Authentication Protocol

In this paper, we propose a new symmetric stream cipher encryption algorithm based on Graph Walks and 2-dimensional matrices, called Matrix Encryption Walks (MEW). We offer example Key Matrices and show the efficiency of the proposed method, which operates in linear complexity with an extremely large key space and low-resource requirements. We also provide the Proof of Concept code for the encryption algorithm and a detailed analysis of the security of our proposed MEW. The MEW algorithm is designed for low-resource environments such as IoT or smart devices and is therefore intended to be simple in operation. The encryption, decryption, and key generation time, along with the bytes required to store the key, are all discussed, and similar proposed algorithms are examined and compared. We further discuss the avalanche effect, key space, frequency analysis, Shannon entropy, and chosen/known plaintext-ciphertext attacks, and how MEW remains robust against these attacks. We have also discussed the potential for future research into algorithms such as MEW, which make use of alternative structures and graphic methods for improving encryption models.

The Internet of Things (IoT) is a new concept that is developed considerably in current wireless communications. The main idea of this paradigm is the exchange of information and data from real-world devices with the internet by using unique addressing systems can communicate and interact with each other to achieve common objectives. With the emergence of next generation battery-powered of smart mobile phone, open source application platforms, security and the terminal's energy consumption have become big issues. Long Term Evolution (LTE) is one of the most popular 4th Generation (4G) technologies defined by 3rd Generation Partnership Projects (3GPP) also IP Multimedia Subsystem (IMS) is a prominent architectural framework for multimedia services delivery in 4G/5G networks. In this paper, we focus on IoT security in particular, we explore authentication that is a critical security mechanism which accords authorized users access to a network. It is observed that the end user requires two authentication steps to access multimedia services. The first is the LTE network layer authentication, and the second is the IMS service layer authentication. The authentication steps utilize energy and are carried out using the Authentication and Key Agreement (AKA) protocol. As defined by 3GPP, IMS-Authentication and Key Agreement protocol (IMS-AKA) is the official authentication procedure in IMS and the standard EPS-Authentication and Key Agreement protocol (EPS-AKA) is proposed to provide the authentication service between the device and the network in Evolved Packet System (EPS) system. However, the procedures are prone to different weaknesses both on security and performances aspects. This paper proposes a secure and efficient AKA protocol that authenticates the user on both the network layer and the service layer without double execution the AKA protocol, simplifies the authentication steps, protects user's identities and reduces the authentication process complexity due to the use of Elliptic Curve Cryptography (ECC). The proposed solution was checked by the security protocol verification tool, Automated Validation of Internet Security Protocols and Applications (AVISPA), which indicated that it is a very secure level. Simulation results showed that our proposed compared to IMS-AKA and EPS-AKA offers better performances in terms of energy consumption and storage cost.

Entity authentication is crucial for ensuring secure quantum communication because the identity of the participants in a network must be confirmed before transmitting any confidential information. We propose a practical entity authentication protocol, which uses authentication qubits, for quantum key distribution (QKD) network systems. In this protocol, authentication qubits encoded with pre-shared information are generated and exchanged to verify the legitimacy of each entity. Using the authentication qubit, participants can identify each other with the same level of security as in QKD through the quantum channel. The proposed protocol can be easily integrated into existing QKD systems without additional hardware. In this study, we demonstrate the efficacy of the proposed scheme using a 1 x N QKD network system, and verify its stable operation over a deployed fiber network. In addition, we present a security analysis of the proposed entity authentication protocol and architecture.

Web3 is the next evolution of the internet, which uses blockchains, cryptocurrencies, and NFTs to return ownership and authority to the consumers. The potential of Web3 is highlighted by the creation of decentralized applications (dApps), which are more secure, transparent, and tamper-proof than their centralized counterparts, allowing for new business models that were previously impossible on the traditional internet. Web3 also focuses on user privacy, where users have more control over their personal data and can choose to share only what they want. The emergence of Web3 represents an exciting new frontier in blockchain technology, and its focus on decentralization, user privacy, and trustless systems has the potential to transform the way we interact with the internet. Web3 authentication is required for enhanced security, increased privacy, and simplified user interface. Traditional login procedures and an authorization flow using web3 authentication work together seamlessly. However, there are several challenges associated with Web3, including scalability and regulatory issues. Chain Authentication and Authorization (CAA) is a multi-layer security mechanism that allows users to choose the security layer that suits them, just like a heavy iron chain, where the user and CAA developers act as blacksmith and form their security protocol that suits them. CAA is a solution to the challenges associated with Web3 authentication and authorization, and it focuses on creating a secure and decentralized authentication and authorization system that is scalable, flexible, and user-friendly.

A communication protocol is an agreement among two or more parties on the sequence of operations and the format of messages to be exchanged. Standardization organizations define protocols in the form of recommendations (e.g., RFC) written in technical English, which requires a manual translation of the specification into the protocol implementation. This human translation is error-prone due in part to the ambiguities of natural language and in part due to the complexity of some protocols. We propose an XML-based language for protocol specification along with a process, based in XSLT stylesheets, for automatic code generation. The code generated uses components from a library of special purpose components that perform frequently executed functions (e.g., encryption). Our approach was validated on three different protocols: Needham-Schroeder's authentication protocol, TCP's three-way handshake, and SSL's handshake. We developed a Java XSLT stylesheet along with an XML Schema for validation of the XML specifications.

