the proposed scheme shows resistance to various attacks such as man-in-the-middle attacks, replay attacks, impersonation attacks, privileged insider attacks, and ephemeral secret leakage attacks. The formal security verification using AVISPA regards the scheme as safe. In addition, the scheme supports critical features such as anonymity and untraceability within limited computational and communicational costs. A simulation of blockchain using Node.js shows only a linear increase in computation time with an increase in the number of blocks, and transactions, and an exponential increase with the number of nodes.
IEEE Access
Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does t... more Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust framework in order to secure the data of healthcare 5.0, which can facilitate different security related procedures like authentication, access control, key management and intrusion detection. Therefore, in this review article, we propose the design of a secure generalized healthcare 5.0 framework. The details of various applications of healthcare 5.0 along with the security requirements and threat model of healthcare 5.0 are provided. Next, we discuss about the existing security mechanisms in healthcare 5.0 along with their performance comparison. Some future research directions are finally discussed for the researchers working in healthcare 5.0 domain. INDEX TERMS Healthcare 5.0, Internet of Things (IoT), artificial intelligence, cyber security, blockchain.
Cluster Computing
With the widespread use of Internet of Things (IoT) in various applications and several security ... more With the widespread use of Internet of Things (IoT) in various applications and several security vulnerabilities reported in them, the security requirements have become an integral part of an IoT system. Authentication and access control are the two principal security requirements for ensuring authorized and restricted accesses to limited and essential resources in IoT. The built-in authentication mechanism in IoT devices is not reliable, because several security vulnerabilities are revealed in the firmware implementation of authentication protocols in IoT. On the other hand, the current authentication approaches for IoT that are not firmware are vulnerable to some security attacks prevalent in IoT. Moreover, the recent access control approaches for IoT have limitations in context-awareness, scalability, interoperability, and security. To mitigate these limitations, there is a need for a robust authentication and access control system to safeguard the rapidly growing number of IoT d...
arXiv (Cornell University), Oct 11, 2014
Traditional association rule mining based on the support-confidence framework provides the object... more Traditional association rule mining based on the support-confidence framework provides the objective measure of the rules that are of interest to users. However, it does not reflect the utility of the rules. To extract non-redundant association rules in support-confidence framework frequent closed itemsets and their generators play an important role. To extract non-redundant association rules among high utility itemsets, high utility closed itemsets (HUCI) and their generators should be extracted in order to apply traditional support-confidence framework. However, no efficient method exists at present for mining HUCIs with their generators. This paper addresses this issue. A postprocessing algorithm, called the HUCI-Miner, is proposed to mine HUCIs with their generators. The proposed algorithm is implemented using both synthetic and real datasets.
IACR Cryptol. ePrint Arch., 2015
The energy cost of asymmetric cryptography is a vital component of modern secure communications, ... more The energy cost of asymmetric cryptography is a vital component of modern secure communications, which inhibits its wide spread adoption within the ultra-low energy regimes such as Implantable Medical Devices (IMDs) and Radio Frequency Identification (RFID) tags. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic tool, where an encryptor can decide the access policy that who can decrypt the data. Thus, the data will be protected from the unauthorized users. However, most of the existing CP-ABE schemes require huge storage and computational overheads. Moreover, CP-ABE schemes based on bilinear map loose the high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra-low energy devices in practice. In this paper, we aim to propose a novel expressive AND-gate access structured CP-ABE scheme with constant-size secret keys (CSSK) with the cost effici...
Sensors, 2020
The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate an... more The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate and ruin the whole functioning of the communication. The sinkhole attacker nodes ( S H A s) have some properties (for example, they first attract the other normal nodes for the shortest path to the destination and when normal nodes initiate the process of sending their packets through that path (i.e., via S H A ), the attacker nodes start disrupting the traffic flow of the network). In the presence of S H A s, the destination (for example, sink node i.e., gateway/base station) does not receive the required information or it may receive partial or modified information. This results in reduction of the network performance and degradation in efficiency and reliability of the communication. In the presence of such an attack, the throughput decreases, end-to-end delay increases and packet delivery ratio decreases. Moreover, it may harm other network performance parameters. Hence, it becomes ext...
