Munmun Bhattacharya, Sandipan Roy, Samiran Chattopadhyay, A. Das, Sachin Shetty
Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)‐based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML‐based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road‐map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.
{"title":"A comprehensive survey on online social networks security and privacy issues: Threats, machine learning‐based solutions, and open challenges","authors":"Munmun Bhattacharya, Sandipan Roy, Samiran Chattopadhyay, A. Das, Sachin Shetty","doi":"10.1002/spy2.275","DOIUrl":"https://doi.org/10.1002/spy2.275","url":null,"abstract":"Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)‐based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML‐based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road‐map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45393375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Authentication among the various communicating devices within wireless sensor networks during broadcasting is most significant among the other primary security services. This authentication during broadcasting services allows multiple mobile end‐devices to transmit messages dynamically and securely for fasten consumer tracking and sustaining privacy of the data transferred in the insecure sensor network. To enhance this authentication protocol for secure end‐users message distribution, this research work has introduced a novel identity (ID) based cryptographic technique that employs ElGmal‐elliptic‐curve cryptography and digital signature without implementing bilinear paring operation to reduce huge burden of computation overhead. Additionally, to accelerate the performance of the proposed authentication protocol, the size of the signature along with the encryption key is minimized. Eventually, the authentication protocol provides comparatively less computational complexity with secure and faster key management. The performance analysis supports the aforesaid claim as well as reflects the supremacy of the proposed scheme over the handover authentication protocol and bilinear pairings based authentication schemes.
{"title":"Enhanced pairing‐free identity‐based broadcast authentication protocol in WSN using ElGamal ECC","authors":"Vivek Kumar, Sangram Ray, Dipanwita Sadhukhan, Jayashree Karmakar, Mou Dasgupta","doi":"10.1002/spy2.278","DOIUrl":"https://doi.org/10.1002/spy2.278","url":null,"abstract":"Authentication among the various communicating devices within wireless sensor networks during broadcasting is most significant among the other primary security services. This authentication during broadcasting services allows multiple mobile end‐devices to transmit messages dynamically and securely for fasten consumer tracking and sustaining privacy of the data transferred in the insecure sensor network. To enhance this authentication protocol for secure end‐users message distribution, this research work has introduced a novel identity (ID) based cryptographic technique that employs ElGmal‐elliptic‐curve cryptography and digital signature without implementing bilinear paring operation to reduce huge burden of computation overhead. Additionally, to accelerate the performance of the proposed authentication protocol, the size of the signature along with the encryption key is minimized. Eventually, the authentication protocol provides comparatively less computational complexity with secure and faster key management. The performance analysis supports the aforesaid claim as well as reflects the supremacy of the proposed scheme over the handover authentication protocol and bilinear pairings based authentication schemes.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48338655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The healthcare industry and the battle against the COVID‐19 pandemic are two areas where blockchain technology might be useful. In this study, blockchain's significance is examined. Blockchain technology and related procedures will be used in future healthcare systems for collecting sensor data, automated patient monitoring, and safe data storage. Because it can store a large amount of data in a dispersed and secure way and provide access whenever and wherever it is needed, this technology greatly simplifies the process of carrying out activities. The advantages of quantum computing, such as the speed with which patients can be found and monitored, may be fully used with the help of quantum blockchain. Quantum blockchain is an additional resource that may be used to safeguard the veracity, integrity, and availability of stored information. Combining quantum computing with blockchain technology may allow faster and more secure medical information processing. In this research, the authors examine the potential uses of blockchain and quantum technology in the healthcare industry. Quantum technologies, blockchain‐based technologies, and other cutting‐edge ICTs (such as ratification intelligence, machine learning, drones, and so on) were investigated and contrasted in this article.