The Internet of Things (IoT) is increasingly affecting human lives in multiple profound ways. "Things" have the ability to communicate, generate, transmit and store data over the network connection. During each communication between "Things", the data transmitted is potentially vulnerable to malicious attacks, loss, distortions and interruption which impair functionality, system efficiency and user satisfaction. Therefore, communications between things need to be authenticated, authorized, secured and ensured to have high privacy by applying a strong authentication protocol. The aim of this research is to enhance the authentication protocol, starting by reducing the heavy use of storage in "Things", and eliminating unnecessary messages during authentication steps. This research represents a security performance analysis and enhancement authentication for the IoT. The results indicate that the enhanced protocol has a positive effect on minimizing packet length and time performance compared with the other two protocols used for comparative purposes, with 33% increased the proposed protocol performance.

This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

It is possible to show that well-known attacks on authentication protocols are flawed. This is a problem, since good protocols may thus be dismissed rather than improved and poor protocols that might continue to be used although they may contain irreparable errors. This paper describes a novel method for validating attacks on authentication protocols, based on a strategy for checking that all elements of the attack have been legally obtained. A Maude-program which implements the method, identified errors in attacks on the Wide Mouthed Frog and Yahalom authentication protocols. More generally, the paper shows that the method will find all errors in attacks that originates from incompleteness of cryptographic assumptions. The main implications is that new attacks can be effectively validated even when an exhaustive state-space analysis becomes infeasible. We expect that in the future, validation will be an obligatory part in effectively checking the soundness of any attacks on security protocols.

A new tool for automated validation of attacks on authentication protocols has been used to find several errors and ambiguities in the list of attacks described in the well known report by Clark and Jacob. In this paper the errors are presented and classified. Corrected descriptions of the incorrect attacks are given for the attacks that can be easily repaired. The underlying method for finding errors in attacks is presented, including a formal language for attack specification, a validation algorithm, and a framework for executing attacks. At the end of the paper, the connection between validation and simulation is settled: Every attack specification that can be successfully executed is valid.

Secure communication mechanisms in Wireless Sensor Networks (WSNs) have been widely deployed to ensure confidentiality, authenticity and integrity of the nodes and data. Recently many WSNs applications rely on trusted communication to ensure large user acceptance. Indeed, the trusted relationship thus far can only be achieved through Trust Management System (TMS) or by adding external security chip on the WSN platform. In this study an alternative mechanism is proposed to accomplish trusted communication between sensors based on the principles defined by Trusted Computing Group (TCG). The results of other related study have also been analyzed to validate and support our findings. Finally the proposed trusted mechanism is evaluated for the potential application on resource constraint devices by quantifying their power consumption on selected major processes. The result proved the proposed scheme can establish trust in WSN with less computation and communication and most importantly eliminating the need for neighboring evaluation for TMS or relying on external security chip.

With the increasing performance and dropping price of wireless networking equipment, wireless networking has revolutionized the way people work and play. Wi-Fi hot spots popping up all over the country provide a convenient means of Internet connectivity. For the ISPs of hot spots, authentication and accounting have been recognized as two crucial concerns. For authentication, IETF PANA 1 WG, is working on a transport protocol for authenticating IP hosts for network access. However, PANA does not provide access control and per-packet authentication, which are desirable in accounting and access control. Instead of using high-overhead crypto-based mechanisms, such as IPSec or 802.11i, we propose a lightweight statistical authentication protocol, namely Shepherd 2 . In Shepherd, the legitimacy of a mobile node is determined by continuously checking a series of random authentication bits where each bit in this stream is piggybacked to a packet. Such an authentication bit stream is generated by both the mobile node and access point using the same random number generator under the same shared seed as a key. We analyze this protocol under three synchronization schemes. Our analytical results show that this protocol performs well in terms of computational and communication cost, synchronization efficiency, and protocol operation secrecy. We also show that this new protocol is practical for implementation in wireless LANs.

With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio‐cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio‐cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the pro...

The continued development of technology and the many systems that make the quality of academic work and learning systems become more easily and efficiently . Universitas Bina Darma already have a quality system , in previous research studies have been conducted to develop a method of single sign on ( SSO ) based lightweight directory access protocol ( LDAP ) . But the central authentication service ( CAS ) at the SSO itself has not been implemented . CAS SSO protocol that is aimed at giving the user permission to access multiple applications , while providing the user credentials ( such as user id and password ) only once , and allow web applications to authenticate users without clicking -gain access to user credential security . this can facilitate the user in using existing applications and also to facilitate the organization of user data , so that the security of user data more secure , because using a centralized storage of user data . Therefore in this thesis research will be carried out with the title " Technology Analysis Single Sign On ( SSO ) with

Wireless sensor networks provide solutions to a range of monitoring problems. However, they introduce a new set of problems mainly due to small memories, weak processors, limited energy and small packet size. Thus only a very few conventional protocols can readily be used in sensor networks. This paper proposes efficient protocols to distribute keys in wireless sensor networks. This is achieved without the necessity of using traditional encryption. The proposed solution replicates the authentication server such that a group of malicious and colluding servers cannot compromise security or disrupt service. We show that the proposed multiple server authentication protocols will only have O(n) complexity, where n is the number of authentication servers. The protocols use information from the sensor nodes and the servers to generate a new key, and do not solely rely on the sensor nodes to generate good random numbers. The scheme works well even when the base stations are untrusted. The proposed protocols guarantee that the new key is fresh and that the communicating nodes use the same key.