IEEE Access, 2017
Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. T... more Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. These devices can be remotely accessed and controlled using existing network infrastructure, thus allowing a direct integration of computing systems with the physical world. This also reduces human involvement along with improving accuracy and efficiency, resulting in economic benefit. The devices in IoT facilitate the day-today life of people. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between user and devices happens. In this paper, we present a new signature-based authenticated key establishment scheme for the IoT environment. The proposed scheme is tested for security with the help of the widely used Burrows-Abadi-Needham logic, informal security analysis, and also the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool. The proposed scheme is also implemented using the widely accepted NS2 simulator, and the simulation results demonstrate the practicability of the scheme. Finally, the proposed scheme provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.
PLOS ONE, 2016
Biometric based authentication protocols for multi-server architectures have gained momentum in r... more Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.
IEEE Access, 2019
The advancement in Information and Communications Technology (ICT) has changed the entire paradig... more The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-today activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, privileged-insider, remote hijacking, password guessing and denial of service (DoS) attacks, and malware attacks. Among these attacks, the attacks which are performed through the malware botnet (i.e., Mirai) are the malignant attacks. The existence of malware botnets leads to attacks on confidentiality, integrity, authenticity and availability of the data and other resources of the system. In presence of such attacks, the sensitive data of IoT communication may be disclosed, altered or even may not be available to the authorized users. Therefore, it becomes essential to protect the IoT/IoMT environment from malware attacks. In this review paper, we first perform the study of various types of malware attacks, and their symptoms. We also discuss some architectures of IoT environment along with their applications. Next, a taxonomy of security protocols in IoT environment is provided. Moreover, we conduct a comparative study on various existing schemes for malware detection and prevention in IoT environment. Finally, some future research challenges and directions of malware detection in IoT/IoMT environment are highlighted.
Int. J. Netw. Secur., 2008
A location-aware scheme uses a priori knowledge of the deployed sensor nodes of some target field... more A location-aware scheme uses a priori knowledge of the deployed sensor nodes of some target field in a sensor network. Such location-aware schemes improve substantially higher network connectivity and resilience against node captures if the deployment error between the actual and expected locations of the deployed sensor nodes is smaller. The ideas of using pre-deployment and post-deployment knowledges for the key pre-distribution techniques in a sensor network are two mutually orthogonal techniques. Therefore, it may be desirable to combine them together to provide better performances. In this paper, we propose a scheme which takes advantages of both pre-deployment and post-deployment knowledges of the deployed sensor nodes in a sensor network. Our scheme significantly improves the performance of establishing pairwise keys between neighbor sensor nodes than the existing previous key pre-distribution schemes. Moreover, it provides a better trade-off among network connectivity, commu...
Internet of Things, 2019
The Internet of Things (IoT) comprises physical/virtual networked objects that collect and exchan... more The Internet of Things (IoT) comprises physical/virtual networked objects that collect and exchange data with each other via the public Internet. As this exchange often takes place over public networks, many security attacks in an IoT environment are possible. First, we briefly review the security issues in the IoT environment. Next, we focus on recent cryptographic protocol standards that are in use or have been recommended for IoT devices to ensure secure communications. We also highlight the advantages and weaknesses of the several protocol standards for various IoT application scenarios including connected vehicles, health, smart home, and consumer appliances and devices. Finally, we discuss some challenges in the area of cryptographic protocol standards that still require to be addressed for IoT applications in the future.
International Journal of Network Security, 2008
Key establishment in sensor networks is a challenging problem because of resource constraints of ... more Key establishment in sensor networks is a challenging problem because of resource constraints of the sensors. The classical public-key routines are impractical in most sensor network architectures. In this paper, we propose a new random key pre-distribution scheme which is based on the identity-based approach for key establishment between two neighbor nodes in wireless sensor networks. Our proposed scheme provides better security against node capture, in particular, against node fabrication attack than the existing random key pre-distribution schemes. Moreover, our scheme has better trade-off between communication overhead, network connectivity and security against node capture compared to the existing random key pre-distribution schemes. In addition, our scheme supports dynamic node addition after initial deployment and also works for any deployment configuration.
