Your search keyword '"Shehzad Ashraf Chaudhry"' showing total 164 results

101. A secure blockchain-oriented data delivery and collection scheme for 5G-enabled IoD environment

Author

Azeem Irshad, Muhammad Bilal, Anwar Ghani, and Shehzad Ashraf Chaudhry

Subjects

Computer Networks and Communications, business.industry, Computer science, Data management, Access control, Computer security, computer.software_genre, Software deployment, Key (cryptography), Wireless, The Internet, business, Protocol (object-oriented programming), computer, Anonymity

Abstract

− There are innumerable ways the Internet of Drones (IoD) technology can impact our society. With the deployment of an airborne network, the IoD can support real-time low-cost delivery of services ranging from military surveillance to a myriad of civilian applications. Nevertheless, the drones employ insecure wireless communication channels to communicate with other entities in the system, inhibiting its induction in sensitive installations if insecure or inefficient Authenticated Key Agreement (AKA) schemes are employed. The blockchain, an open distributed ledger-based technology, is increasingly being adopted to address the security concern as discussed. Recently, Bera et al. presented an efficient blockchain-enabled AKA scheme for data management among various entities in IoD network. However, their scheme does not support anonymity and untraceability for the drones; also, it does not provide resistance to Ground station server impersonation attack, while the protocol has a few redundancies. Later, we proposed an enhanced blockchain-enabled AKA scheme BOD5-IOD to authenticate drones in the system. The BOD5-IOD, other than supporting a robust access control mechanism between drones and GSS, also ensures safe transactions among all entities in the IoD environment. The formal analysis and performance evaluation endorse that our scheme supports security requirements with computational and communication efficiency of 34.4% and 23.3%, respectively.

Published

2021

102. Efficient end-to-end authentication protocol for wearable health monitoring systems

Author

Jianfeng Ma, Chao Yang, Shehzad Ashraf Chaudhry, Qi Jiang, Xindi Ma, and Jian Shen

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Engineering, Otway–Rees protocol, 020205 medical informatics, General Computer Science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Control and Systems Engineering, Authentication protocol, Lightweight Extensible Authentication Protocol, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Wide Mouth Frog protocol, Electrical and Electronic Engineering, Challenge–response authentication, business, computer, Computer network

Abstract

Wearable health monitoring systems (WHMSs) will play an increasingly important role in future e-healthcare and enable smart and ubiquitous healthcare services. Given its sensitivity, the health data should be protected against unauthorized access. As a result, it is critical to design an end-to-end mutual authentication protocol that enables secure communication between the wearable sensor and medical professionals. Recently, Amin et al. proposed an anonymity preserving mutual authentication protocol for WHMSs. However, we identify that their protocol suffers from stolen mobile device attack, desynchronization attack, and sensor key exposure. Then we put forward an improved end-to-end authentication protocol based on quadratic residues. Comprehensive security analysis is conducted to show that the proposed protocol fixes these flaws of Amin et al.’s protocol and satisfies all desired requirements. The comparison with these existing protocols demonstrates that our protocol provides a practical end-to-end security solution for WHMSs.

Published

2017

103. A secure mutual authenticated key agreement of user with multiple servers for critical systems

Author

Muhammad Sher, Azeem Irshad, Arun Kumar Sangaiah, Shehzad Ashraf Chaudhry, Fan Wu, Xiong Li, and Saru Kumari

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Mutual authentication, Service provider, Computer security, computer.software_genre, Secret sharing, Public-key cryptography, Hardware and Architecture, Server, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Key (cryptography), 020201 artificial intelligence & image processing, Smart card, business, computer, Mobile device, Software

Abstract

Recent technological advances in almost all critical systems’ domains have led to an explosive growth of multimedia big data. Those advances encompass the ever increasing innovative digital and remote mobile devices being operated on the users’ end. Due to the openness of critical system, the service providers in such networks are facing security challenges to authenticate those mobile devices on the field, and delivering services. In this scenario, the Multi-server authentication (MSA) framework seems to be a promising solution that enables its subscribers to avail services from different servers without getting registered to each server individually. In last few years many MSA protocols depending on RC-Offline authentication during mutual authentication, have been presented. However, to date, there is no efficient MSA scheme to our knowledge that is free of all three weaknesses, simultaneously. That is, 1) free from storage of server-based parameters (public keys or other values) in smart card by registration authority, 2) free from the assumption of publishing of server-based public keys publicly and 3) free from a single secret sharing with all servers so that it could avoid server masquerading (insider) attack. Considering these limitations, we present a multi-server authentication protocol that withstands above drawbacks using lightweight cryptographic operations. The rationale of the proposed work was to present an efficient RC-Offline MSA scheme. Our scheme is also backed by formal security analysis based on GNY logic and automated security verification using ProVerif tool.

Published

2017

104. An improved anonymous authentication scheme for distributed mobile cloud computing services

Author

Seungmin Rho, I Luk Kim, Taeshik Shon, Shehzad Ashraf Chaudhry, and Mohammad Sabzinejad Farash

Subjects

Authentication, Cloud computing security, Computer Networks and Communications, Computer science, business.industry, Mobile computing, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Mobile cloud computing, 0202 electrical engineering, electronic engineering, information engineering, Strong authentication, 020201 artificial intelligence & image processing, Single sign-on, business, computer, Software, Mobile service, Computer network

Abstract

Mobile cloud computing blend mobile and cloud computing together with the help of wireless communication technology to achieve benefits for the stakeholders. These stakeholders include mobile users, mobile service operators and cloud service providers. Assorted challenges are also there for the implementation of mobile cloud computing but security and privacy are the dominant concerns. In order to achieve security and privacy of the said system several attempts are taken up. As the underlying system is complex and more prone against security threats, therefore strong authentication and privacy preserving schemes are desired. Three factor biometrics based authentication schemes are considered more secure for such huge and complex systems. Moreover, computational intelligence is getting popular nowadays for designing more vigorous and reliable biometrics based authentication schemes. Very recently, Tsai and Lo proposed an identity based authentication scheme for distributed mobile cloud computing environments. They claimed to achieve single sign on authentication for multiple service providers. Furthermore, they emphasized the usefulness and security of their scheme. However, the analysis in this paper shows that Tsai and Lo’s scheme is insecure against server forgery attack. It is proved that any adversaries having knowledge of just public parameters can forge as a valid service provider. Then an improved scheme is proposed to mitigate the security weakness. The security of proposed scheme is instantiated under random oracle model as well as the protocol validation model of popular automated tool ProVerif.

Published

2017

105. An Enhanced and Provably Secure Chaotic Map-Based Authenticated Key Agreement in Multi-Server Architecture

Author

Mohammad Sabzinejad Farash, Saru Kumari, Xiong Li, Fan Wu, Qi Xie, Shehzad Ashraf Chaudhry, and Azeem Irshad

Subjects

Password, Authentication, Multidisciplinary, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Service provider, Computer security, computer.software_genre, 01 natural sciences, Registration authority, Server, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Smart card, Challenge–response authentication, business, 010301 acoustics, computer

Abstract

In the multi-server authentication (MSA) paradigm, a subscriber might avail multiple services of different service providers, after registering from registration authority. In this approach, the user has to remember only a single password for all service providers, and servers are relieved of individualized registrations. Many MSA-related schemes have been presented so far, however with several drawbacks. In this connection, recently Li et al. in Wirel. Pers. Commun., (2016). doi: 10.1007/s11277-016-3293-x presented a chaotic map-based multi-server authentication scheme. However, we observed that Li et al. suffer from malicious server insider attack, stolen smart card attack, and session-specific temporary information attack. This research work is based on improving security of Li et al.’s protocol in minimum possible computation cost. We also evaluate the security for the contributed work which is provable under formal security analysis employing random oracle model and BAN Logic.