{"title":"Demystifying quantum blockchain for healthcare","authors":"Keshav Kaushik, Adarsh Kumar","doi":"10.1002/spy2.284","DOIUrl":"https://doi.org/10.1002/spy2.284","url":null,"abstract":"The healthcare industry and the battle against the COVID‐19 pandemic are two areas where blockchain technology might be useful. In this study, blockchain's significance is examined. Blockchain technology and related procedures will be used in future healthcare systems for collecting sensor data, automated patient monitoring, and safe data storage. Because it can store a large amount of data in a dispersed and secure way and provide access whenever and wherever it is needed, this technology greatly simplifies the process of carrying out activities. The advantages of quantum computing, such as the speed with which patients can be found and monitored, may be fully used with the help of quantum blockchain. Quantum blockchain is an additional resource that may be used to safeguard the veracity, integrity, and availability of stored information. Combining quantum computing with blockchain technology may allow faster and more secure medical information processing. In this research, the authors examine the potential uses of blockchain and quantum technology in the healthcare industry. Quantum technologies, blockchain‐based technologies, and other cutting‐edge ICTs (such as ratification intelligence, machine learning, drones, and so on) were investigated and contrasted in this article.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41699259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Egide Nkurunziza, Lawrence Tandoh, Issameldeen Elfadul, Fagen Li
A smart meter (SM) is an essential device within a smart grid (SG). It collects electrical power data from the customer and reports it to the service provider at regular intervals. Unfortunately, these regular reports may disclose confidential customer information without their knowledge. Moreover, SM is a device with limited resources, which means it cannot manage heavy security protocols. To mitigate these problems, an efficient certificateless anonymous authentication protocol for SG (ECAAP‐SG) protocol was designed. It cannot allow an adversary to tap into the communication channel and access exchanged information. In addition, the designed scheme fits SM's resource capacity. Furthermore, the authentication security provided by ECAAP‐SG guarantees that legal entities are communicating. Moreover, ECAAP‐SG provides key agreement security that establishes the session key. The established session key will be used to secure future communication. Besides, a random oracle model is used for the security analysis of the proposed protocol, and we prove that it is secure under the discrete logarithm problem and the computational Diffie–Hellman problem.
{"title":"ECAAP‐SG: Efficient certificateless anonymous authentication protocol for SG","authors":"Egide Nkurunziza, Lawrence Tandoh, Issameldeen Elfadul, Fagen Li","doi":"10.1002/spy2.273","DOIUrl":"https://doi.org/10.1002/spy2.273","url":null,"abstract":"A smart meter (SM) is an essential device within a smart grid (SG). It collects electrical power data from the customer and reports it to the service provider at regular intervals. Unfortunately, these regular reports may disclose confidential customer information without their knowledge. Moreover, SM is a device with limited resources, which means it cannot manage heavy security protocols. To mitigate these problems, an efficient certificateless anonymous authentication protocol for SG (ECAAP‐SG) protocol was designed. It cannot allow an adversary to tap into the communication channel and access exchanged information. In addition, the designed scheme fits SM's resource capacity. Furthermore, the authentication security provided by ECAAP‐SG guarantees that legal entities are communicating. Moreover, ECAAP‐SG provides key agreement security that establishes the session key. The established session key will be used to secure future communication. Besides, a random oracle model is used for the security analysis of the proposed protocol, and we prove that it is secure under the discrete logarithm problem and the computational Diffie–Hellman problem.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47797538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Singcryption is a very important concept to bind confidentiality and authenticity. This is a logical step to reduce both computation and communication costs. The proposed an identity based signcryption that removes the overhead of certificates. The proposed design is provably secure in the standard model (a widely accepted model). Furthermore, the IBSC design uses modified bilinear Diffie‐Hellman inversion and modified strong bilinear Diffie‐Hellman assumption as building blocks of the security. The proposed design is secure, efficient, and shortest to the best of our knowledge. In this design, a user does pairing free computation, and he sends only a triplet on the public channel, that makes it efficient in terms of computation and communication costs.
{"title":"A provably secure, shortest, and efficient identity based signcryption technique in the standard model","authors":"Ashutosh Aithekar, Pratik Gupta, Dharminder Dharminder","doi":"10.1002/spy2.272","DOIUrl":"https://doi.org/10.1002/spy2.272","url":null,"abstract":"Singcryption is a very important concept to bind confidentiality and authenticity. This is a logical step to reduce both computation and communication costs. The proposed an identity based signcryption that removes the overhead of certificates. The proposed design is provably secure in the standard model (a widely accepted model). Furthermore, the IBSC design uses modified bilinear Diffie‐Hellman inversion and modified strong bilinear Diffie‐Hellman assumption as building blocks of the security. The proposed design is secure, efficient, and shortest to the best of our knowledge. In this design, a user does pairing free computation, and he sends only a triplet on the public channel, that makes it efficient in terms of computation and communication costs.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44388350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pimal Khanpara, Kruti Lavingia, Rajvi Trivedi, S. Tanwar, Amit Verma, Ravi Sharma
In recent years, the Internet of Things (IoT) has become very popular as it has numerous applications in the industrial and research domain. Moreover, the features of IoT systems play a crucial role in the development of smart cities. It enables smart cities and their subsystems to monitor, control, and manage heterogeneous devices remotely by extracting and communicating real‐time data. However, automated IoT systems are vulnerable to many security threats like tempered protocols, device hijacking, and unauthorized access. Motivated by the aforementioned discussion, this paper addresses the security requirements of an essential subsystem of smart city architecture, that is, IoT‐based smart homes. Based on the features and functionalities of smart homes, the risk of security violations in the system behavior needs to be analyzed This paper explores various security threats in a smart home environment and proposes a context‐aware security‐based scheme to prevent and detect possible threats. Results show that the proposed scheme is superior compared to the traditional schemes considering parameters such as the performance, cost, and maintenance requirements.