Pairwise key establishment is one of the fundamental security services in sensor networks which e... more Pairwise key establishment is one of the fundamental security services in sensor networks which enables sensor nodes in a sensor network to communicate securely with each other using cryptographic techniques. It is not feasible to apply traditional public key management techniques in resource-constrained sensor nodes, and also because the sensor nodes are vulnerable to physical capture. In this paper, we introduce a new scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other key pre-distribution schemes. Our scheme can be easily adapted in mobile sensor networks. This scheme supports the addition of new sensor nodes after the initial deployment and also works for any deployment topology. In addition, we propose an improved version of our scheme to support large sensor networks.
2009 First International Communication Systems and Networks and Workshops, 2009
Key establishment in sensor networks becomes a challenging problem because of the resource limita... more Key establishment in sensor networks becomes a challenging problem because of the resource limitations of the sensors and also due to vulnerability to physical capture of the sensor nodes. In this paper, we propose an unconditionally secure probabilistic group-based key pre-distribution scheme for a heterogeneous wireless sensor network. The proposed scheme always guarantees that no matter how many sensor nodes are compromised, the non-compromised nodes can still communicate with 100% secrecy, i.e., the proposed scheme is always unconditionally secure against node capture attacks. Moreover, it provides significantly better trade-off between communication overhead, computational overhead, network connectivity and security against node capture as compared to the existing key pre-distribution schemes. It also supports dynamic node addition after the initial deployment of the nodes in the network.
Journal of King Saud University - Computer and Information Sciences, 2013
In this paper, we propose a new security protocol for proxy signature by a hierarchy of proxy sig... more In this paper, we propose a new security protocol for proxy signature by a hierarchy of proxy signers. In this protocol, the original signer delegates his/her signing capability to a predefined hierarchy of proxy signers. Given the documents of a security class to be signed by the original signer, our scheme suggests a protocol for the hierarchy of proxy signers to sign the document on behalf of the original signer. The concept of hierarchical access control limits the number of people who could sign the document to the people who have the required security clearances. User in a security class requires two secret keys: one which identifies his/her security clearance, and that can also be derived by a user of upper level security clearance and second is his/her private key which identifies him/her as a proxy signer for the signature generation. We show that our scheme is efficient in terms of computational complexity as compared to the existing related proxy signature schemes based on the hierarchical access control. Our scheme also supports addition and deletion of security classes in the hierarchy. We show through security analysis that our scheme is secure against possible attacks. Furthermore, through the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our scheme is also secure against passive and active attacks.
Journal of Discrete Mathematical Sciences and Cryptography, 2008
A location-aware scheme uses a priori knowledge of the deployed sensor nodes of some target field... more A location-aware scheme uses a priori knowledge of the deployed sensor nodes of some target field in a sensor network. Such location-aware schemes improve substantially higher network connectivity and resilience against node captures if the deployment error between the actual and expected locations of the deployed sensor nodes is smaller. The ideas of using pre-deployment and post-deployment knowledges for the key pre-distribution techniques in a sensor network are two mutually orthogonal techniques. Therefore, it may be desirable to combine them together to provide better performances. In this paper, we propose a scheme which takes advantages of both pre-deployment and post-deployment knowledges of the deployed sensor nodes in a sensor network. Our scheme significantly improves the performance of establishing pairwise keys between neighbor sensor nodes than the existing previous key pre-distribution schemes. Moreover, it provides a better trade-off among network connectivity, communication overhead, computational overhead, storage requirement and security against node capture than the existing schemes. In addition, it supports addition of new sensor nodes after the initial deployment of sensor nodes and also works for any deployment topology.
Uploads
Papers by Ashok Kumar Das
https://www.isecure-journal.com/article_91969.html