Morteza Adeli - Academia.edu (original) (raw)

Papers by Morteza Adeli

Research paper thumbnail of Challenging the security of “A PUF-based hardware mutual authentication protocol”

Journal of Parallel and Distributed Computing

Research paper thumbnail of Cryptanalysis of two recently proposed PUF based authentication protocols for IoT: PHEMAP and Salted PHEMAP

IACR Cryptol. ePrint Arch., 2019

Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entiti... more Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entities, including Radio-frequency identification(RFIDs) based devices and other sensors to detect and transfer various information such as temperature, personal health data, brightness, etc. Security, in particular, authentication, is one of the most important parts of information security infrastructure in IoT systems. Given that an IoT system has many resource-constrained devices, a goal could be designing a proper authentication protocol that is lightweight and can resist against various common attacks, targeting such devices. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols has received a lot of attention among researchers. In this paper, we analyze two recently proposed authentication protocols based on PUF chains called PHEMAP and Salted PHEMAP. We show that these protocols are vulnerable to impersonate, desynchronization and traceabili...

Research paper thumbnail of \(\chi\)perbp: a Cloud-based Lightweight Mutual Authentication Protocol

IACR Cryptol. ePrint Arch., 2021

Alongside the development of cloud computing and Internet of Things(IoT), cloud-based RFID is rec... more Alongside the development of cloud computing and Internet of Things(IoT), cloud-based RFID is receiving more attention nowadays. Cloud-based RFID system is specifically developed to providing real-time data that can be fed to the cloud for easy access and instant data interpretation. Security and privacy of constrained devices in these systems is a challenging issue for many applications. To deal with this problem, we propose χperbp, a lightweight authentication protocol based on χper component. χper is a hardware/software friendly component that can be implemented using bit-wise operations. To evaluate the performance efficiency of our proposed scheme, we implement the χperbp scheme on a FPGA module Xilinx Kintex-7 using the hardware description language VHDL. Our security and cost analysis of the proposed protocol shows that the proposed protocol provides desired security against various attacks, in a reasonable cost. Also, formal security evaluation using BAN logic and Scyther to...

Research paper thumbnail of On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments

Journal of Ambient Intelligence and Humanized Computing, 2020

Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal ... more Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.

Research paper thumbnail of MDSbSP: a search protocol based on MDS codes for RFID-based Internet of vehicle

The Journal of Supercomputing, 2020

The new era of the Internet of Things is driving the evolution of conventional vehicle ad hoc net... more The new era of the Internet of Things is driving the evolution of conventional vehicle ad hoc networks into the Internet of vehicles (IoV). Radio frequency identification (RFID) is a reliable and advanced instrument used for automated data collection, processing and tracking, which is widely used in IoV. One of the important features of an RFID system is its ability to search for a particular tag among a group of tags. Since the RFID tags used in vehicles are commonly resource-constrained, the purpose is to propose a lightweight tag searching protocol that meets the security requirements while at the same time it is respecting the requirements for efficient implementation. In this regard, a lightweight tag search protocol, which is based on permutation matrices, has recently been proposed by Fan et al. and claimed to be secure against various attacks. In this paper, we analyze the security of this protocol and show that this scheme is vulnerable to de-synchronization and disclosure attacks. The latter attack can disclose all the secret information stored in a tag such as the identity, the shared secret key and the two secret permutation matrices that are used as encryption functions. To address these vulnerabilities, we propose an improved lightweight tag search protocol based on maximum distance separable matrices. As a result of security analysis, we can see that the improved scheme is secure against passive and active attacks, including disclosure and de-synchronization attack. Finally, we implement the improved protocol in ISE 14.6 environment for Virtex-7 FPGAs and compare the performance with some related protocols. The implementation results show that the improved scheme is particularly well suited for use in RFID systems.

Research paper thumbnail of Cryptanalysis of an Ultra lightweight Authentication Scheme based on Permutation Matrix Encryption for Internet of Vehicles

IACR Cryptol. ePrint Arch., 2019

Internet of Things (IoT) has various applications such as healthcare, supply chain, agriculture, ... more Internet of Things (IoT) has various applications such as healthcare, supply chain, agriculture, etc. Using the Internet of Vehicles(IoV) to control traffic of the cities is one of the IoT applications to construct smart cities. Recently Fan et al. proposed an authentication protocol to provide security of the IoV networks. They claimed that their scheme is secure and can resist against various known attacks. In this paper, we analyze more deeply the proposed scheme and show that their scheme is vulnerable against disclosure and desynchronization attacks. In disclosure attack, we disclose unique identification of the tag ID, secret key S, encryption matrix M2 and half rows of encryption matrix M1. Furthermore, we proposed an improved authentication scheme based on Maximum Distance Separable(MDS) matrices that is resistance against various attacks while maintaining low computational cost.