We consider the problem of authenticated group key exchange among n parties communicating over an insecure public network. A number of solutions to this problem have been proposed; however, all prior provably secure solutions do not scale well and, in particular, require O(n) rounds. Our main contribution is the first scalable protocol for this problem along with a rigorous proof of security in the standard model under the DDH assumption; our protocol uses a constant number of rounds and requires only O(1) "full" modular exponentiations per user. Toward this goal (and adapting work of Bellare, Canetti, and Krawczyk), we first present an efficient compiler that transforms any group key-exchange protocol secure against a passive eavesdropper to an authenticated protocol which is secure against an active adversary who controls all communication in the network. This compiler adds only one round and O(1) communication (per user) to the original scheme. We then prove secure-against a passive adversary-a variant of the two-round group key-exchange protocol of Burmester and Desmedt. Applying our compiler to this protocol results in a provably secure threeround protocol for authenticated group key exchange which also achieves forward secrecy.

We consider the fundamental problem of authenticated group key exchange among n parties within a larger and insecure public network. A number of solutions to this problem have been proposed; however, all provably-secure solutions thus far are not scalable and, in particular, require n rounds. Our main contribution is the first scalable protocol for this problem along with a rigorous proof of security in the standard model under the DDH assumption; our protocol uses a constant number of rounds and requires only O(1) modular exponentiations per user (for key derivation). Toward this goal and of independent interest, we first present a scalable compiler that transforms any group key-exchange protocol secure against a passive eavesdropper to an authenticated protocol which is secure against an active adversary who controls all communication in the network. This compiler adds only one round and O(1) communication (per user) to the original scheme. We then prove secure -against a passive adversary -a variant of the tworound group key-exchange protocol of Burmester and Desmedt. Applying our compiler to this protocol results in a provably-secure three-round protocol for authenticated group key exchange which also achieves forward secrecy.

Radio frequency identification (RFID) is a powerful technology that enables wireless information storage and control in an economical way. These properties have generated a wide range of applications in different areas. Due to economic and technological constrains, RFID devices are seriously limited, having small or even tiny computational capabilities. This issue is particularly challenging from the security point of view. Security protocols in RFID environments have to deal with strong computational limitations, and classical protocols cannot be used in this context. There have been several attempts to overcome these limitations in the form of new lightweight security protocols designed to be used in very constrained (sometimes called ultra‐lightweight) RFID environments. One of these proposals is the David–Prasad ultra‐lightweight authentication protocol. This protocol was successfully attacked using a cryptanalysis technique named Tango attack. The capacity of the attack depends...

Secure key management is crucial to meet the security goals to prevent the Wireless Sensor Networks (WSNs) being compromised by an adversary. Owing to ad-hoc nature and resource limitations of sensor networks, provisioning a right key management is challenging. In this paper we present a Novel Secure Key Management (NSKM) module providing an efficient scalable post-distribution key establishment that allows the hierarchical clustering topology platform to provision acceptable security services. To the best of our knowledge this module is the first implemented security module for wireless sensor networks that provisions reasonable resistance against replay and node capture attacks. Furthermore, it provides highly lightweight and scalable scheme. Also it is acceptable to be used in a wireless sensor network of thousands of sensor nodes.

The study of multiagent systems (MASs) focuses on systems in which many intelligent agents interact with each other using communication protocols. For example, an authentication protocol is used to verify and authorize agents acting on behalf of users to protect restricted data and information. After authentication, two agents should be entitled to believe that they are communicating with each other and not with intruders. For specifying and reasoning about the security properties of authentication protocols, many researchers have proposed the use of belief logics. Since authentication protocols are designed to operate in dynamic environments, it is important to model the evolution of authentication systems through time in a systematic way. We advocate the systematic combinations of logics of beliefs and time for modeling and reasoning about evolving agent beliefs in MASs. In particular, we use a temporal belief logic called TML + for establishing trust theories for authentication systems and also propose a labeled tableau system for this logic. To illustrate the capabilities of TML + , we present trust theories for several well-known authentication protocols, namely, the Lowe modified wide-mouthed frog protocol, the amended Needham-Schroeder symmetric key protocol, and Kerberos. We also show how to verify certain security properties of those protocols. With the logic TML + and its associated modal tableaux, we are able to reason about and verify authentication systems operating in dynamic environments.

