Your search keyword '"Omed Hassan Ahmed"' showing total 4 results

1. Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids

Author

Masoumeh Safkhani, Nasour Bagheri, Saqib Ali, Mazhar Hussain Malik, Omed Hassan Ahmed, Mehdi Hosseinzadeh, and Amir H. Mosavi

Subjects

Internet of things, IoT, smart grid, smart city, key agreement, physically unclonable functions, Mathematics, QA1-939

Abstract

Authentication protocols are often used in smart grids to deliver the necessary level of security. A huge number of clients in such a system, however, provides the attacker with the ability to clone them, for example. Device fingerprints, or Physically Unclonable Functions (PUF), have been investigated as an authentication feature to thwart such attacks. In order to accomplish the necessary security in smart grid neighborhood area network communications and to prevent unwanted physical access to smart meters, a former study designed a lightweight authentication system in this way. The suggested protocol uses PUFs to reduce physical attacks. As a consequence, the server/meter impersonation attack is one of the many assaults that this protocol is thought to be secure against. On the other hand, it is generally acknowledged that no security solution should be trusted unless its security has been verified by independent researchers. As a result, this paper assesses the security of this protocol against a typical adversary who has access to or influences over the messages carried over the public channel. This study demonstrates that the attacker is simply capable of impersonating the server for the meter and vice versa. In addition, the suggested attacks desynchronize them, making the adversary the only one capable of interacting with the meter in the role of the legal server rather than the latter. Each of the proposed attacks is extremely effective, and their success probability is almost 1. Finally, a modification is suggested that successfully fixes the protocol’s security weaknesses. The security proof of the improved protocol has been done through the Scyther tool. The computational cost comparison shows that the overhead of the proposed protocol compared to the former scheme is 4.85%, while it withstands various attacks, including traceability, desynchronization, impersonation, man-in-the-middle, and secret disclosure attacks.

Published

2022

2. Cryptanalysis of Two Recent Ultra-Lightweight Authentication Protocols

Author

Mohammad Reza Servati, Masoumeh Safkhani, Saqib Ali, Mazhar Hussain Malik, Omed Hassan Ahmed, Mehdi Hosseinzadeh, and Amir H. Mosavi

Subjects

medical wireless sensor network, ultra-lightweight, secret disclosure attack, Cro(·) function, Rank(·) function, Mathematics, QA1-939

Abstract

Radio Frequency Identification (RFID) technology is a critical part of many Internet of Things (IoT) systems, including Medical IoT (MIoT) for instance. On the other hand, the IoT devices’ numerous limitations (such as memory space, computing capability, and battery capacity) make it difficult to implement cost- and energy-efficient security solutions. As a result, several researchers attempted to address this problem, and several RFID-based security mechanisms for the MIoT and other constrained environments were proposed. In this vein, Wang et al. and Shariq et al. recently proposed CRUSAP and ESRAS ultra-lightweight authentication schemes. They demonstrated, both formally and informally, that their schemes meet the required security properties for RFID systems. In their proposed protocols, they have used a very lightweight operation called Cro(·) and Rank(·), respectively. However, in this paper, we show that those functions are not secure enough to provide the desired security. We show that Cro(·) is linear and reversible, and it is easy to obtain the secret values used in its calculation. Then, by exploiting the vulnerability of the Cro(·) function, we demonstrated that CRUSAP is vulnerable to secret disclosure attacks. The proposed attack has a success probability of "1" and is as simple as a CRUSAP protocol run. Other security attacks are obviously possible by obtaining the secret values of the tag and reader. In addition, we present a de-synchronization attack on the CRUSAP protocol. Furthermore, we provide a thorough examination of ESRAS and its Rank(·) function. We first present a de-synchronization attack that works for any desired Rank(·) function, including Shariq et al.’s proposed Rank(·) function. We also show that Rank(·) does not provide the desired confusion and diffusion that is claimed by the designers. Finally, we conduct a secret disclosure attack against ESRAS.

Published

2022

3. A Q-Learning and Fuzzy Logic-Based Hierarchical Routing Scheme in the Intelligent Transportation System for Smart Cities

Author

Amir Masoud Rahmani, Rizwan Ali Naqvi, Efat Yousefpoor, Mohammad Sadegh Yousefpoor, Omed Hassan Ahmed, Mehdi Hosseinzadeh, and Kamran Siddique

Subjects

vehicular ad hoc networks (VANETs), intelligent transportation system (ITS), routing, reinforcement learning (RL), fuzzy logic, smart city, Mathematics, QA1-939

Abstract

A vehicular ad hoc network (VANET) is the major element of the intelligent transportation system (ITS). The purpose of ITS is to increase road safety and manage the movement of vehicles. ITS is known as one of the main components of smart cities. As a result, there are critical challenges such as routing in these networks. Recently, many scholars have worked on this challenge in VANET. They have used machine learning techniques to learn the routing proceeding in the networks adaptively and independently. In this paper, a Q-learning and fuzzy logic-based hierarchical routing protocol (QFHR) is proposed for VANETs. This hierarchical routing technique consists of three main phases: identifying traffic conditions, routing algorithm at the intersection level, and routing algorithm at the road level. In the first phase, each roadside unit (RSU) stores a traffic table, which includes information about the traffic conditions related to four road sections connected to the corresponding intersection. Then, RSUs use a Q-learning-based routing method to discover the best path between different intersections. Finally, vehicles in each road section use a fuzzy logic-based routing technique to choose the foremost relay node. The simulation of QFHR has been executed on the network simulator version 2 (NS2), and its results have been presented in comparison with IRQ, IV2XQ, QGrid, and GPSR in two scenarios. The first scenario analyzes the result based on the packet sending rate (PSR). In this scenario, QFHR gets better the packet delivery rate by 2.74%, 6.67%, 22.35%, and 29.98% and decreases delay by 16.19%, 22.82%, 34.15%, and 59.51%, and lowers the number of hops by 6.74%, 20.09%, 2.68%, and 12.22% compared to IRQ, IV2XQ, QGrid, and GPSR, respectively. However, it increases the overhead by approximately 9.36% and 11.34% compared to IRQ and IV2XQ, respectively. Moreover, the second scenario evaluates the results with regard to the signal transmission radius (STR). In this scenario, QFHR increases PDR by 3.45%, 8%, 23.29%, and 26.17% and decreases delay by 19.86%, 34.26%, 44.09%, and 68.39% and reduces the number of hops by 14.13%, 32.58%, 7.71%, and 21.39% compared to IRQ, IV2XQ, QGrid, and GPSR, respectively. However, it has higher overhead than IRQ (11.26%) and IV2XQ (25%).

Published

2022

4. BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

Author

Jan Lansky, Amir Masoud Rahmani, Saqib Ali, Nasour Bagheri, Masoumeh Safkhani, Omed Hassan Ahmed, and Mehdi Hosseinzadeh

Subjects

authentication, blockchain, security, cryptanalysis, Mathematics, QA1-939

Abstract

In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.

Published

2021