{"title":"A context‐aware internet of things‐driven security scheme for smart homes","authors":"Pimal Khanpara, Kruti Lavingia, Rajvi Trivedi, S. Tanwar, Amit Verma, Ravi Sharma","doi":"10.1002/spy2.269","DOIUrl":"https://doi.org/10.1002/spy2.269","url":null,"abstract":"In recent years, the Internet of Things (IoT) has become very popular as it has numerous applications in the industrial and research domain. Moreover, the features of IoT systems play a crucial role in the development of smart cities. It enables smart cities and their subsystems to monitor, control, and manage heterogeneous devices remotely by extracting and communicating real‐time data. However, automated IoT systems are vulnerable to many security threats like tempered protocols, device hijacking, and unauthorized access. Motivated by the aforementioned discussion, this paper addresses the security requirements of an essential subsystem of smart city architecture, that is, IoT‐based smart homes. Based on the features and functionalities of smart homes, the risk of security violations in the system behavior needs to be analyzed This paper explores various security threats in a smart home environment and proposes a context‐aware security‐based scheme to prevent and detect possible threats. Results show that the proposed scheme is superior compared to the traditional schemes considering parameters such as the performance, cost, and maintenance requirements.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49295670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
5G, 6G, and beyond (xG) technologies aim at delivering emerging services with new requirements and challenges, enabling full and hyper mobile connectivity over the world. These beyond 5G networks are expected to ensure better quality of service, very high data rate, improved network security, high capacity, low latency, and low cost. In order to meet these objectives, a number of key enabler technologies have been proposed including massive multiple input multiple output, small cells, mobile edge computing, software defined network, network function virtualization, heterogeneous networks, network slicing, cloud radio access network, ultra‐dense network, energy efficiency, and spectrum sharing. Although, the potential interest of these technologies in the network, they opened the door to many security concerns and challenges making the network security one of the primary concerns of the future wireless communication networks. In this article, we investigated the recent advancements on the xG security issues resulted by each key enabler technologies. We analyzed how to secure the network while meeting the emerging promising services, users' demands, and service requirements. We also discussed how the security issues raised by these emerging technologies can be mitigated for efficient and secure communication.
{"title":"Security in 5G and beyond recent advances and future challenges","authors":"Fatima Salahdine, Tao Han, Ning Zhang","doi":"10.1002/spy2.271","DOIUrl":"https://doi.org/10.1002/spy2.271","url":null,"abstract":"5G, 6G, and beyond (xG) technologies aim at delivering emerging services with new requirements and challenges, enabling full and hyper mobile connectivity over the world. These beyond 5G networks are expected to ensure better quality of service, very high data rate, improved network security, high capacity, low latency, and low cost. In order to meet these objectives, a number of key enabler technologies have been proposed including massive multiple input multiple output, small cells, mobile edge computing, software defined network, network function virtualization, heterogeneous networks, network slicing, cloud radio access network, ultra‐dense network, energy efficiency, and spectrum sharing. Although, the potential interest of these technologies in the network, they opened the door to many security concerns and challenges making the network security one of the primary concerns of the future wireless communication networks. In this article, we investigated the recent advancements on the xG security issues resulted by each key enabler technologies. We analyzed how to secure the network while meeting the emerging promising services, users' demands, and service requirements. We also discussed how the security issues raised by these emerging technologies can be mitigated for efficient and secure communication.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42750877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this article, due to the importance of embedding encrypted information in the image, a watermarking method is proposed based on local statistics in pixels. The advantages of the proposed method include its complete reversibility and very high security, which is due to the use of the quadtree concept, finding similar parts in the image, and embedding information in low‐energy and less significant pixels. This method is an alternative and simplifier of the quadtree method, dividing the image into identical non‐overlapping blocks and then choosing the block with less energy as more suitable for watermarking. Also, two criteria of mean‐squared‐error and peak signal‐to‐noise ratio (PSNR) have been calculated and the PSNR shows that image quality has not changed too much after hiding the information than the original image. It should be noted that since the proposed method is applied to black and white images, the result can be generalized to different color channels in the image, and color images have more visible capabilities in terms of cached memory than black and white images because they contain three dimensions of information.