This document is one of a series concerned with defining a roadmap of protocol specification work for the use of modern cryptographic mechanisms and algorithms for message authentication in routing protocols. In particular, it defines the framework for a key management protocol that may be used to create and manage session keys for message authentication and integrity. This document is not an Internet Standards Track specification; it is published for informational purposes.

To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs) and the Internet of Things (IoT). Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das's user authentication scheme (given in 2015), Choi et al.'s scheme (given in 2016), and Park et al. 's scheme (given in 2016). The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN) logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP also defines an extensible Link Control Protocol, which allows negotiation of an Authentication Protocol for authenticating its peer before allowing Network Layer protocols to transmit over the link. This document defines a method for Authentication using PPP, which uses a random Challenge, with a cryptographically hashed Response which depends upon the Challenge and a secret key. Introduction .

In recent years, physical unclonable functions (PUFs) have gained a lot of attention as mechanisms for hardware-rooted device authentication. While the majority of the previously proposed PUFs derive entropy using dedicated circuitry, software PUFs achieve this from existing circuitry in a system. Such software derived designs are highly desirable for low power embedded systems as they require no hardware overhead. However, these software PUFs induce considerable processing overheads that hinder their adoption in resource constrained devices. In this paper, we propose DTA-PUF, a novel, software PUF design that exploits the instruction-and data-dependent dynamic timing behaviour of pipelined cores to provide a reliable challengeresponse mechanism without requiring any extra hardware. DTA-PUF accepts sequences of instructions as an input challenge and produces an output response based on the manifested timing errors under specific overclocked settings. To lower the required processing effort, we systematically select instruction sequences that maximise error-rate. The application to a post-layout pipelined floating-point unit, which is implemented in 45 nm process technology, demonstrates the effectiveness and practicability of our PUF design. Finally, DTA-PUF requires up-to 50× fewer instructions than existing software processor PUF designs, limiting processing costs and resulting in up-to 26% power savings.

Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful guess. Our implementation results on field programmable gate array (FPGA) device and security analysis have corroborated the low hardware overheads and attack resistance of the proposed deception protocol.

RFID technology has received much attention both in industry and academia in recent years and it is seen as the leading ubiquitous computing technology. A typical RFID system consists of a reader, , and a set of tags, . The reader is composed of a set of transceivers and a powerful backend database. Each tag is a passive transponder identified by a unique ID. However, the fact that RFID tags can be read without line-of-sight results in security risks, especially in relation to the privacy of tag users. Therefore, developing privacy preserving authentication protocols for low-cost RFID tags is a major security challenge that needs to be addressed if RFID systems are to be widely deployed in the coming years. In previous research in this area the majority of authentication protocols use challengeresponse mutual authentication based on symmetric-key ciphers. In order to preserve privacy, on receiving a challenge from a reader, a tag uses pseudonyms, which are the result of using symmetric-key ciphers to process the secret key or ID, as authenticators to the reader. The reason symmetric-key ciphers are used is that the hardware cost of existing asymmetric-key ciphers is too expensive for low-cost tags. For example, ECC and RSA require more than 40,000 gates, which are too large for low-cost tags in which only 200 -2,000 gates out of 1,000 -10,000 gates are available for security features . A lightweight algorithm known as the learning parity with noise (LPN) problem was first introduced in the HB protocol for human authentication by . first employed the LPN problem in the HB + protocol for RFID authentication. The simplicity and novelty of the HB + protocol has led to the proposal of other HB-related protocols . introduced a simple but effective man-in-themiddle attack against these types of protocols, in which the adversary can derive the secret key of the LPN problem through modifying the tag's response messages. This attack is known as a GRS-MIM attack. In the Trusted-HB protocol , a universal hashing based message authentication code (MAC) is introduced to effectively resist GRS-MIM attacks. Although cryptographic attacks to the Trusted-HB protocol have been reported, they are impractical as they are too complex to implement . Meanwhile, in the F-HB protocol , the LNP problem is first introduced to protect the forward privacy of low-cost tags. The operations in the LPN problem involve the calculation of inner products of binary vectors and Bernoulli noise bit www.intechopen.com Current Trends and Challenges in RFID 258 generation. Computing the binary inner product only requires bitwise AND and OR operations that can be computed on the fly. Therefore the LPN problem is a hardwarefriendly primitive, and very attractive for low-cost RFID security. The most recent progress in LPN-based protocols was reported by . They introduced an authentication protocol based on a variant of the LPN problem, known as the Subspace LPN problem, and also proposed an efficient MAC construction based on the LPN problem. The rigorous definition and modelling of privacy in RFID systems has also been investigated in previous research (

As a lightweight hardware security primitive, PUFs can provide reliable identity authentication for devices of Internet of things (IoTs) with limited resources. However, the delay-based PUF structures in authentication protocols have static responding behaviors, which make them vulnerable to modeling attacks. To address this issue, many complex PUF designs have been designed to increase the nonlinearity of their models. However, most of them can still be broken by modeling-based machine learning (ML) attacks. In this paper, a dynamic responding mechanism for PUF designs to generate dynamic responses is proposed. Different from the concept of logically reconfigurable PUFs, the proposed mechanism does not rely on external inputs to provide reconfiguration signals. And different from the conventional PUF authentication protocols that use large-size LFSR to extend the master challenge, the proposed scheme uses internally generated dynamic signals to obfuscate the master challenge to generate multiple sub-challenges. These sub-challenges are then input to the underlying strong PUF to generate multi-bit dynamic responses. It can prevent an attacker from obtaining valid challenge-response pairs (CRPs) for the underlying PUF. A security authentication protocol is also proposed, the special authentication bit-string design can resist both conventional ML attacks and the latest covariance matrix adaptation evolution strategies (CMA-ES) variant.

