Fast Authentication and Progressive Authorization in Large-Scale IoT: How to Leverage AI for Security Enhancement
احراز هویت سریع و مجوز پیشرو در اینترنت اشیا با مقیاس بزرگ: نحوه استفاده از هوش مصنوعی برای تقویت امنیت-2020
Security provisioning has become the most important design consideration for large-scale Internet of Things (IoT) systems due to their critical roles in supporting diverse vertical applications by connecting heterogenous devices, machines, and industry processes. Conventional authentication and authorization schemes are insufficient to overcome the emerging IoT security challenges due to their reliance on both static digital mechanisms and computational complexity for improving security levels. Furthermore, the isolated security designs for different layers and link segments while ignoring the overall protection leads to cascaded security risks as well as growing communication latency and overhead. In this article, we envision new artificial intelligence (AI)-enabled security provisioning approaches to overcome these issues while achieving fast authentication and progressive authorization. To be more specific, a lightweight intelligent authentication approach is developed by exploring machine learning at the base station to identify the prearranged access time sequences or frequency bands or codes used in IoT devices. Then we propose a holistic authentication and authorization approach, where online machine learning and trust management are adopted for achieving adaptive access control. These new AI-enabled approaches establish the connections between transceivers quickly and enhance security progressively so that communication latency can be reduced and security risks are well controlled in large-scale IoT systems. Finally, we outline several areas for AI-enabled security provisioning for future research.
AI Powered THz VLSI Testing Technology
فناوری تست THz VLSI با قدرت هوش مصنوعی-2020
Abstract—Increasing complexity of digital and mixed-signal systems makes establishing the authenticity of a chip to be a challenging problem. We present a new terahertz testing technique for non-destructive identification of genuine integrated circuits, in package, in-situ and either with no or under bias, by measuring their response to scanning terahertz and sub-terahertz radiation at the circuit pins. This novel, patent pending non-invasive nondestructive technology when merged with Artificial Intelligence (AI) engine will evolve and self-improve with each test cycle. By establishing and AI processing of the THz scanning signatures of reliable devices and circuits and comparing this signatures with devices under test using AI, this technology could be also used for reliability and lifetime prediction.
Keywords: Terahertz | hardware cybersecurity | reliability | authentication | artificial intelligence
BAMHealthCloud: A biometric authentication and data management system for healthcare data in cloud
BAMHealthCloud: یک سیستم احراز هویت بیومتریک و سیستم مدیریت داده برای داده های مراقبت های بهداشتی در ابر-2020
Advancements in the healthcare industry have given rise to the security threat to the ever growing emedical data. The healthcare data management system records patient’s data in different formats such as text, numeric, pictures and videos leading to data which is big and unstructured. Also, hospitals may have several branches in different geographical locations. Sometimes, for research purposes, there is a need to integrate patients’ health data stored at different locations. In view of this, a cloud-based healthcare management system can be an effective solution for efficient health care data management. But the major concern of cloud-based healthcare system is the security aspect. It includes theft of identity, tax fraudulence, bank fraud, insurance frauds, medical frauds and defamation of high profile patients. Hence, a secure data access and retrieval is needed in order to provide security of critical medical records in healthcare management system. Biometric based authentication mechanism is suitable in this scenario since it overcomes the limitations of token theft and forgetting passwords in the conventional token idpassword mechanism used for providing security. It also has high accuracy rate for secure data access and retrieval. In the present paper, a cloud-based system for management of healthcare data BAMHealthCloud is proposed, which ensures the security of e-medical data access through a behavioral biometric signature-based authentication. Training of the signature samples for authentication purpose has been performed in parallel on Hadoop MapReduce framework using Resilient Backpropagation neural network. From rigorous experiments, it can be concluded that it achieves a speedup of 9 times, Equal error rate (EER) of 0.12, the sensitivity of 0.98 and specificity of 0.95. Performance comparison of the system with other state-of-art-algorithms shows that the proposed system preforms better than the existing systems in literature
Keywords: Biometric | Authentication | Healthcare | Cloud | Healthcare cloud | Hadoop
Authentication and integrity of smartphone videos through multimedia container structure analysis
احراز هویت و یکپارچگی فیلم های تلفن های هوشمند از طریق تجزیه و تحلیل ساختار چند رسانه ای-2020
Nowadays, mobile devices have become the natural substitute for the digital camera, as they capture everyday situations easily and quickly, encouraging users to express themselves through images and videos. These videos can be shared across different platforms exposing them to any kind of intentional manipulation by criminals who are aware of the weaknesses of forensic techniques to accuse an innocent person or exonerate a guilty person in a judicial process. Commonly, manufacturers do not comply 100% with the specifications of the standards for the creation of videos. Also, videos shared on social networks, and instant messaging applications go through filtering and compression processes to reduce their size, facilitate their transfer, and optimize storage on their platforms. The omission of specifications and results of transformations carried out by the platforms embed a features pattern in the multimedia container of the videos. These patterns make it possible to distinguish the brand of the device that generated the video, social network, and instant messaging application that was used for the transfer. Research in recent years has focused on the analysis of AVI containers and tiny video datasets. This work presents a novel technique to detect possible attacks against MP4, MOV, and 3GP format videos that affect their integrity and authenticity. The method is based on the analysis of the structure of video containers generated by mobile devices and their behavior when shared through social networks, instant messaging applications, or manipulated by editing programs. The objectives of the proposal are to verify the integrity of videos, identify the source of acquisition and distinguish between original and manipulated videos.