Published

2017

106. An Improved SIP Authentication Scheme Based on Server-Oriented Biometric Verification

Author

Xiong Li, Azeem Irshad, Hamed Arshad, Saru Kumari, Shehzad Ashraf Chaudhry, and Fan Wu

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, computer.internet_protocol, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Forward secrecy, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Password, Authentication, Session Initiation Protocol, Voice over IP, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 020207 software engineering, SIP trunking, Computer Science Applications, Authentication protocol, Reflection attack, Challenge–response authentication, business, computer, Computer network

Abstract

The Session Initiation Protocol (SIP) provides a way to control the wired and wireless Voice over Internet Protocol-based communication over an insecure channel. The SIP protocol is not secure due to relying on an intrinsically open text-based communication, which further stresses the strengthening of SIP authentication protocols. Many solutions have been put forward in the last few years to design the secure and efficient SIP authentication protocols for multimedia. Recently, Zhang et al. proposed a SIP authentication protocol with an enhanced feature that enables the server authenticate the users on the basis of biometric verification. However, after a careful observation, one can witness few limitations regarding privileged insider attack, session specific temporary attack, De-synchronization attack; denial-of-service attack, inefficient password modification and lack forward secrecy compromise. We have proposed a secure scheme countering the identified flaws of Zhang et al. and other contemporary schemes. We also demonstrate the security strength of proposed scheme by employing the formal security analysis under BAN logic.

Published

2017

107. A privacy preserving authentication scheme for roaming in ubiquitous networks

Author

Shehzad Ashraf Chaudhry, Changhoon Lee, Naixue Xiong, Taeshik Shon, and Aiiad Albeshri

Subjects

Scheme (programming language), Authentication, Computer Networks and Communications, business.industry, Computer science, Node (networking), Big data, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Session key, 020201 artificial intelligence & image processing, Open architecture, Ubiquitous network, Roaming, business, computer, Software, Computer network, computer.programming_language, Anonymity

Abstract

Ubiquitous networks enable mobile users to communicate with each other efficiently and independently without the need of inventing agent. This approach is proved to be delay and spectral efficient. Due to the nature of underlying Big data, such networks are prone to several security and privacy challenges. Because such gigantic data is not only difficult to store, maintain and manipulate but Big data’s open architecture makes the security threats inevitable. Therefore, incorporating authentication between mobile node and foreign network during roaming in ubiquitous networks has become a tedious task. Very recently, Farash et al. found a number of weaknesses in the schemes proposed by Wen et al. and Shin et al. Furthermore, Farash et al. proposed an enhanced scheme for roaming user in ubiquitous network. However, after thorough investigation, we show fragilities of Farash et al.’s scheme against (1) mobile user anonymity violation; (2) disclosure of secret parameter of mobile node; (3) session key disclosure; and (4) mobile node impersonation attacks. Therefore, we propose an improved scheme to fix these fragilities. We analyze the security of proposed scheme using popular automated verification tool ProVerif. The analysis confirms that the proposed scheme resists the known attacks while having quite low overhead as compared with Farash et al.’s scheme. Therefore, in order to get better performance proposed scheme is a suitable candidate to be employed along with supercomputing systems for dealing the security challenges of big data in ubiquitous networks.

Published

2017

108. An enhanced lightweight anonymous biometric based authentication scheme for TMIS

Author

Shehzad Ashraf Chaudhry, Husnain Naqvi, and Muhammad Khurram Khan

Subjects

Scheme (programming language), Security analysis, Authentication, 020205 medical informatics, Biometrics, Computer Networks and Communications, Computer science, business.industry, Data_MISCELLANEOUS, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Random oracle, Symmetric-key algorithm, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Smart card, business, computer, Software, computer.programming_language, Anonymity

Abstract

In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based authentication system proposed by Yan et al. Mir and Nikooghadam declared that their scheme is invincible against potential attacks while providing user anonymity. Our study and in-depth analysis unveil that Mir and Nikooghadam’s authentication scheme is susceptible to smart card stolen attack, moreover anonymity violation is still possible despite the claim of Mir and Nikooghadam. We have utilized the random oracle model in order to perform security analysis. The analysis endorses that the proposed scheme is robust enough to provide protection against all potential attacks specially smart card stolen attack and user anonymity violation attack. Analysis is further substantiated through an automated software application ProVerif. The analysis also shows that proposed scheme is computationally efficient than Mir and Nikooghadam’s scheme.

Published

2017

109. Securing IoT-Based RFID Systems: A Robust Authentication Protocol Using Symmetric Cryptography

Author

Shahbaz Ahmed Khan Ghayyur, Shahaboddin Shamshirband, Khwaja Mansoor, Amir Mosavi, Anwar Ghani, and Shehzad Ashraf Chaudhry

Subjects

Technology, IoT Security, Computer science, Hash function, Cryptography, 02 engineering and technology, lcsh:Chemical technology, Computer security, computer.software_genre, Biochemistry, LIGHTWEIGHT, Article, Analytical Chemistry, law.invention, Public-key cryptography, Attack model, law, authentication protocol, IMPLEMENTATION, MANAGEMENT, 0202 electrical engineering, electronic engineering, information engineering, Radio-frequency identification, lcsh:TP1-1185, general_theoretical_computer_science, Electrical and Electronic Engineering, Instrumentation, business.industry, SCHEME, 020206 networking & telecommunications, RFID security, Atomic and Molecular Physics, and Optics, CRYPTANALYSIS, Symmetric-key algorithm, symmetric cryptography, Authentication protocol, 020201 artificial intelligence & image processing, Cryptanalysis, Internet of Things, business, computer, Computer network

Abstract

Radio Frequency Identification (RFID) devices use radio waves to relay identifying information to an electronic reader using low-cost RFID Tag. RFID is expected to replace the conventional bar-code identification system due to its advantage like real-time recognition of a considerable number of objects. However, in RFID systems an attacker can get the tag that may lead to various security threats, and the limited computation power of RFID tags can cause delay. Lightweight authentication protocols proposed using cryptographic algorithms (one-way hash function, symmetric key encryption/decryption, and exclusive-OR) in order to cope with these problems. One such lightweight cryptographic protocol has been presented by Gope and Hwang using RFID systems. However, it analyzed in this article that their protocol is infeasible and vulnerable to Collision Attack, Denial-of-service (DoS), and Stolen verifier Attacks. A realistic, lightweight authentication protocol has been presented in this article to ensure protection against the mentioned attacks for IoT based RFID system. The proposed protocol has been formally analyzed using BAN logic and ProVerif as well as also analyzed informally using security requirement. The results show that the proposed protocol outperforms the existing protocols not only in security enhancements but also in terms of computation and communication complexity. Furthermore, the proposed protocol has also been analyzed for storage complexity.

Published

2019

110. An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure

Author

Jehangir Arshad, Shehzad Ashraf Chaudhry, Saru Kumari, and Khalid Mahmood

Subjects

Key-agreement protocol, Key establishment, Smart grid, Computer Networks and Communications, Computer science, Identity (object-oriented programming), Metering mode, Electrical and Electronic Engineering, Computer security, computer.software_genre, computer, Anonymity

Published

2019

111. Symmetric-Key Multi-Factor Biometric Authentication Scheme

Author

Shehzad Ashraf Chaudhry, Zeeshan Ali, Sajid Hussain, Khwaja Mansoor, and Jawad Iftikhar

Subjects

Password, Scheme (programming language), Authentication, Biometrics, business.industry, Computer science, Cryptography, Computer security, computer.software_genre, Symmetric-key algorithm, Server, Reflection attack, business, computer, computer.programming_language

Abstract

Authentication is achieved by using different techniques, like using smart-card, identity password and biometric techniques. Some of the proposed schemes use a single factor for authentication while others combine multiple ways to provide multi-factor authentication for better security. lately, a new scheme for multi-factor authentication was presented by Cao and Ge and claimed that their scheme is highly secure and can withstand against all known attacks. In this paper, it is revealed that their scheme is still vulnerable and have some loopholes in term of reflection attack. Therefore, an improved scheme is proposed to overcome the security weaknesses of Cao and Ge’s scheme. The proposed scheme resists security attacks and secure. Formal testing is carried out under a broadly-accepted simulated tool ProVerif which demonstrates that the proposed scheme is well secure.

Published

2019

112. GCACS-IoD: A certificate based generic access control scheme for Internet of drones

Author

Ali Kashif Bashir, Rupak Kharel, Yousaf Bin Zikria, Shehzad Ashraf Chaudhry, Khalid Yahya, Marimuthu Karuppiah, Chaudhry, Shehzad Ashraf, and Yahya, Khalid O. Moh.

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, UAV, Key establishment, Stolen IoT device, Device access control, 020206 networking & telecommunications, Access control, 02 engineering and technology, Man-in-the-middle attack, Computer security, computer.software_genre, Certificate, IoD, Data access, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Replay attack, computer, Anonymity

Abstract

Internet of drones (IoD) has gained significant importance in recent times due to its applications in several critical domains ranging from commercial to defense and rescue operations. With several drones flying in different zones to carry out specified tasks, the IoD can be beneficial to gather the real time data for interpretation by the users. However, the data access is carried out through an open channel and battery operated drones. Therefore, the drones’ security and privacy are crucial for accomplishing mission-critical, safety-critical, or surveillance operations. In 2020, Bera et al. presented a certificate based access control scheme for securing the IoD access and argued the scheme’s security through formal and informal methods. However, the analysis presented in this paper shows that the scheme of Bera et al. does not provide anonymity and is insecure against multiple threats, including drone impersonation, the man in the middle, and replay attacks. We then designed a generic certificate based access control scheme to provide inter-drone and drone to ground station access control/authentication in the IoD domain (GCACS-IoD). The GCACS-IoD is provably secure against the known attacks and provides anonymity. GCACS-IoD extends security while preserving computation and communication efficiencies.

Published

2021

113. A clogging resistant secure authentication scheme for fog computing services

Author

Yousaf Bin Zikria, Shehzad Ashraf Chaudhry, Khalid Mahmood, Zhihan Lv, Zeeshan Ali, Sahil Garg, and Chaudhry, Shehzad Ashraf

Subjects

Scheme (programming language), Authentication, Computer Networks and Communications, Computer science, business.industry, Vulnerability, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Key management, Computer security, computer.software_genre, Decentralized computing, 0202 electrical engineering, electronic engineering, information engineering, Fog computing, Access control, 020201 artificial intelligence & image processing, Authentication protocol, business, computer, Key exchange, computer.programming_language

Abstract

Fog computing (FC) is an infrastructure consisting of decentralized computing, where computing resources such as storage, applications, and data are scattered among the cloud and data source. Fog computing inherits similar privacy and security concerns present in cloud computing, such as authentication and key management issues. Recently, Wazid et al. presented a scheme of authentication key exchange for fog computing called SAKA-FC to address these issues. We analyzed and identified that the SAKA-FC suffers from some severe vulnerabilities. Furthermore, we presented an improved scheme to mitigate these problems while retaining its strengths. The formal security analysis of the proposed scheme is validated through BAN logic. At the same time, the AVISPA tool is employed for automated formal security verification. Informal security analysis is conducted to attest that the proposal can confront the known attacks. Using computation and communication costs as the metrics, the proposed scheme is also compared with some state-of-the-art schemes. The proposed scheme achieves the same communication cost as of SAKA-FC, whereas the difference in computation cost is 24%. This increase in computation cost is justifiable as the proposal is resistant to clogging attacks and provides better security than the prior schemes.

Published

2021

114. Drone-based secure communication model for goods collection and delivery: a strategic management perspective

Author

Shehzad Ashraf Chaudhry

Subjects

Political Science and International Relations, Business, Management and Accounting (miscellaneous), Development

Published

2021

115. A provably secure anonymous authentication scheme for Session Initiation Protocol

Author

Shehzad Ashraf Chaudhry, Muhammad Usman Ashraf, Muhammad Khurram Khan, Azeem Irshad, Hafiz Farooq Ahmad, and Imran Khan

Subjects

Provable security, Password, Session Initiation Protocol, Security analysis, Correctness, Computer Networks and Communications, computer.internet_protocol, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Impersonation attack, Mutual authentication, Computer security, computer.software_genre, Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer, Information Systems

Abstract

Recently, Lu et al. presented a mutual authentication scheme for Session Initiation Protocol. Lu et al. claimed their scheme provides safeguard against familiar attacks and offers efficient authentication facility. However, this paper divulges that the scheme of Lu et al. is prone to server and user impersonation attacks. Additionally, the scheme of Lu et al. implicates correctness concerns. Consequently, an enhanced scheme is proposed, not only to resolve correctness concerns but also to provide robustness against server and user impersonation attacks. The proposed scheme makes use of a user-specific secret parameter to deal with the security and correctness issues. The formal and informal security analysis proves the robustness and efficiency of the proposed scheme against all familiar attacks. Furthermore, security analysis is also substantiated through popular automated tool PROVERIF. Copyright © 2016 John Wiley & Sons, Ltd.

Published

2016

116. A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme

Author

Shehzad Ashraf Chaudhry, Muhammad Sher, Azeem Irshad, Omer Nawaz, Imran Khan, and Saru Kumari

Subjects

Scheme (programming language), Authentication, Security analysis, 020205 medical informatics, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Communications system, Computer security, computer.software_genre, law.invention, Hardware and Architecture, law, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Key (cryptography), Information system, Resilience (network), Cryptanalysis, computer, Software, computer.programming_language

Abstract

The security for Telecare Medicine Information Systems (TMIS) has been crucial for reliable dispensing of the medical services to patients at distant locations. Security and privacy element needs to be there for any physician or caregiver to make certain an appropriate diagnosis, medical treatment or any other exchange of critical information. In this connection, many relevant TMIS-based authentication schemes have been presented, however various forms of attacks and inefficiencies render these schemes inapplicable for a practical scenario. Lately, Amin et al. proposed a scheme based on a multi-server authentication for TMIS. However, the Amin et al., scheme has been found vulnerable to user and server impersonation attacks. We have proposed an improved model with higher performance and efficiency, as evident from the forthcoming sections. Besides, the scheme has been backed up by formal security analysis using BAN logic to ensure the resilience of the proposed scheme.

Published

2016

117. An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography

Author

Khalid Mahmood, Hafiz Farooq Ahmad, Shehzad Ashraf Chaudhry, Muhammad Khurram Khan, and Husnain Naqvi

Subjects

Scheme (programming language), Authentication, Security analysis, 020205 medical informatics, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Random oracle, Secure communication, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Electrical and Electronic Engineering, Elliptic curve cryptography, business, computer, computer.programming_language

Abstract

Internet of Things has drastically expanded the global network for information exchange, because thousands of communication devices are becoming part of the global network. Besides the numerous benefits of global network expansion, secure communication and authentication among the comprising elements of the global network is also posing great challenges. Recently, Huang et al. proposed a key agreement scheme in order to facilitate user authenticity using elliptic curve cryptography. Huang et al. further emphasized the scheme is secure. Nevertheless, comprehensive analysis in this paper, demonstrates that Huang et al. scheme has correctness issues and is prone to impersonation/forgery attack. Then an improved scheme is presented to tenacity the said glitches existent in Huang et al.'s scheme. The security analysis of proposed scheme is substantiated in random oracle model. Furthermore, a simulation of proposed scheme is carried out by automated formal tool ProVerif. The performance and security assessments show that the scheme presented in this paper withstand impersonation attack and offers adequate security while reducing significant computation cost as compared with Huang et al.'s scheme. Hence, due to better performance and security, the proposed scheme is the appropriate one for security sensitive and resource constrained environments.

Published

2016

118. An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data

Author

Javed I. Khan, Shehzad Ashraf Chaudhry, Muhammad Khurram Khan, Muhammad Sher, and Imran Khan

Subjects

Authentication, 020205 medical informatics, Biometrics, business.industry, Computer science, 02 engineering and technology, Login, Theoretical Computer Science, Random oracle, Hardware and Architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Information system, 020201 artificial intelligence & image processing, business, Software, Information exchange, Information Systems, Computer network, Anonymity

Abstract

Telecare medicine information systems (TMISs) provides a platform to the participating medical entities to share medical data over an insecure public channel. Medical drop box (MDB) is used for the said purpose, where electronic health record (EHR) is maintained for national health information exchange (NHIX). EHR is a crucial part of MDB. Therefore, the main challenge in NHIX is to restrict MDB access to only the authenticated entities. Very Recently, Moon et al. introduced a biometrics-based authentication scheme using chaotic maps for TMISs. The authors claimed that their scheme is efficient and robust in terms of its usage and implementation. However, this paper unveils that due to storage of verifier table on server, their scheme is having scalability and efficiency issues. Furthermore, the use of the same parameters $$\mathrm{IM}_1$$ and $$\mathrm{IM}_2$$ during different login requests makes the scheme traceable. Therefore, an improved scheme using chaotic maps has been proposed in this paper, which provides user anonymity and untraceability along with computational efficiency. The security of the proposed scheme is evaluated in detail through the random oracle model. The analysis reveals that the proposed scheme is robust and secure against the known attacks. Moreover, analysis is further verified through popular automated tool ProVerif.

Published

2016

119. Comments on 'A privacy preserving three-factor authentication protocol for e-health clouds'

Author

Shehzad Ashraf Chaudhry and Azeem Irshad

Subjects

020203 distributed computing, Computer science, business.industry, 010102 general mathematics, Denial-of-service attack, Provisioning, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Adversary, Computer security, computer.software_genre, 01 natural sciences, Theoretical Computer Science, Hardware and Architecture, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, 0101 mathematics, Reflection attack, Challenge–response authentication, business, computer, Software, Information Systems, Computer network

Abstract

The security provisioning of increasing healthcare data is of critical importance. The e-health clouds can be seen as a move towards an efficient management of such a big volume of healthcare data. Many schemes have been presented to bring more security and privacy along with efficiency, in the handling of data for booming e-health industry. Recently, in this connection, Jiang et al. (J Supercomput 1---24 doi:10.1007/s11227-015-1610-x, 2016) presented a three-factor authentication protocol for e-health clouds. In this letter, we identify a serious flaw in the mutual authentication phase of the scheme, since an adversary may launch a denial-of-service attack (DoS) against the service providing server. Finally, we suggest a modification in the scheme to overcome the DoS attack.

Published

2016

120. An improved one-to-many authentication scheme based on bilinear pairings with provable security for mobile pay-TV systems

Author

Mohammad Sabzinejad Farash, Seyed Mohammad Sajad Sadough, Khalid Mahmood, Shehzad Ashraf Chaudhry, and Mohammad Heydari

Subjects

Scheme (programming language), Provable security, 020203 distributed computing, Authentication, Computer Networks and Communications, business.industry, Computer science, Bilinear interpolation, One-to-many, Access control, 02 engineering and technology, Adversary, Computer security, computer.software_genre, Set (abstract data type), Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, business, computer, Software, computer.programming_language

Abstract

In 2012, Wang and Qin proposed an authentication mechanism in order to get access control for mobile pay-TV organization to enhance the Sun and Leu's technique. Wang and Qin declared that their technique satisfies the security expectations or requirements intended for mobile pay-TV system. However, this work indicates that Wang and Qin's scheme suffers from a nontrivial weakness. Successful impersonation attack is easily possible from an adversary who can impersonate mobile set (MS) to cheat the head-end system (HS). An adversary does not even need secret information to do so. As a remedy, we proposed an enhanced authentication technique for mobile pay-TV systems by taking a slight change in Wang and Qin's scheme. The proposed scheme maintains the merits and covers the demerits of the previous schemes.

Published

2016

121. A lightweight message authentication scheme for Smart Grid communications in power sector

Author

Shehzad Ashraf Chaudhry, Hafiz Farooq Ahmad, Khalid Mahmood, Husnain Naqvi, and Taeshik Shon

Subjects

Scheme (programming language), Authentication, General Computer Science, Computer science, business.industry, Hash function, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Telecommunications network, Smart grid, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Session key, 020201 artificial intelligence & image processing, Message authentication code, Electrical and Electronic Engineering, business, computer, computer.programming_language, Computer network

Abstract

Designed an authentication scheme for IoT based smart grid communication.Analyzed the scheme using automated tool ProVerif.The proposed scheme is more lightweight and secure than existing schemes. The Internet of Things (IoT) has plenty of applications including Smart Grid (SG). IoT enables smooth and efficient utilization of SG. It is assumed as the prevalent illustration of IoT at the moment. IP-based communication technologies are used for setting SG communication network, but they are challenged by huge volume of delay sensitive data and control information between consumers and utility providers. It is also challenged by numerous security attacks due to resource constraints in smart meters. Sundry schemes proposed for addressing these problems are inappropriate due to high communication, computation overhead and latency. In this paper, we propose a hybrid Diffie-Hellman based lightweight authentication scheme using AES and RSA for session key generation. To ensure message integrity, the advantages of hash based message authentication code are exploited. The scheme provides mutual authentication, thwarting replay and man-in-the-middle attacks and achieves message integrity, while reducing overall communication and computation overheads.

Published

2016

122. A secure biometric based multi-server authentication scheme for social multimedia networks

Author

Shehzad Ashraf Chaudhry

Subjects

Scheme (programming language), Authentication, Biometrics, Computer Networks and Communications, business.industry, Computer science, Big data, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Mutual authentication, Computer security, computer.software_genre, Hardware and Architecture, Server, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, business, computer, Software, computer.programming_language, Anonymity

Abstract

Social networking is one of the major source of massive data. Such data is not only difficult to store, manipulate and maintain but it's open access makes it security prone. Therefore, robust and efficient authentication should be devised to make it invincible against the known security attacks. Moreover, social networking services are intrinsically multi-server environments, therefore compatible and suitable authentication should be designed accordingly. Sundry authentication protocols are being utilized at the moment and many of them are designed for single server architecture. This type of remote architecture resists each user to get itself register with each server if multiple servers are employed to offer online social services. Recently multi-server architecture for authentication has replaced the single server architecture, and it enable users to register once and procure services from multiple servers. A short time ago, Lu et al. presented two authentication schemes based on three factors. Furthermore, both Lu et al.'s schemes are designed for multi-server architecture. Lu et al. claimed the schemes to be invincible against the known attacks. However, this paper shows that one of the Lu et al.'s scheme is susceptible to user anonymity violation and impersonation attacks, whereas Lu et al.'s second scheme is susceptible to user impersonation attack. Therefore an enhanced scheme is introduced in this paper. The proposed scheme is more robust than subsisting schemes. The proposed scheme is thoroughly verified and validated with formal and informal security discussion, and through the popular automated tool ProVerif. The in-depth analysis affirms that proposed scheme is lightweight in terms of computations while attaining mutual authentication and is invincible against the known attacks, hence is more suitable for automated big data analysis for social multimedia networking environments.

Published

2016

123. An improved and robust biometrics-based three factor authentication scheme for multiserver environments

Author

Mohammad Sabzinejad Farash, Muhammad Sher, Shehzad Ashraf Chaudhry, Taeshik Shon, and Husnain Naqvi

Subjects

Authentication, 020205 medical informatics, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Adversary, Multi-factor authentication, Computer security, computer.software_genre, Theoretical Computer Science, Client–server model, Hardware and Architecture, Authentication protocol, Server, 0202 electrical engineering, electronic engineering, information engineering, Smart card, business, computer, Software, Information Systems, Computer network, Anonymity

Abstract

The rapid advancement in communication technologies enables remote users to acquire a number of online services. All such online services are provided remotely facilitating the users to freely move any where with out disruption of the services. In order to ensure seamless and secure services to the remote user such services espouse authentication protocols. A number of authentication protocols are readily available to achieve security and privacy in remote client server architecture. Most of these schemes are tailored for single server architecture. In such scenario, if a user wants to attain the services provided by more than one servers he has to register with each server. In recent times, multiserver authentication has got much attention, where a user can register once and then can acquire services provided by multiple servers. Very recently, Lu et al. proposed a biometric, smart card and password-based three factor authentication scheme usable for multiserver environments. Furthermore, Lu et al. identified their scheme to resist known attacks. However, the analysis in this paper ascertains that Lu et al.’s scheme is vulnerable to impersonation attack. An adversary registered to the system just after knowing the public identity of a user can impersonate himself as the latter. Then we propose an improvement over Lu et al.’s scheme. Our improvement is more robust than the existing schemes. The security of proposed scheme is substantiated formally along with informal security discussion, while same is also validated using a popular automated tool ProVerif. The analysis confirms that proposed scheme achieves mutual authentication and is robust against known attacks. In addition, the proposed scheme does not incur any extra computation as compared with Lu et al.’s scheme.

Published

2015

124. A Robust and Efficient Privacy Aware Handover Authentication Scheme for Wireless Networks

Author

Shehzad Ashraf Chaudhry, Husnain Naqvi, Taeshik Shon, Sk Hafizul Islam, and Mohammad Sabzinejad Farash

Subjects

Challenge-Handshake Authentication Protocol, Provable security, Otway–Rees protocol, Computer science, business.industry, Wireless network, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, Authentication protocol, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Wide Mouth Frog protocol, Electrical and Electronic Engineering, Roaming, Elliptic curve cryptography, business, Computer network

Abstract

A handover authentication protocol ensures secure and seamless roaming over multiple access points. A number of such protocols are proposed, but most of these protocols are inefficient or insecure. Very recently, Li et al. (Wireless Pers Commun 80(2):581---589, 2015) proposed a privacy-aware handover authentication protocol, and claimed their protocol to be more lightweight and secure than existing protocols. However, our analysis identifies that Li et al.'s protocol is insecure against access point impersonation attack. As a remedy, we proposed an improved protocol to fix the security weakness of Li et al.'s protocol. The improved protocol achieves the provable security in the random oracle model against the hardness assumptions of the elliptic curve discrete logarithm problem and elliptic curve computational Diffie---Hellman problem. The proposed handover authentication protocol is also formally analyzed with the automated tool ProVerif. The improved protocol not only enhances the security but is more lightweight than other related protocols.

Published

2015

125. Further comments on ‘SFVCC: Chaotic map‐based security framework for vehicular cloud computing’

Author

Shehzad Ashraf Chaudhry and Azeem Irshad

Subjects

Security framework, business.industry, Network security, Computer science, Mechanical Engineering, Chaotic map, Transportation, Cloud computing, Message authentication code, business, Law, Intelligent transportation system, General Environmental Science, Computer network

Published

2020

126. Comment on ‘SFVCC: Chaotic map‐based security framework for vehicular cloud computing’

Author

Shehzad Ashraf Chaudhry and Azeem Irshad

Subjects

Scheme (programming language), 050210 logistics & transportation, Network security, business.industry, Computer science, Mechanical Engineering, 05 social sciences, Transportation, Eavesdropping, Cloud computing, Denial-of-service attack, 010501 environmental sciences, Cryptographic protocol, Adversary, Computer security, computer.software_genre, 01 natural sciences, 0502 economics and business, business, Law, computer, Replay attack, 0105 earth and related environmental sciences, General Environmental Science, computer.programming_language

Abstract

This comment is presented to identify the drawbacks in a recently published scheme SFVCC by Mishra et al. doi:10.1049/iet-its.2019.0250. In this scheme, a malicious adversary may initiate a replay attack and denial of service attack after eavesdropping the communication. These attacks render the scheme inapplicable for practical deployment.