As a lightweight hardware security primitive, PUFs can provide reliable identity authentication for devices of Internet of things (IoTs) with limited resources. However, the delay-based PUF structures in authentication protocols have static responding behaviors, which make them vulnerable to modeling attacks. To address this issue, many complex PUF designs have been designed to increase the nonlinearity of their models. However, most of them can still be broken by modeling-based machine learning (ML) attacks. In this paper, a dynamic responding mechanism for PUF designs to generate dynamic responses is proposed. Different from the concept of logically reconfigurable PUFs, the proposed mechanism does not rely on external inputs to provide reconfiguration signals. And different from the conventional PUF authentication protocols that use large-size LFSR to extend the master challenge, the proposed scheme uses internally generated dynamic signals to obfuscate the master challenge to generate multiple sub-challenges. These sub-challenges are then input to the underlying strong PUF to generate multi-bit dynamic responses. It can prevent an attacker from obtaining valid challenge-response pairs (CRPs) for the underlying PUF. A security authentication protocol is also proposed, the special authentication bit-string design can resist both conventional ML attacks and the latest covariance matrix adaptation evolution strategies (CMA-ES) variant.

A physical unclonable function (PUF) is a hardware security primitive, which can be used secure various hardware-based applications. As a type of PUFs, strong PUFs have a large number of challenge-response pairs (CRPs), which can be used for authentication. At present, most strong PUF structures follow a one-to-one input/output relationship, i.e. linear function. As such, strong PUF designs are vulnerable to machine learning (ML) based modeling attacks. To address the issue, a dynamically configurable PUF structure is proposed in this paper. A mathematical model of the proposed dynamic PUF is presented and the design is proposed against the effective ML based attacks, such as deep neural network (DNN), logistic regression (LR) and reliability-based covariance matrix adaptation evolution strategies (CMA-ES). Experimental results on field programmable gate arrays (FPGAs) show that the proposed dynamic structure has achived good uniqueness and reliability. It is also shown that the dynamic PUF has a strong resistance to the CMA-ES attack. Due to the dynamic nature of the proposed PUF structure, an authentication protocol is also designed to generate recognizable authentication bits string. The protocol shows strong resistance to classical machine learning attacks including the new variant of CMA-ES.

Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful guess. Our implementation results on field programmable gate array (FPGA) device and security analysis have corroborated the low hardware overheads and attack resistance of the proposed deception protocol.

Due to practical constraints in preventing phishing through public network or insecure communication channels, simple physical unclonable function (PUF)-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. In this paper, we present a PUF-based authentication method to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF designs or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device. The monolithic system makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time consuming upon device deployment. A genuine server can perform a mutual authentication with the device at any time with a combined fresh challenge contributed by both the server and the device. The message exchanged in clear does not expose the authentic CRPs. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful authentication.

The provision of security in mobile ad hoc networks is of paramount importance due to their wireless nature. However, when conducting research into security protocols for ad hoc networks it is necessary to consider these in the context of the overall system. For example, communicational delay associated with the underlying MAC layer needs to be taken into account. Nodes in mobile ad hoc networks must strictly obey the rules of the underlying MAC when transmitting security-related messages while still maintaining a certain quality of service. In this paper a novel authentication protocol, RASCAAL, is described and its performance is analysed by investigating both the communicational-related effects of the underlying IEEE 802.11 MAC and the computational-related effects of the cryptographic algorithms employed. To the best of the authors' knowledge, RASCAAL is the first authentication protocol which proposes the concept of dynamically formed short-lived random clusters with no prior knowledge of the cluster head. The performance analysis demonstrates that the communication losses outweigh the computation losses with respect to energy and delay. MAC-related communicational effects account for 99% of the total delay and total energy consumption incurred by the RASCAAL protocol. The results also show that a saving in communicational energy of up to 12.5% can be achieved by changing the status of the wireless nodes during the course of operation.