Keywords: Forensic analysis | Metadata | Mobile device camera | Multimedia container structure | Social network video analysis | Video analysis | Video authenticity | Video integrity
TAPSTROKE: A novel intelligent authentication system using tap frequencies
TAPSTROKE: رویکرد سیستم احراز هویت هوشمند با استفاده از فرکانسهای آهسته-2019
Emerging security requirements lead to new validation protocols to be implemented to recent authen- tication systems by employing biometric traits instead of regular passwords. If an additional security is required in authentication phase, keystroke recognition and classification systems and related interfaces are very promising for collecting and classifying biometric traits. These systems generally operate in time- domain; however, the conventional time-domain solutions could be inadequate if a touchscreen is so small to enter any kind of alphanumeric passwords or a password consists of one single character like a tap to the screen. Therefore, we propose a novel frequency-based authentication system, TAPSTROKE, as a prospective protocol for small touchscreens and an alternative authentication methodology for existing devices. We firstly analyzed the binary train signals formed by tap passwords consisting of taps instead of alphanumeric digits by the regular (STFT) and modified short time Fourier transformations (mSTFT). The unique biometric feature extracted from a tap signal is the frequency-time localization achieved by the spectrograms which are generated by these transformations. The touch signals, generated from the same tap-password, create significantly different spectrograms for predetermined window sizes. Finally, we conducted several experiments to distinguish future attempts by one-class support vector machines (SVM) with a simple linear kernel for Hamming and Blackman window functions. The experiments are greatly encouraging that we achieved 1.40%–2.12% and 2.01%–3.21% equal error rates (EER) with mSTFT; while with regular STFT the classifiers produced quite higher EER, 7.49%–11.95% and 6.93%–10.12%, with Hamming and Blackman window functions, separately. The whole methodology, as an expert system for protecting the users from fraud attacks sheds light on new era of authentication systems for future smart gears and watches.
Keywords: Tapstroke | Keystroke | Authentication | Biometrics | Frequency | Short time Fourier transformation | Support vector machines
A secure elliptic curve cryptography based mutual authentication protocol for cloud-assisted TMIS
پروتکل احراز هویت متقابل منحنی بیضوی امن برای TMIS با کمک ابر-2019
With the fast progress of network communication, its technologies and the developing popularity of telecare medical information system (TMIS), doctors provide treatment to patients via Internet without visiting hospitals. By using mobile device, wireless body area network and cloud based architecture, the patients can gather their physiological information and upload to cloud via their mobile devices. The authenticated doctor provides online treatment to patient at anytime and anywhere. Moreover, TMIS maintains security and privacy of the patients in information communication and authenticated to all the participants before assessing this system. Recently Li et al. (2018) presented a cloud-assisted authentication and privacy preservation scheme for TMIS. They believed that their scheme secure against all well-known privacy and security attributes. In the proposed work, we reviewed Li et al. authentication protocol and found that it has various security flaws like as message authentication fails in healthcare center upload phase, session key is not possible in healthcare center upload phase, impersonation attack in patient data upload phase, patient anonymity and patient unlinkability. Further, we introduced enhance protocol in similar environment. The proposed protocol secure against man-in-the-middle attack, patient anonymity, replay attack, known-key security property, data confidentiality, data non-repudiation, message authentication, impersonation attack, session key security and patient unlinkability. We compared the proposed protocol with existing related protocols in same cloud based TMIS. The proposed protocol ensures of all desirable security prerequisites and managed the efficiency in terms of computation and communication costs for cloud-assisted TMIS.