Research paper thumbnail of Challenging the security of “A PUF-based hardware mutual authentication protocol”

Journal of Parallel and Distributed Computing

Research paper thumbnail of Cryptanalysis of two recently proposed PUF based authentication protocols for IoT: PHEMAP and Salted PHEMAP

IACR Cryptol. ePrint Arch., 2019

Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entiti... more Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entities, including Radio-frequency identification(RFIDs) based devices and other sensors to detect and transfer various information such as temperature, personal health data, brightness, etc. Security, in particular, authentication, is one of the most important parts of information security infrastructure in IoT systems. Given that an IoT system has many resource-constrained devices, a goal could be designing a proper authentication protocol that is lightweight and can resist against various common attacks, targeting such devices. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols has received a lot of attention among researchers. In this paper, we analyze two recently proposed authentication protocols based on PUF chains called PHEMAP and Salted PHEMAP. We show that these protocols are vulnerable to impersonate, desynchronization and traceabili...

Research paper thumbnail of \(\chi\)perbp: a Cloud-based Lightweight Mutual Authentication Protocol

IACR Cryptol. ePrint Arch., 2021

Alongside the development of cloud computing and Internet of Things(IoT), cloud-based RFID is rec... more Alongside the development of cloud computing and Internet of Things(IoT), cloud-based RFID is receiving more attention nowadays. Cloud-based RFID system is specifically developed to providing real-time data that can be fed to the cloud for easy access and instant data interpretation. Security and privacy of constrained devices in these systems is a challenging issue for many applications. To deal with this problem, we propose χperbp, a lightweight authentication protocol based on χper component. χper is a hardware/software friendly component that can be implemented using bit-wise operations. To evaluate the performance efficiency of our proposed scheme, we implement the χperbp scheme on a FPGA module Xilinx Kintex-7 using the hardware description language VHDL. Our security and cost analysis of the proposed protocol shows that the proposed protocol provides desired security against various attacks, in a reasonable cost. Also, formal security evaluation using BAN logic and Scyther to...

Research paper thumbnail of On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments

Journal of Ambient Intelligence and Humanized Computing, 2020

Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal ... more Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.

Research paper thumbnail of MDSbSP: a search protocol based on MDS codes for RFID-based Internet of vehicle

The Journal of Supercomputing, 2020

The new era of the Internet of Things is driving the evolution of conventional vehicle ad hoc net... more The new era of the Internet of Things is driving the evolution of conventional vehicle ad hoc networks into the Internet of vehicles (IoV). Radio frequency identification (RFID) is a reliable and advanced instrument used for automated data collection, processing and tracking, which is widely used in IoV. One of the important features of an RFID system is its ability to search for a particular tag among a group of tags. Since the RFID tags used in vehicles are commonly resource-constrained, the purpose is to propose a lightweight tag searching protocol that meets the security requirements while at the same time it is respecting the requirements for efficient implementation. In this regard, a lightweight tag search protocol, which is based on permutation matrices, has recently been proposed by Fan et al. and claimed to be secure against various attacks. In this paper, we analyze the security of this protocol and show that this scheme is vulnerable to de-synchronization and disclosure attacks. The latter attack can disclose all the secret information stored in a tag such as the identity, the shared secret key and the two secret permutation matrices that are used as encryption functions. To address these vulnerabilities, we propose an improved lightweight tag search protocol based on maximum distance separable matrices. As a result of security analysis, we can see that the improved scheme is secure against passive and active attacks, including disclosure and de-synchronization attack. Finally, we implement the improved protocol in ISE 14.6 environment for Virtex-7 FPGAs and compare the performance with some related protocols. The implementation results show that the improved scheme is particularly well suited for use in RFID systems.

Research paper thumbnail of Cryptanalysis of an Ultra lightweight Authentication Scheme based on Permutation Matrix Encryption for Internet of Vehicles

IACR Cryptol. ePrint Arch., 2019

Internet of Things (IoT) has various applications such as healthcare, supply chain, agriculture, ... more Internet of Things (IoT) has various applications such as healthcare, supply chain, agriculture, etc. Using the Internet of Vehicles(IoV) to control traffic of the cities is one of the IoT applications to construct smart cities. Recently Fan et al. proposed an authentication protocol to provide security of the IoV networks. They claimed that their scheme is secure and can resist against various known attacks. In this paper, we analyze more deeply the proposed scheme and show that their scheme is vulnerable against disclosure and desynchronization attacks. In disclosure attack, we disclose unique identification of the tag ID, secret key S, encryption matrix M2 and half rows of encryption matrix M1. Furthermore, we proposed an improved authentication scheme based on Maximum Distance Separable(MDS) matrices that is resistance against various attacks while maintaining low computational cost.