RFID technology has received much attention both in industry and academia in recent years and it is seen as the leading ubiquitous computing technology. A typical RFID system consists of a reader, , and a set of tags, . The reader is composed of a set of transceivers and a powerful backend database. Each tag is a passive transponder identified by a unique ID. However, the fact that RFID tags can be read without line-of-sight results in security risks, especially in relation to the privacy of tag users. Therefore, developing privacy preserving authentication protocols for low-cost RFID tags is a major security challenge that needs to be addressed if RFID systems are to be widely deployed in the coming years. In previous research in this area the majority of authentication protocols use challengeresponse mutual authentication based on symmetric-key ciphers. In order to preserve privacy, on receiving a challenge from a reader, a tag uses pseudonyms, which are the result of using symmetric-key ciphers to process the secret key or ID, as authenticators to the reader. The reason symmetric-key ciphers are used is that the hardware cost of existing asymmetric-key ciphers is too expensive for low-cost tags. For example, ECC and RSA require more than 40,000 gates, which are too large for low-cost tags in which only 200 -2,000 gates out of 1,000 -10,000 gates are available for security features . A lightweight algorithm known as the learning parity with noise (LPN) problem was first introduced in the HB protocol for human authentication by . first employed the LPN problem in the HB + protocol for RFID authentication. The simplicity and novelty of the HB + protocol has led to the proposal of other HB-related protocols . introduced a simple but effective man-in-themiddle attack against these types of protocols, in which the adversary can derive the secret key of the LPN problem through modifying the tag's response messages. This attack is known as a GRS-MIM attack. In the Trusted-HB protocol , a universal hashing based message authentication code (MAC) is introduced to effectively resist GRS-MIM attacks. Although cryptographic attacks to the Trusted-HB protocol have been reported, they are impractical as they are too complex to implement . Meanwhile, in the F-HB protocol , the LNP problem is first introduced to protect the forward privacy of low-cost tags. The operations in the LPN problem involve the calculation of inner products of binary vectors and Bernoulli noise bit www.intechopen.com Current Trends and Challenges in RFID 258 generation. Computing the binary inner product only requires bitwise AND and OR operations that can be computed on the fly. Therefore the LPN problem is a hardwarefriendly primitive, and very attractive for low-cost RFID security. The most recent progress in LPN-based protocols was reported by . They introduced an authentication protocol based on a variant of the LPN problem, known as the Subspace LPN problem, and also proposed an efficient MAC construction based on the LPN problem. The rigorous definition and modelling of privacy in RFID systems has also been investigated in previous research (

Over the last two decades, several researchers have recommended many remote user authentication schemes, following since introducing the concept way back in 1981. Researchers are continuously trying to enhance the security in authentication protocols by incorporating the several features into their work. A few years back, Turkanovic et al. (Ad Hoc Netw 20:96-112, 2014) have presented a novel work for authenticating users in IOT environment using smart cards for wireless sensor networks. In this paper, we have demonstrated that their scheme doesn't resist many possible security threats and have numerous flaws, and also proposed an enhanced and secure biometric-based user authentication technique to overcome their weaknesses. The stated protocol not only overcome from the flaws of Turkanovic et al.'s scheme but also reduce the computation overhead as well. Later, to proving the mutual authentication among the entities and session key secrecy of the proposed scheme has also been verified by ProVerif (2.0) simulation tool.

Vehicular Ad-Hoc Network, better known as VANET is a promising new technology which combines the capabilities of different wireless networks in vehicles enabling Intelligent Transportation System (ITS). Vehicular Ad-Hoc networks provide communication between on-board unit (OBU) already integrated in the vehicles and road-side units (RSUs) consisting of on-board sensors, processing modules, and wireless communication modules. Immense amount of research is going on both by industry and academia. In vehicular communication because of the high speed of vehicles frequent handovers occur and hence there is always a requirement of secure and fast authentication for a seamless handover to take place. In this paper we propose an authentication scheme that will not only provide security and privacy but also will reduce the storage and communication overhead increasing the efficiency.

For any given two graphs G and H , the notation F → (G, H ) means that for any red-blue coloring of all the edges of F will create either a red subgraph isomorphic to G or a blue subgraph isomorphic to for every e ∈ E(F). The class of all Ramsey (G, H )-minimal graphs is denoted by R(G, H ). In this paper, we construct some infinite families of trees belonging to R(P 3 , P n ), for n = 8 and 9. In particular, we give an algorithm to obtain an infinite family of trees belonging to R(P 3 , P n ), for n ≥ 10.

A mobile ad hoc network (MANET) is a collection of mobile nodes that communicate with each other by forming a multi-hop radio network. Security remains a major challenge for these networks due to their features of open medium, dynamically changing topologies, reliance on cooperative algorithms, absence of centralized monitoring points, and lack of clear lines of defense. Design of an efficient and reliable node authentication protocol for such networks is a particularly challenging task since the nodes are battery-driven and resource constrained. This paper presents a robust and efficient key exchange protocol for nodes authentication in a MANET based on multi-path communication. Simulation results demonstrate that the protocol is effective even in presence of large fraction of malicious nodes in the network. Moreover, it has a minimal computation and communication overhead that makes it ideally suitable for MANETs.

Wireless mesh networks (WMNs) have emerged as a key technology for next generation wireless broadband networks showing rapid progress and inspiring numerous compelling applications. A WMN comprises of a set of mesh routers (MRs) and mesh clients (MCs), where MRs are connected to the Internet backbone through the Internet gateways (IGWs). The MCs are wireless devices and communicate among themselves over possibly multi-hop paths with or without the involvement of MRs. User privacy and security have been primary concerns in WMNs due to their peer-to-peer network topology, shared wireless medium, stringent resource constraints, and highly dynamic environment. Moreover, to support real-time applications, WMNs must also be equipped with robust, reliable and efficient communication protocols so as to minimize the end-to-end latency and packet drops. Design of a secure and efficient communication protocol for WMNs, therefore, is of paramount importance. In this paper, we propose a security and privacy protocol that provides security and user anonymity while maintaining communication efficiency in a WMN. The security protocol ensures secure authentication and encryption in access and the backbone networks. The user anonymity, authentication and data privacy is achieved by application of a protocol that is based on Rivest's ring signature scheme. Simulation results demonstrate that while the protocols have minimal storage and communication overhead, they are robust and provide high level of security and privacy to the users of the network services.

As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of acceptable behavior even in the presence of malicious intruders becomes paramount. People have l o o k ed to cryptography to help solve many of these problems. However, cryptography itself is only a tool. The security of a system depends not only on the cryptosystem being used, but also on how it is used. Typically, researchers have proposed the use of security protocols to provide these security g u a r a n tees. These protocols consist of a sequence of messages, many with encrypted parts. In this paper, we develop a w ay o f v erifying these protocols using model checking. Model checking has proven to be a very useful technique for verifying hardware designs. By modelling circuits as nite-state machines, and examining all possible execution traces, model checking has found a number of errors in real world designs. Like hardware designs, security protocols are very subtle, and can also have b u g s w h i c h are di cult to nd. By examining all possible execution traces of a security protocol in the presence of a malicious intruder with well de ned capabilities, we can determine if a protocol does indeed enforce its security g u a r a n tees. If not, we can provide a sample trace of an attack on the protocol.

In this paper, we present a comprehensive taxonomy of the most popular authentication mechanisms, the main threats, vulnerabilities, the possible types of attacks and the security issues that are associated with computer systems. Our main contribution is to analyze the architecture of the current security environment from all aspects and to make a comparative assessment of different authentication methods in order to identify and develop a scalable and reliable mechanism that must deal with multi-level security and strong authentication requirements. We propose hybrid methods of authentication, which combine and integrate biometric technologies with cryptographic asymmetric algorithms, elements that play a vital role in the field of information security and aim to resolve the shortcomings of traditional methods of authentication and enhance the level of security.

We give new algorithms for a variety of randomly-generated instances of computational problems using a linearization technique that reduces to solving a system of linear equations. These algorithms are derived in the context of learning with structured noise, a notion introduced in this paper. This notion is best illustrated with the learning parities with noise (LPN) problem -well-studied in learning theory and cryptography. In the standard version, we have access to an oracle that, each time we press a button, returns a random vector a ∈ GF( ) n together with a bit b ∈ GF(2) that was computed as a • u + η, where u ∈ GF(2) n is a secret vector, and η ∈ GF(2) is a noise bit that is 1 with some probability p. Say p = 1/3. The goal is to recover u. This task is conjectured to be intractable. In the structured noise setting we introduce a slight (?) variation of the model: upon pressing a button, we receive (say) 10 random vectors a 1 , a 2 , . . . , a 10 ∈ GF(2) n , and corresponding bits b 1 , b 2 , . . . , b 10 , of which at most 3 are noisy. The oracle may arbitrarily decide which of the 10 bits to make noisy. We exhibit a polynomial-time algorithm to recover the secret vector u given such an oracle. We think this structured noise model may be of independent interest in machine learning. We discuss generalizations of our result, including learning with more general noise patterns. We also give the first nontrivial algorithms for two problems, which we show fit in our structured noise framework. We give a slightly subexponential algorithm for the well-known learning with errors (LWE) problem over GF(q) introduced by Regev for cryptographic uses. Our algorithm works for the case when the gaussian noise is small; which was an open problem. We also give polynomial-time algorithms for learning the MAJORITY OF PARITIES function of Applebaum et al. for certain parameter values. This function is a special case of Goldreich's pseudorandom generator.

In order to prevent the SPA (Simple Power Analysis) attack against modular exponentiation algorithms, a multiply-always implementation is generally used. Witteman et al. introduced in [14] a new cross-correlation power analysis attack against the multiplyalways implementation. We suggest two new algorithms, resistant to this attack and also to other known attacks. The first algorithm is an alternative approach to exponentiation algorithms used in cryptography, which usually receive as an input some representation (e.g. binary) of the exponent. In our approach both the exponent and the result are functions (not necessarily easily invertible) of the exponentiation algorithm input. We show that this approach can have a good performance and that it is also resistant to several known attacks, especially to the cross-correlation power analysis and also to the attack described in [9]. It is particularly relevant for cryptographic schemes in which the private exponent can be chosen arbitrar...