Keywords: Cloud computing | Elliptic curve cryptography | TMIS | Medical data | Mutual authentication
Based blockchain-PSO-AES techniques in finger vein biometrics: A novel verification secure framework for patient authentication
روش های مبتنی بر بلاکچین-PSO-AES در بیومتریک رگ های انگشت: یک چارچوب تأیید صحت جدید برای احراز هویت بیمار-2019
The main objective of this study is to propose a novel verification secure framework for patient authentication between an access point (patient enrolment device) and a node database. For this purpose, two stages are used. Firstly, we propose a new hybrid biometric pattern model based on a merge algorithm to combine radio frequency identification and finger vein (FV) biometric features to increase the randomisation and security levels in pattern structure. Secondly, we developed a combination of encryption, blockchain and steganography techniques for the hybrid pattern model. When sending the pattern from an enrolment device (access point) to the node database, this process ensures that the FV biometric verification system remains secure during authentication by meeting the information security standard requirements of confidentiality, integrity and availability. Blockchain is used to achieve data integrity and availability. Particle swarm optimisation steganography and advanced encryption standard techniques are used for confidentiality in a transmission channel. Then, we discussed how the proposed framework can be implemented on a decentralised network architecture, including access point and various databases node without a central point. The proposed framework was evaluated by 106 samples chosen from a dataset that comprises 6000 samples of FV images. Results showed that (1) high-resistance verification framework is protected against spoofing and brute-force attacks; most biometric verification systems are vulnerable to such attacks. (2) The proposed framework had an advantage over the benchmark with a percentage of 55.56% in securing biometric templates during data transmission between the enrolment device and the node database.
Keywords: Finger vein | Blockchain | Cryptography | Steganography | RFID | CIA
Parallel score fusion of ECG and fingerprint for human authentication based on convolution neural network
همجوشی امتیاز موازی ECG و اثر انگشت را برای احراز هویت انسان بر اساس شبکه های عصبی کانولوشن-2019
Biometrics have been extensively used in the past decades in various security systems and have been deployed around the world. However, all unimodal biometrics have their own limitations and disadvantages (e.g., fingerprint suffers from spoof attacks). Most of these limitations can be addressed by designing a multimodal biometric system, which deploys over one biometric modality to improve the performance and make the system robust to spoof attacks. In this paper, we proposed a secure multimodal biometric system by fusing electrocardiogram (ECG) and fingerprint based on convolution neural network (CNN). To the best of our knowledge, this is the first study to fuse ECG and fingerprint using CNN for human authentication. The feature extraction for individual modalities are performed using CNN and then biometric templates are generated from these features. After that, we have applied one of the cancelable biometric techniques to protect these templates. In the authentication stage, we proposed a Q-Gaussian multi support vector machine (QG-MSVM) as a classifier to improve the authentication performance. Dataset augmentation is successfully used to increase the authentication performance of the proposed system. Our system is tested on two databases, the PTB database from PhysioNet bank for ECG and LivDet2015 database for the fingerprint. Experimental results show that the proposed multimodal system is efficient, robust and reliable than existing multimodal authentication algorithms. According to the advantages of the proposed system, it can be deployed in real applications
Keywords: Authentication | CNN | ECG | Fingerprint | Multimodal biometrics | MSVM
Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography
پروتکل احراز هویت کاربر از راه دور سبک وزن برای شبکه های 5G چند سرور با استفاده از رمزنگاری کلید عمومی عمومی خود گواهی شده-2019
Due to small cell deployments and multiple servers in 5G networks, a fast and anonymous mutual authentication protocol needs to be developed for complex 5G networks. In this paper, we propose a lightweight and untraceable authentication protocol for multi-server-based 5G networks. To reduce computational complexity, we employ selfcertified public key cryptography based on elliptic curve cryptography to authenticate the validation of users and servers. Without pairing operations, our scheme could improve performance efficiency. Also, a formal security model is designed to prove that our protocol is secure against forgery attack due to the discrete logarithm and the computational Diffie-Hellman problem. Performance analysis further shows that our protocol has a lower communication and computational overhead. Also, our protocol could support anonymous mutual authentication.
Keywords: Multi-server | Mutual authentication | Lightweight
Privacy-preserving aggregation for cooperative spectrum sensing
تجمیع حفظ حریم خصوصی برای سنجش طیف تعاونی-2019
Cognitive radio technology has been proposed as a promising way to alleviate spectrum scarcity. In cognitive radio networks, cooperative spectrum sensing is an effective approach to improve spectrum-estimation accuracy. In this approach, a fusion center (FC) outsources sensing tasks to secondary users (SUs), and aggregates sensing reports provided by SUs to estimate spectrum availability. However, as sensing reports are highly correlated to SUs’ real locations, revealing sensing reports to an untrusted FC may incur a serious privacy threat for SUs. In this paper, we propose an efficient scheme that allows the FC to learn desired statistics from a group of SUs without compromising individual privacy. Moreover, the FC is still able to compute the sum over the remaining SUs when some SUs fail to submit their reports. Besides, to ensure secure communication in cooperative spectrum sensing, the proposed scheme verifies the legitimacy of SUs by utilizing the elliptic curve cryptography technique. The results of security analysis show that the proposed scheme achieves the combined objectives of privacy preservation, authentication, fault tolerance, and resistance to various types of attacks. Performance evaluation results demonstrate the feasibility and practicality of the proposed scheme.
Keywords: Cognitive radio networks | Cooperative spectrum sensing | Privacy preservation | Authentication | Fault tolerance | Elliptic curve cryptography