{"title":"Providing robust and reversible watermarking algorithm and detection of malicious manipulation","authors":"Hamidreza Damghani, Soheila Estaji, Leila Damghani","doi":"10.1002/spy2.270","DOIUrl":"https://doi.org/10.1002/spy2.270","url":null,"abstract":"In this article, due to the importance of embedding encrypted information in the image, a watermarking method is proposed based on local statistics in pixels. The advantages of the proposed method include its complete reversibility and very high security, which is due to the use of the quadtree concept, finding similar parts in the image, and embedding information in low‐energy and less significant pixels. This method is an alternative and simplifier of the quadtree method, dividing the image into identical non‐overlapping blocks and then choosing the block with less energy as more suitable for watermarking. Also, two criteria of mean‐squared‐error and peak signal‐to‐noise ratio (PSNR) have been calculated and the PSNR shows that image quality has not changed too much after hiding the information than the original image. It should be noted that since the proposed method is applied to black and white images, the result can be generalized to different color channels in the image, and color images have more visible capabilities in terms of cached memory than black and white images because they contain three dimensions of information.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"6 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41410193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security is becoming an indispensable factor for the well‐being of an enterprise. Enterprises are making huge investments to fulfill the demand for security. A big challenge faced by an enterprise while securing itself is to find the gap between the demand for security and the actual security status. Finding out a consistent metric for measuring this gap can enable security administrators to utilize the allocated funds more appropriately. Popular control gap analysis methods practiced in enterprises are mostly subjective in nature and results in imprecise measurements. To address this issue, a novel security metric “Security Gap” is introduced in this paper. This metric finds out the business process‐level insecurity from the security requirements and the estimated security. The methodology uses business process modeling, attack graph modeling, and relevant base metrics to compute Security Gap.
{"title":"“Security Gap” as a metric for enterprise business processes","authors":"Preetam Mukherjee, A. Sengupta, C. Mazumdar","doi":"10.1002/spy2.263","DOIUrl":"https://doi.org/10.1002/spy2.263","url":null,"abstract":"Security is becoming an indispensable factor for the well‐being of an enterprise. Enterprises are making huge investments to fulfill the demand for security. A big challenge faced by an enterprise while securing itself is to find the gap between the demand for security and the actual security status. Finding out a consistent metric for measuring this gap can enable security administrators to utilize the allocated funds more appropriately. Popular control gap analysis methods practiced in enterprises are mostly subjective in nature and results in imprecise measurements. To address this issue, a novel security metric “Security Gap” is introduced in this paper. This metric finds out the business process‐level insecurity from the security requirements and the estimated security. The methodology uses business process modeling, attack graph modeling, and relevant base metrics to compute Security Gap.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46436663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, Tanveer et al. proposed a resource‐efficient authentication scheme for telecare medical information systems employing the authenticated key exchange. Tanveer et al. vehemently claimed that the protocol is safe against smart card stolen attacks, password guessing attacks, anonymity and untraceability, replay attacks, man‐in‐the‐middle attacks, impersonation attacks, and so forth. We have scrutinized the Tanveer et al. protocol. Based on his attack model, we have analyzed that this protocol is not secured against session key disclosure attacks, privileged insider attacks, and medical server impersonation attacks. We have also discussed improvement mechanisms to protect the mentioned security threats.
{"title":"Cryptanalysis and improvement of REAS‐TMIS: Resource‐efficient authentication scheme for telecare medical information system","authors":"C. M. Kumar, Ruhul Amin, M. Brindha","doi":"10.1002/spy2.268","DOIUrl":"https://doi.org/10.1002/spy2.268","url":null,"abstract":"Recently, Tanveer et al. proposed a resource‐efficient authentication scheme for telecare medical information systems employing the authenticated key exchange. Tanveer et al. vehemently claimed that the protocol is safe against smart card stolen attacks, password guessing attacks, anonymity and untraceability, replay attacks, man‐in‐the‐middle attacks, impersonation attacks, and so forth. We have scrutinized the Tanveer et al. protocol. Based on his attack model, we have analyzed that this protocol is not secured against session key disclosure attacks, privileged insider attacks, and medical server impersonation attacks. We have also discussed improvement mechanisms to protect the mentioned security threats.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44197564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: