Project description:Numerous systems are being employed in daily life where two entities authenticate each other over a range of distance. The distance involved is relatively small, but still attacks were documented. The distance bounding (DB) protocol was introduced to cater to security requirements. The schemes, however, are still prone to several threats; mainly the Relay Attack (Terrorist and Mafia Fraud). In Mafia Fraud, an attempts are made to get accepted as the prover either by replaying of messages or by the help a malicious key. In Terrorist fraud, an attempt is made to extract the secret from the verifying entity, either by extracting the key from the message captured or by physically tempering the verifying/proving entity. Therefore the mitigation of these attacks needs to be done; as to not put computational overhead on the scheme. The paper presents a comprehensive and comparative performance analysis of twelve DB protocols based on defined metrics. It also proposes a protocol which incorporates the design elements needed for added security, is computationally easy to implement and resistant to most of the threats mentioned. Analysis of the protocol is carried out against the security requirements.

Project description:With the increased number of mobile apps, authentication processes play a key role in verifying users' identities and protecting data from security threats. Utilizing proper authentication techniques is key to protecting computer apps from being hacked. In this paper, we aimed to compare the authentication methods of the sign-up, sign-in, and password recovery processes of 50 e-commerce apps. To ensure accurate data analysis, we checked every app in a separate session and used the "think-aloud" technique while recording the screen. The researchers prepared a list of items that were checked during each session to identify the similarities and differences between tested apps regarding the authentication process. The results of this security analysis unequivocally demonstrated how different apps' designs for authentication processes are. Users' memory and comprehension are burdened by these variances, and no app can ensure that they adhere to recommended standards. The results of this study confirmed the necessity for unified and user-friendly authentication processes. This can be possible by following a usable security framework for the authentication process.

Project description:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Project description: Not available

Project description:One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.

Project description:Recently, the use of the Internet of Medical Things (IoMT) has gained popularity across various sections of the health sector. The historical security risks of IoMT devices themselves and the data flowing from them are major concerns. Deploying many devices, sensors, services, and networks that connect the IoMT systems is gaining popularity. This study focuses on identifying the use of blockchain in innovative healthcare units empowered by federated learning. A collective use of blockchain with intrusion detection management (IDM) is beneficial to detect and prevent malicious activity across the storage nodes. Data accumulated at a centralized storage node is analyzed with the help of machine learning algorithms to diagnose disease and allow appropriate medication to be prescribed by a medical healthcare professional. The model proposed in this study focuses on the effective use of such models for healthcare monitoring. The amalgamation of federated learning and the proposed model makes it possible to reach 93.89 percent accuracy for disease analysis and addiction. Further, intrusion detection ensures a success rate of 97.13 percent in this study.

Project description:Drones have limited computing and storage resources, which makes them unable to perform complex tactical tasks; drones working in clusters can be employed for such complex tactical task completion. But, the synergy between these drones working in clusters is mandatory. Otherwise, the adversary can easily target them, disturb their routine work, and even disturb the whole system. Only a robust and lightweight authentication protocol can handle both information fusion and collaboration and coordination of drones working in clusters efficiently and effectively and is one of the essential components of the Internet of Drones (IoD) environment as it is deployed for quick and intelligent decisions. In this regard, the already available security mechanisms for IoD deployment drones have either design flaws or failed to provide security against session key disclosure, spoofing, man in the middle (MITM), and denial of service (DoS) attacks. Therefore, this article presents a protocol based on elliptic curve cryptography (ECC), one-way hash, concatenation, and exclusive-OR (XOR) operations to establish a secure communication session among drones which makes them a powerful system to perform complex tactical tasks and information fusion intelligently. The security analysis of the proposed protocol has formally been scrutinized via BAN logic and ProVerif and informally via realistic discussion and illustrations. The results obtained from the analysis sections demonstrate that the proposed protocol is robust in security and is 63.87% more efficient in terms of communication cost compared to its competitors, and 66.46% better in terms of computational cost.

Project description:In this paper, we generalize a secured direct communication process between N users with partial and full cooperation of quantum server. So, N - 1 disjointed users u1, u2, …, uN-1 can transmit a secret message of classical bits to a remote user uN by utilizing the property of dense coding and Pauli unitary transformations. The authentication process between the quantum server and the users are validated by EPR entangled pair and CNOT gate. Afterwards, the remained EPR will generate shared GHZ states which are used for directly transmitting the secret message. The partial cooperation process indicates that N - 1 users can transmit a secret message directly to a remote user uN through a quantum channel. Furthermore, N - 1 users and a remote user uN can communicate without an established quantum channel among them by a full cooperation process. The security analysis of authentication and communication processes against many types of attacks proved that the attacker cannot gain any information during intercepting either authentication or communication processes. Hence, the security of transmitted message among N users is ensured as the attacker introduces an error probability irrespective of the sequence of measurement.

Project description:Monodisperse cholesteric liquid crystal microspheres exhibit spherically symmetric Bragg reflection, generating, via photonic cross communication, dynamically tuneable multi-coloured patterns. These patterns, uniquely defined by the particular sphere arrangement, could render cholesteric microspheres very useful in countless security applications, as tags to identify and authenticate their carriers, mainly physical objects or persons. However, the optical quality of the cholesteric droplets studied so far is unsatisfactory, especially after polymerisation, a step required for obtaining durable samples that can be used for object identification. We show that a transition from droplets to shells solves all key problems, giving rise to sharp patterns and excellent optical quality even after polymerisation, the polymerised shells sustaining considerable mechanical deformation. Moreover, we demonstrate that, counter to prior expectation, cross communication takes place even between non-identical shells. This opens additional communication channels that add significantly to the complexity and unique character of the generated patterns.

Project description:BackgroundFirearm secure storage is an important public health practice due to its potential impact on reducing the incidence of accidental injuries, suicides, and thefts. Yet, there is limited research on how economic conditions might shape firearm storage patterns.MethodsThis study explores the relationship between material hardship and firearm secure storage among firearm-owning households. Data from the 2022 Behavioral Risk Factor Surveillance System (BRFSS) were analyzed, including responses from 7,197 firearm-owning adults in California, Minnesota, Nevada, and New Mexico. Multinomial logistic regression models assessed the relationship between levels of material hardship and storage practices, adjusting for demographic and socioeconomic factors.ResultsAmong respondents, 14.3% reported firearms were stored, loaded and unlocked. Compared to respondents experiencing no hardships, those experiencing three or more material hardships incurred a 183% higher risk of storing firearms in an unsecured manner (Relative Risk Ratio = 2.828, 95% CI = 1.286, 6.220).ConclusionThis study highlights an association between greater material hardship and unsecured firearm storage. These findings emphasize the need for public health interventions that address economic barriers to safe firearm storage, potentially reducing firearm-related injuries and deaths among individuals experiencing material hardship.