Wireless Sensor Networks (WSNs) are widely used in diverse applications due to their cost-effectiveness and versatility. However, they face substantial difficulties because of their innate resource constraints and susceptibility to security attacks. A possible method to improve the security of WSNs is clustering-based intrusion detection and responding mechanisms. An in-depth analysis of the clustering-based intrusion detection and response method for WSNs is presented in this study. The suggested method efficiently uses data mining and machine learning techniques to identify unusual behaviour and probable intrusions. The system effectively analyses data inside clusters by grouping Sensor Nodes (SN) into clusters, allowing it to differentiate between legitimate patterns and insecure activity. The network may respond promptly to identified breaches and react to the responsive mechanism, which reduces their impact and protects network integrity. The proposed Mathematically Modified Gene Populated Spectral Clustering Based Intrusion Detection System and Responsive Mechanism (MMMMGPSC-IDS-RM) is compared with existing state-of-art techniques, and MMMMGPSC-IDS-RM outperforms with the highest detection rate of 96%.

It is well known that certain quantum correlations like quantum steering exhibit a monogamous relationship. In this paper, we exploit the asymmetric nature of quantum steering and show that there exist states which exhibit a kind of polygamous correlation, where the state of one party, Alice, can be steered only by the joint effort of the other two parties, Bob and Charlie. %This is in any way not in contradiction with the existing literature. Since, instead of looking at whether Alice can steer both Bob and Charlie simultaneously or not, we investigate whether there exists states such that Alice can only be steered by Bob and Charlie together. As an example, we explicitly single out a particular set of $3$ qubit states which exhibit polygamous relationship and also provide a recipe to identify the complete set of such states. We also provide a possible application of such states to an information theoretic task, we term as quantum key authentication (QKA). QKA can also be used in c...

It is well known that certain quantum correlations like quantum steering exhibit a monogamous relationship. In this paper, we exploit the asymmetric nature of quantum steering and show that there exist states which exhibit a polygamous correlation, known as collective correlation [He and Reid, Phys. Rev. Lett. 111, 250403 (2013)], where the state of one party, Alice, can be steered only by the joint effort of the other two parties, Bob and Charlie. As an example, we explicitly single out a particular set of 3 qubit states which exhibit this polygamous relationship, known as collective steerability. We provide a recipe to identify the complete set of such states. We also provide a possible application of such states to an information theoretic task, termed as quantum key authentication (QKA) protocol. QKA can also be used in conjunction with other well known cryptography protocols to improve their security and we provide one such example with quantum private comparison (QPC).

Adaptive authentication is a risk-based authentication that identifies high-risk and suspicious illegitimate login attempts. User past login records which implicitly contains attribute factors context information are used to establish user behavior profile. Later if the user logins under different environmental context from that established profile, the identity of the user may be questioned. The system may challenge the user to present additional authentication method to get authenticated. We implemented such adaptive authentication system in our production server and collected user login records for more than six months. In this paper, we presents the analysis of the user login profile with regards to attribute factors such as geographical location and time of login. We also developed testbed system that uses the collected real data to evaluate the system for different ratio threshold values.

The emergence of the pervasive device has made log-in details more vulnerable to unauthorized access and damage. This is due to frequent changes in users of pervasive devices and the close affinity of many attackers. Most models available only prevent attackers from gaining access to user login details. This study proposed a model that both detects and reveals the attacker's identity using the strength of the Honey Encryption algorithm with the ability to build a randomized message encoding called a Distribution-Transforming Encoder (DTE). The proposed model has the capability of providing a guide to security operatives to track and arrest the suspected perpetrator. An evaluation of the model was carried out which shows a 62% success of revealing attackers. A further examination of the model shows that 21% of the attackers could gain access through close affinity to log-in users. An extension of the proposed model can be achieved by improving the detection rate of the model.

In this paper a 'fair' key generation and certification protocol for Diffie-Hellman keys is proposed, which is intended for use in cases where neither User nor CA are trusted to choose the User's key on their own. This protocol also ensures that key agreement mechanism 1 in ISO/IEC 11770-3 [2] provides 'fair key agreement' [4].

This paper seeks to give solutions to possible demands for lawful interception of communications. Certain modi cations to the ASPeCT Authentication and Initialisation of Payment protocol are proposed that give it a key recovery capability. The modi ed protocol ful ls potential government requirements for lawful interception while protecting the user from unauthorized disclosure of his/her communications.

We propose a method for integrating NTRUEncrypt into the ntor key exchange protocol as a means of achieving a quantum-safe variant of forward secrecy. The proposal is a minimal change to ntor, essentially consisting of an NTRUEncrypt-based key exchange performed in parallel with the ntor handshake. Performance figures are provided demonstrating that the client bears most of the additional overhead, and that the added load on the router side is acceptable. We make this proposal for two reasons. First, we believe it to be an interesting case study into the practicality of quantum-safe cryptography and into the difficulties one might encounter when transi­ tioning to quantum-safe primitives within real-world protocols and code-bases. Second, we believe that Tor is a strong candidate for an early transition to quantum-safe primitives; users of Tor may be jus­ tifiably concerned about adversaries who record traffic in the present and store it for decryption when technology or cryptanalyt...

The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme, the customer premises equipment and the target secondary user base station can accomplish a seamless handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal verification by automated validation of Internet security protocols and applications, we conclude that the proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments. The results show that the EPW scheme provides a lower computation delay than that mandated by the security scheme regulation of the IEEE 802.22 standard.