Sani, Abubakar Sadiq, Bertino, Elisa, Yuan, Dong, Meng, Ke and Dong, Zhao Yang (2022) SPrivAD: a secure and privacy-preserving mutually dependent authentication and data access scheme for smart communities. Computers & Security, 115:102610. ISSN 0167-4048 (doi:https://doi.org/10.1016/j.cose.2022.102610)

Preview

PDF (Author's Accepted Manuscript) 34952 SANI_SPrivAD_Data_Access_Scheme_For_Smart_Communities_(AAM)_2022.pdf - Accepted Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview

Abstract

Recent studies show that attackers evade authentication by exploiting valid credentials and crafting authentication request messages to compromise assets and illegitimately access data in smart communities such as smart campuses and smart cities. In addition, attackers can send large numbers of authentication and data access requests to spread malware across the smart communities' network and cause Distributed Denial of Service (DDoS) attacks. This paper proposes SPrivAD, a secure and privacy-preserving mutually dependent authentication and data access solution by which smart communities' assets such as users, devices, and apps can authenticate each other before allowing data access. SPrivAD uses an Inter-Attribute-based Zero Knowledge Proof of Knowledge (IA-ZKPK) protocol based on computational attributes of cryptographic operations, and cryptographic identities of the assets to perform Mutually Dependent Multi-Factor Authentication and Data Access (MDMFA). The computational attributes such as message size and number of executed steps of cryptographic operations are features derived from the knowledge of cryptographic operations between the assets. Our approach for deriving a unique, deactivatable, and revocable cryptographic identity is based on the secrets of an asset in a modified Elliptic Curve Pedersen Commitment Scheme (EC-PCS) with security and privacy guarantees. We implement a prototype of SPrivAD and evaluate it with respect to its security, privacy, and performance. The results show that it is secure, privacy-preserving, and efficient for mutually dependent authentication and data access in smart communities. Furthermore, we design and analyse a new attack, Smart Communities Authentication Bypass Attack (SCABA), on real-world authentication and secure access schemes such as Ruckus Cloudpath Enrollment System and Duo Multi-Factor Authentication (MFA). This type of attack exploits valid credentials of smart communities' assets. We show that SPrivAD mitigates SCABA.

Item Type:	Article
Uncontrolled Keywords:	smart communities, authentication, data access, security, privacy
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified:	12 Jan 2023 01:38
URI:	http://gala.gre.ac.uk/id/eprint/34952

Actions (login required)

View Item

Downloads