Research Article
Fatemeh Pirmoradian; Mohammad Dakhilalian; Masoumeh Safkhani
Abstract
Internet of things (IoT) is an innovation in the world of technology. Continuous technological advancements based on the IoT cloud and booming wireless technology have revolutionized the living of human and remote health monitoring of patients is no exclusion. The Telecare Medicine Information Systems ...
Read More
Internet of things (IoT) is an innovation in the world of technology. Continuous technological advancements based on the IoT cloud and booming wireless technology have revolutionized the living of human and remote health monitoring of patients is no exclusion. The Telecare Medicine Information Systems (TMIS) is a system between Home Health Care (HHC) Organizations and patients at home that collects, saves, manage and transmits the Electronic Medical Record (EMR) of patients. Therefore, security in remote medicine has always been a very big and serious challenge. Therefore, biometrics-based schemes play a crucial role in IoT, Wireless Sensor Networks (WSN), etc. Recently, Xiong \textit{et al.} and Mehmood \textit{et al.} presented key exchange methods for healthcare applications that they claimed these schemes provide greater privacy. But unfortunately, we show that these schemes suffer from privacy issues and key compromise impersonation attack. To remove such restrictions, in this paper, a novel scheme (ECKCI) using Elliptic Curve Cryptography (ECC) with KCI resistance property was proposed. Furthermore, we demonstrate that the ECKCI not only overcomes problems such as key compromise impersonation attack in previous protocols, but also resists all specific attacks. Finally, a suitable equilibrium between the performance and security of ECKCI in comparisons with these recently proposed protocols was obtained. Also, the simulation results with the Scyther and ProVerif tools show that the ECKCI is safe in terms of security.
Research Article
Maryam Rajabzadeh Asaar; Mustafa Isam Ahmed Al-Baghdadi
Abstract
Designing authentication techniques suitable for wireless sensor networks (WSNs) with their dedicated consideration is critical due to the nature of public channel. In 2022, Liu et al. presented an authentication protocol which employs dynamic authentication credentials (DACs) and Intel software guard ...
Read More
Designing authentication techniques suitable for wireless sensor networks (WSNs) with their dedicated consideration is critical due to the nature of public channel. In 2022, Liu et al. presented an authentication protocol which employs dynamic authentication credentials (DACs) and Intel software guard extensions (SGX) to guarantee security in WSNs, and it was shown that it is secure by formal and informal security analysis. In this paper, we show that it is not secure against desynchronization attack and offline guessing attack for long-term random numbers of users. In addition, it suffers from the known session-specific temporary information attack. Then, to address these vulnerabilities an improved authentication scheme using DAC and Intel SGX will be presented. It is shown that not only it is secure against aforementioned attacks with employing formal and informal analysis, but also it has a reasonable communication and computation overhead. It should be highlighted that the communication and computation overheads of our proposal are increased negligibly, but it provides more security features compared to the baseline protocol.
Research Article
Mehmet Emin Gönen; Muhammed Said Gündoğan; Kamil Otal
Abstract
Midori64 is a lightweight SPN block cipher introduced by Banik et al. at ASIACRYPT 2015 which operates on 64-bit states through 16 rounds using a 128-bit key. In the last decade, Midori64 has been exposed to several attacks intensely. In this paper, we provide the first boomerang attack on Midori64 in ...
Read More
Midori64 is a lightweight SPN block cipher introduced by Banik et al. at ASIACRYPT 2015 which operates on 64-bit states through 16 rounds using a 128-bit key. In the last decade, Midori64 has been exposed to several attacks intensely. In this paper, we provide the first boomerang attack on Midori64 in the literature, to the best of our knowledge. For this purpose, firstly we present a practical single key 7-round boomerang attack on Midori64 improving the mixture idea of Biryukov by a new technique which we call ``mixture pool", and then extend our attack up to 9 rounds with time complexity $2^{122.3}$, and memory and data complexity $2^{36}$. (The authors of Midori stated that they expect much smaller rounds than 8 rounds of Midori64 are secure against boomerang-type attacks.) We also emphasize that the mixture pool idea provides a kind of data-memory tradeoff and hence presents more usefulness for boomerang-type attacks.
Research Article
Mohammad Ali Jamshidi; Mohammad Mahdi Mojahedian; Mohammad Reza Aref
Abstract
To enhance the accuracy of learning models, it becomes imperative to train them on more extensive datasets. Unfortunately, access to such data is often restricted because data providers are hesitant to share their data due to privacy concerns. Hence, it ...
Read More
To enhance the accuracy of learning models, it becomes imperative to train them on more extensive datasets. Unfortunately, access to such data is often restricted because data providers are hesitant to share their data due to privacy concerns. Hence, it is critical to develop obfuscation techniques that empower data providers to transform their datasets into new ones that ensure the desired level of privacy. In this paper, we present an approach where data providers utilize a neural network based on the autoencoder architecture to safeguard the sensitive components of their data while preserving the utility of the remaining parts. More specifically, within the autoencoder framework and after the encoding process, a classifier is used to extract the private feature from the dataset. This feature is then decorrelated from the other remaining features and subsequently subjected to noise. The proposed method is flexible, allowing data providers to adjust their desired level of privacy by changing the noise level. Additionally, our approach demonstrates superior performance in achieving the desired trade-off between utility and privacy compared to similar methods, all while maintaining a simpler structure.