Published

2020

127. A robust authentication and access control protocol for securing wireless healthcare sensor networks

Author

Anwar Ghani, Zeeshan Ali, Debasis Giri, Shehzad Ashraf Chaudhry, SK Hafizul Islam, and Imran Khan

Subjects

020205 medical informatics, Computer Networks and Communications, business.industry, Computer science, Password cracking, 020206 networking & telecommunications, Denial-of-service attack, Access control, 02 engineering and technology, Computer security, computer.software_genre, Public-key cryptography, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Elliptic curve cryptography, Safety, Risk, Reliability and Quality, business, Wireless sensor network, Replay attack, computer, Software

Abstract

Wireless Healthcare Sensor Network (WHSN) has become one of the major research fields over the past decades that play a very prominent role in the medical field. Due to the rapid growth of technology in wireless communication, different security challenges have been raised in WHSN. Authentication protocols are used to secure the information transferred over the public channels by WHSN. For this prospect recently, Liu & Chung proposed an authentication and data transmission mechanism for WHSN. However, Challa et al. identified that Liu-Chung’s scheme is vulnerable to stolen smart-card, offline password guessing, privileged insider, and user impersonation attacks. Challa et al. then proposed an enhanced scheme to overcome beforehand stated flaws. This paper denotes out that in accession to before mentioned attacks, Liu-Chung’s scheme is also prone to users’ private key leakage and user impersonation attacks towards sensors. Moreover, Challa et al.’s scheme suffers from incorrectness, broadcasting problem, lack of authentication between Trusted Authority (TA) and sensor nodes, replay attack, Denial of Service (DoS) attack, forgery attack and delay in communication due to the involvement of the TA. Using the elliptic curve cryptography and bilinear paring, an improved scheme is proposed in this paper, to mitigate the weaknesses of Challah et al. and Liu-Chang schemes. The formal security analysis using simulation tool AVISPA and BAN logic demonstrate that the proposed scheme is secure. The rigorous informal security analysis also attests that our scheme is safe against well-known attacks.

Published

2020

128. Sixth Generation (6G) Wireless Networks: Vision, Research Activities, Challenges and Potential Solutions

Author

Mahmoud A. M. Albreem, Sunghwan Kim, M. Sultan Zia, Mohammed H. Alsharif, Anabi Hilary Kelechi, and Shehzad Ashraf Chaudhry

Subjects

wireless networks, Physics and Astronomy (miscellaneous), Relation (database), Standardization, Computer science, General Mathematics, Visible light communication, 02 engineering and technology, Competitive advantage, beyond 5G, Wireless communication systems, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), terahertz communications, 6G, 6G mobile communication, Wireless network, lcsh:Mathematics, 020206 networking & telecommunications, lcsh:QA1-939, holographic communications, Engineering management, Chemistry (miscellaneous), Software deployment, Key (cryptography), 020201 artificial intelligence & image processing

Abstract

The standardization activities of the fifth generation communications are clearly over and deployment has commenced globally. To sustain the competitive edge of wireless networks, industrial and academia synergy have begun to conceptualize the next generation of wireless communication systems (namely, sixth generation, (6G)) aimed at laying the foundation for the stratification of the communication needs of the 2030s. In support of this vision, this study highlights the most promising lines of research from the recent literature in common directions for the 6G project. Its core contribution involves exploring the critical issues and key potential features of 6G communications, including: (i) vision and key features; (ii) challenges and potential solutions; and (iii) research activities. These controversial research topics were profoundly examined in relation to the motivation of their various sub-domains to achieve a precise, concrete, and concise conclusion. Thus, this article will contribute significantly to opening new horizons for future research directions.

Published

2020

129. A provably secure and efficient authenticated key agreement scheme for Energy Internet based Vehicle-to-Grid technology framework

Author

Muhammad Shafiq, Muhammad Usman, Husnain Naqvi, Azeem Irshad, and Shehzad Ashraf Chaudhry

Subjects

Authentication, business.industry, Computer science, 020206 networking & telecommunications, Vehicle-to-grid, 02 engineering and technology, Industrial and Manufacturing Engineering, Smart grid, Control and Systems Engineering, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Session key, 020201 artificial intelligence & image processing, The Internet, Electrical and Electronic Engineering, business, Replay attack, Computer network

Abstract

The energy Internet (EI)-based vehicle-to-grid (V2G) technology facilitates the electric vehicles not only to distribute additional electricity into grid systems, but also support receiving back from the power grid in the form of charging. The secure key establishment is quite significant to initiate the bidirectional electricity power delivery into and from the system. To effectively implement any EI-based V2G communication, the authentication protocol must be free from cyber attacks. In this article, we not only explore the drawbacks of several smart grid-based authentication protocols but also bring forth the limitations of a recently presented EI-based V2G scheme by Gope and Sikdar. The examined drawbacks in this protocol may disrupt its proper functioning, since it faces desynchronization problems while logging into the mobile device bearing registration parameters. The scheme is also vulnerable to replay attack and man-in-the-middle attack. The user is also unable to validate session key in the protocol. Considering these limitations, we propose a novel and efficient V2G protocol framework enabling the vehicles to communicate or recharge at desired recharging stations. The results of the proposed framework are compared with several contemporary schemes, and its security features are validated by random oracle model-based formal analysis.

Published

2020

130. Cryptanalysis and improvement of a Multi-server Authentication protocol by Lu et al

Author

Shehzad Ashraf Chaudhry, Saru Kumari, and Aiiad Albeshri

Subjects

Computer Networks and Communications, Information Systems

Published

2018

131. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

Author

Shehzad Ashraf Chaudhry, Muhammad Usman Ashraf, Anwar Ghani, Imran Khan, Ahmed Fraz Baig, and Khwaja Mansoor ul Hassan

Subjects

Computer and Information Sciences, National security, Economics, Computer science, Political Science, Social Sciences, Encryption, lcsh:Medicine, Cryptography, Denial-of-service attack, 02 engineering and technology, Research and Analysis Methods, Computer security, computer.software_genre, Database and Informatics Methods, 0202 electrical engineering, electronic engineering, information engineering, National Security, Computer Networks, Database Searching, lcsh:Science, Computer Security, Password, Internet, Multidisciplinary, business.industry, 020208 electrical & electronic engineering, lcsh:R, 020206 networking & telecommunications, Economic Analysis, Privacy, Authentication protocol, Physical Sciences, Telecommunications, Engineering and Technology, The Internet, lcsh:Q, Roaming, business, Wireless Technology, computer, Algorithms, Mathematics, Information Systems, Research Article, Anonymity

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols.

Published

2018

132. An improved smart card based authentication scheme for session initiation protocol

Author

Saru Kumari, Xiong Li, Mohammad Sabzinejad Farash, Fan Wu, Shehzad Ashraf Chaudhry, and Muhammad Khurram Khan

Subjects

Challenge-Handshake Authentication Protocol, Session Initiation Protocol, Otway–Rees protocol, Computer Networks and Communications, business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Authentication protocol, Wide Mouth Frog protocol, Reflection attack, business, computer, Software, Computer network

Abstract

Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.

Published

2015

133. An enhanced privacy preserving remote user authentication scheme with provable security

Author

Muhammad Khurram Khan, Shehzad Ashraf Chaudhry, Husnain Naqvi, Saru Kumari, and Mohammad Sabzinejad Farash

Subjects

Provable security, User authentication, Computer Networks and Communications, business.industry, Computer science, Computer security, computer.software_genre, Random oracle, Privacy preserving, Symmetric-key algorithm, Robustness (computer science), Smart card, business, computer, Information Systems, Anonymity

Abstract

Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password authentication scheme to enhance Chung et al.'s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.'s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.'s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif. Copyright © 2015 John Wiley & Sons, Ltd.

Published

2015

134. A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Author

Mohammad Sabzinejad Farash, Husnain Naqvi, Muhammad Sher, and Shehzad Ashraf Chaudhry

Subjects

Authenticated encryption, Authentication, Computer science, business.industry, Data_MISCELLANEOUS, Economics, Econometrics and Finance (miscellaneous), 020206 networking & telecommunications, 02 engineering and technology, Encryption, computer.software_genre, Computer security, Human-Computer Interaction, 0202 electrical engineering, electronic engineering, information engineering, 40-bit encryption, 56-bit encryption, 020201 artificial intelligence & image processing, On-the-fly encryption, Elliptic curve cryptography, business, computer, Computer network, Signcryption

Abstract

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.

Published

2015

135. Security Vulnerabilities and Improvements of SPAM: a Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks

Author

Aiiad Albeshri, Mohammad Sabzinejad Farash, SK Hafizul Islam, Muazzam A. Khan Khattak, and Shehzad Ashraf Chaudhry

Subjects

Dictionary attack, Computer science, business.industry, Computer security, computer.software_genre, Computer Science Applications, Random oracle, Handover, Control and Systems Engineering, Key (cryptography), Session key, Electrical and Electronic Engineering, business, Proxy Mobile IPv6, computer, Replay attack, Computer network, Anonymity

Abstract

The main contribution of this paper is to analyze a secure passwordauthentication mechanism (SPAM), proposed by Chuang et al. in 2013(IEEE Syst J.). The SPAM was used for designing a secure handover inProxy Mobile IPv6 (PMIPv6) networks. Chuang et al. in the originalpaper claimed that SPAM provides high security properties and canresist various attacks. However, in this paper we point out thatSPAM is vulnerable to the critical attacks, such as stolen smartcard and off-line dictionary attack, replay attack and impersonationattack. In addition, we show that the identity of MNs and thesession key between MN and MAG can be disclosed by an insiderattacker; resultantly, anonymity and confidentiality between MNs andMAG will be completely broken in SPAM. As a remedy, we also propose an improved scheme which not only conquers the problems of the previous schemes but also provides a reduction in computational cost. Moreover, the proposed scheme provides the user anonymity and untraceability and secure session key agreement. Finally, the security of the improved protocol is proved in the random oracle model. DOI: http://dx.doi.org/10.5755/j01.itc.46.2.12118

Published

2017

136. Comments and improvements of 'HOTA: Handover optimized ticket-based authentication in network-based mobility management'

Author

Shehzad Ashraf Chaudhry, Mazdak Zamani, Akram M. Zeki, Mohammad Hessam Tadayon, Kouichi Sakurai, Muhammad Khurram Khan, Sabariah Baharun, Hiroaki Anada, and Mojtaba Alizadeh

Subjects

Authentication, business.industry, Denial-of-service attack, Computer security, computer.software_genre, Session hijacking, Geography, Ticket, Challenge–response authentication, Proxy Mobile IPv6, business, Mobility management, computer, Vulnerability (computing), Computer network

Abstract

Nowadays, various mobile devices are being an inseparable part of our normal life. Mobile users tend to be connected to the Internet seamlessly, which is provided by mobility management protocols. One of the latest mobility management protocol is Proxy Mobile IPv6 (PMIPv6), which is a network-based protocol. Authentication mechanism as a critical security procedure is not specified in PMIPv6, hence various authentication methods have been proposed. Lee and Bonin proposed a ticket-based authentication scheme for PMIPv6, which is called HOTA in 2013. Even though, HOTA offers some security protection mechanisms, but is vulnerable to DoS attack. Furthermore, we show other existing drawbacks to the scheme such as vulnerability against de-synchronization attack and Session Hijacking attack. In this paper, we propose an enhancement method to mitigate these security drawbacks. Finally, security and performance of the proposed method are analyzed and compared to HOTA method.

Published

2017

137. An efficient and anonymous Chaotic Map based authenticated key agreement for multi-server architecture

Author

Shehzad Ashraf Chaudhry

Subjects

Computer Networks and Communications, Information Systems

Published

2016

138. An improved Multi-server Authentication Scheme for Distributed Mobile Cloud Computing Services

Author

Shehzad Ashraf Chaudhry and RAHUL KUMAR

Subjects

Computer Networks and Communications, Information Systems

Published

2016

139. Security and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key

Author

Shahid Mehmood, Anwar Ghani, Khwaja Mansoor, Malik Najmus Saqib, Shehzad Ashraf Chaudhry, and Arif Ur Rahman

Subjects

IoT, Computer Networks and Communications, Computer science, EFFICIENT, authentication protocol, Electrical and Electronic Engineering, INTERNET, Key management, MUTUAL AUTHENTICATION, USER AUTHENTICATION, AGREEMENT SCHEME, User authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, key agreement, Mutual authentication, WSN, Symmetric-key algorithm, Authentication protocol, BODY AREA NETWORKS, symmetric encryption, The Internet, Internet of Things, business, Wireless sensor network, Computer network

Abstract

Wireless sensor networks (WSN) consist of hundreds of miniature sensor nodes to sense various events in the surrounding environment and report back to the base station. Sensor networks are at the base of internet of things (IoT) and smart computing applications where a function is performed as a result of sensed event or information. However, in resource-limited WSN authenticating a remote user is a vital security concern. Recently, researchers put forth various authentication protocols to address different security issues. Gope et al presented a protocol claiming resistance against known attacks. A thorough analysis of their protocol shows that it is vulnerable to user traceability, stolen verifier, and denial of service (DoS) attacks. In this article, an enhanced symmetric key-based authentication protocol for IoT-based WSN has been presented. The proposed protocol has the ability to counter user traceability, stolen verifier, and DoS attacks. Furthermore, the proposed protocol has been simulated and verified using Proverif and BAN logic. The proposed protocol has the same communication cost as the baseline protocol; however, in computation cost, it has 52.63% efficiency as compared with the baseline protocol.

Published

2019

140. A provable and secure mobile user authentication scheme for mobile cloud computing services

Author

Shehzad Ashraf Chaudhry, Anwar Ghani, Muhammad Asif, Azeem Irshad, Muhammad Usman, and Muhammad Shafiq

Subjects

Scheme (programming language), User authentication, Authentication, Computer Networks and Communications, Computer science, business.industry, Bilinear pairing, law.invention, Mobile cloud computing, law, Electrical and Electronic Engineering, Cryptanalysis, business, computer, computer.programming_language, Computer network

Published

2019

141. Performance analysis of secure communications over correlated slow-fading additive white Gaussian noise channels

Author

Ali Mohammad Khodadoust, Azeem Irshad, Shehzad Ashraf Chaudhry, and Javad Khodadoust

Subjects

Gaussian channels, Computer Networks and Communications, Computer science, Fading, Electrical and Electronic Engineering, Algorithm

Published

2019

142. A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things

Author

Shehzad Ashraf Chaudhry, Khalid Mahmood, Muhammad Naeem, Saru Kumari, and Marimuthu Karuppiah

Subjects

Correctness, Computer Networks and Communications, business.industry, Computer science, Scalability, Mutual authentication protocol, Electrical and Electronic Engineering, Elliptic curve cryptography, Internet of Things, business, Computer network

Published

2019

143. A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography

Author

Muhammad Tawab Khan, Taeshik Shon, Muhammad Khurram Khan, and Shehzad Ashraf Chaudhry

Subjects

Scheme (programming language), Health Information Exchange, Biometrics, Computer science, Health Smart Cards, Medicine (miscellaneous), Health Informatics, 02 engineering and technology, Computer security, computer.software_genre, Health Information Management, Secure communication, 0202 electrical engineering, electronic engineering, information engineering, Humans, Elliptic curve cryptography, Computer Security, computer.programming_language, Password, Authentication, business.industry, 020206 networking & telecommunications, Telemedicine, Biometric Identification, Scalability, 020201 artificial intelligence & image processing, Smart card, business, computer, Confidentiality, Information Systems

Abstract

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

Published

2016

144. An improved Authentication Protocol for SIP-based VoIP

Author

Khalid Mahmood, Husnain Naqvi, and Shehzad Ashraf Chaudhry

Subjects

Authentication, Spoofing attack, Voice over IP, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data_MISCELLANEOUS, Password cracking, Man-in-the-middle attack, Symmetric-key algorithm, Authentication protocol, business, Replay attack, Computer network

Abstract

The SIP being an application layer protocol for signaling has been considered as the most appropriate one for multimedia applications. In order to detect some collisions and replay attacks, the SIP offers built-in authentication mechanism as per its specification, designated as HTTP digest based authentication, but study reveals that it is vulnerably susceptible to heterogeneous security issues such as impersonation attacks, man-in-the-middle attacks (MITM), server spoofing and password guessing attacks. Very recently Zhang et al. proposed symmetric key based anonymous authentication scheme for SIP. They claimed the scheme to provide privacy and anonymity, but the analysis in this paper expose that Zhang et al.’s scheme does not provide dynamic identity hence it is not anonymous. Furthermore, we proposed an improved anonymous authentication scheme for SIP. The scheme is more secure as compared with Zhang et al.’s scheme.

Published

2016

145. An ameliorated two-factor anonymous key exchange authentication protocol for mobile client-server environment

Author

Bander A. Alzahrani, Shehzad Ashraf Chaudhry, Khalid Mahmood, Azeem Irshad, Zahid Mehmood, and Husnain Naqvi

Subjects

Traceability, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Impersonation attack, Computer security, computer.software_genre, law.invention, Mobile client, law, Authentication protocol, Factor (programming language), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Cryptanalysis, computer, Key exchange, computer.programming_language, Anonymity

Published

2018

146. A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments

Author

Mohammad Sabzinejad Farash, Khalid Mahmood, Omer Nawaz, Shehzad Ashraf Chaudhry, and Muhammad Khurram Khan

Subjects

Scheme (programming language), Computer science, Medicine (miscellaneous), Health Informatics, 02 engineering and technology, Computer security, computer.software_genre, Random oracle, Health Information Management, Forward secrecy, 0202 electrical engineering, electronic engineering, information engineering, Radio-frequency identification, Humans, Confidentiality, Protocol (object-oriented programming), Computer Security, computer.programming_language, Authentication, business.industry, Telecare, 020206 networking & telecommunications, Telemedicine, Radio Frequency Identification Device, 020201 artificial intelligence & image processing, business, computer, Algorithms, Information Systems

Abstract

To enhance the quality of healthcare in the management of chronic disease, telecare medical information systems have increasingly been used. Very recently, Zhang and Qi (J. Med. Syst. 38(5):47, 32), and Zhao (J. Med. Syst. 38(5):46, 33) separately proposed two authentication schemes for telecare medical information systems using radio frequency identification (RFID) technology. They claimed that their protocols achieve all security requirements including forward secrecy. However, this paper demonstrates that both Zhang and Qi's scheme, and Zhao's scheme could not provide forward secrecy. To augment the security, we propose an efficient RFID authentication scheme using elliptic curves for healthcare environments. The proposed RFID scheme is secure under common random oracle model.

Published

2015

147. An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography

Author

Muhammad Khurram Khan, Shehzad Ashraf Chaudhry, Khalid Mahmood, and Husnain Naqvi

Subjects

Biometrics, Computer science, Telecare, Medicine (miscellaneous), Health Informatics, Multi-factor authentication, Computer security, computer.software_genre, Telemedicine, Health Information Management, Robustness (computer science), Biometric Identification, Information system, Humans, Elliptic curve cryptography, Open architecture, computer, Wireless Technology, Algorithms, Computer Security, Confidentiality, Information Systems, Anonymity

Abstract

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1---8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

Published

2015

148. Correction: Cryptanalysis and Improvement of 'A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks'

Author

Shehzad Ashraf Chaudhry, Hiroaki Anada, Muhammad Khurram Khan, Sabariah Baharun, Hassan Keshavarz, Mojtaba Alizadeh, Mazdak Zamani, Azizah Abdul Manaf, and Kouichi Sakurai

Subjects

Internet, Multidisciplinary, computer.internet_protocol, business.industry, Computer science, lcsh:R, Correction, lcsh:Medicine, Telemedicine, law.invention, Computer Communication Networks, Handover, law, Humans, Password authentication protocol, lcsh:Q, business, Proxy Mobile IPv6, Cryptanalysis, lcsh:Science, computer, Cell Phone, Computer Security, Mechanism (sociology), Computer network

Abstract

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Published

2015

149. An improved lightweight multiserver authentication scheme

Author

Muhammad Faisal, Khalid Mahmood, Azeem Irshad, Shehzad Ashraf Chaudhry, Muhammad Usman, and Saru Kumari

Subjects

Password, Authentication, Length extension attack, Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Session key, Chosen-ciphertext attack, Smart card, Electrical and Electronic Engineering, Challenge–response authentication, Reflection attack, business, computer, Computer network

Abstract

Summary Multiserver authentication complies with the up-to-date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key-compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key-compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session-specific temporary information attack, key-compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows-Abadi-Needham logic and also presents the performance evaluation for related schemes.

Published

2017

150. Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems

Author

Taeshik Shon, Mohammad Sabzinejad Farash, Muhammad Sher, Husnain Naqvi, and Shehzad Ashraf Chaudhry

Subjects

Otway–Rees protocol, Computer science, Medicine (miscellaneous), Health Informatics, Computer security, computer.software_genre, law.invention, Health Information Systems, User-Computer Interface, Health Information Management, law, Humans, Elliptic curve cryptography, Protocol (object-oriented programming), Computer Security, Authentication, Patient Access to Records, Telecare, Communication, Professional-Patient Relations, Multi-factor authentication, Telemedicine, Authentication protocol, Cryptanalysis, computer, Confidentiality, Information Systems

Abstract

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.'s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.'s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.'s protocol resists all known attacks.

Published

2014