User:Madssnake/sandbox

= Mutual Authentication Article Ideas = Here are my plans for what I will be adding to the mutual authentication article:


 * Add a privacy section that address why mutual authentication is an effective security measure
 * Why is it important? Mutual authentication ensures that both involved parties are verified and not imposters
 * Give examples of the increasing amount of authentication schemes satisfying mutual authentication
 * Where can it be applied? Mutual authentication is found in data transmission schemes that are applied in many technologies, including but not limited to:
 * Radio frequencies (RFID tags / supply networks) (remote medical data collection)
 * Vehicular systems
 * Location tracking (smart watches)
 * User made password based authentication
 * Medical technology with wireless networks for wearable devices that track health data

Mutual authentication can be implemented with:


 * Blockchain (link)
 * Smart cards
 * Cloud architecture networks (and edge based cloud computing)

Do more research on ways to verify mutual authentication:


 * BAN logic → GNY logic
 * SPAN logic with AVISPA

Other articles I can link my page to:

= Mutual Authentication: Draft = Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It was previously referred to as “mutual entity authentication,” as two or more entities verify the others' legality before any data or information is transmitted.
 * Authentication, TLS, SSH, BAN Logic, Cybersecurity, Networks

Mutual authentication is a desired characteristic in verification schemes that have sensitive data being transmitted, in order to ensure data security. Mutual authentication is found in two types of schemes: username-password based schemes and certificate based schemes, and these schemes are often found in schemes employed in the Internet of Things (IoT). Writing effective security schemes in IoT systems can become challenging, especially when needing schemes to be lightweight and have low computational costs. Mutual authentication is a crucial security step that can defend against many adversarial attacks, which otherwise can have large consequences if IoT systems (such as e-Healthcare servers) are hacked. In scheme analyses done of past works, a lack of mutual authentication had been considered a weakness in data transmission schemes.

Process steps and verification
Schemes that have a mutual authentication step may use different methods of encryption, communication, and verification, but they all share one thing in common: each entity is verified. If Alice wants to communicate with Bob, before any data or messages are transmitted, they will both authenticate the other and verify that it is who they are expecting to communicate with. A mutual authentication process that exchanges user IDs may be implemented as follows:

To verify that mutual authentication has occurred successfully, BAN logic is a well regarded and widely accepted method to use, because it verifies that a message came from a trustworthy entity. BAN logic first assumes an entity is not to be trusted, and then will verify its legality.
 * 1) Alice sends a message to Bob to show that Alice is a valid user.
 * 2) Bob verifies message:
 * 3) Bob checks the format and timestamp. If either is incorrect or invalid, the session is aborted.
 * 4) The message is then unscrambled with Bob's secret key and Alice's ID.
 * 5) Bob checks if the message matches a valid user. If not, the session is aborted.
 * 6) Bob sends Alice a message back to show that Bob is a valid user.
 * 7) Alice verifies the message:
 * 8) Alice checks the format and timestamp. If either is incorrect or invalid, the session is aborted.
 * 9) Then, the message is unscrambled with Alice's secret key and Bob's ID.
 * 10) Alice checks if the message matches a valid user. If not, the session is aborted.
 * 11) At this point, both parties are verified to be who they claim to be and safe for the other to communicate with. Lastly, Alice and Bob will create a shared secret key so that they can continue communicating in a secure manner.

Defenses
Mutual authentication is an important factor in transmission schemes because it can protect a scheme against adversarial attacks, notably: Mutual authentication also ensures information integrity because if the parties are verified to be the correct source, then the information received is reliable as well.
 * Man in the middle attack (MITM): MITM attacks are when a third party wishes to eavesdrop or intercept a message, and sometimes alter the intended message for the recipient. The two parties openly receive messages without verifying the sender, so they do not realize an adversary has inserted themselves into the communication line. Mutual authentication can prevent MITM attacks because both the sender and recipient verify each other before sending them their message keys, so if one of the parties is not verified to be who they claim they are, the session will end.
 * Replay attacks : A replay attack is similar to a MITM attack in which older messages are replayed out of context to to fool the server. However, this does not work against schemes using mutual authentication because timestamps are a verification factor that are used in the protocols. If the change in time is greater than the maximum allowed time delay, the session will be aborted. Similarly, messages can include a randomly generated number to keep track of when a message was sent.
 * Spoofing attacks : Spoofing attacks rely on using false data to pose as another user in order to gain access to a server or be identified as someone else. Mutual authentication can prevent spoofing attacks because the server will authenticate the user as well, and verify that they have the correct session key before allowing any further communication and access.
 * Impersonation attacks: When each party authenticates the other, they send each other a certificate that only the other party knows how to unscramble, verifying themselves as a trusted source. In this way, adversaries cannot use impersonation attacks because they do not have the correct certificate to act as if they are the other party.

Lightweight schemes vs. secured schemes
While lightweight schemes and secure schemes are not mutually exclusive, adding a mutual authentication step to data transmissions protocols can often increase performance runtime and computational costs. This can become an issue for network systems that cannot handle large amounts of data or those that constantly have to update for new real-time data (e.g. location tracking, real-time health data).

Thus, it becomes a desired characteristic of many mutual authentication schemes to have lightweight properties (e.g. have a low memory footprint) in order to accommodate the system that is storing a lot of data. Many systems implement cloud computing, which allows quick access to large amounts of data, but sometimes large amounts of data can slow down communication. Even with edge-based cloud computing, which is faster than general cloud computing due to a closer proximity between the server and user, lightweight schemes allow for speed when managing larger amounts of data. One solution to keep schemes lightweight during the mutual authentication process is to limit the number of bits used during communication.

Applications that solely rely on device-to-device (D2D) communication, where multiple devices can communicate locally in close proximities, removes the third party network. This in turn can speed up communication time. However, the authentication still occurs through insecure channels, so researchers believe it is still important to ensure mutual authentication occurs in order to keep a secure scheme.

Schemes may sacrifice a better runtime or storage cost when ensuring mutual authentication in order to prioritize protecting the sensitive data.

Password-based schemes
In mutual authentication schemes that require a user's inputted password as part of the verification process, there is a higher vulnerability to hackers because the password is human-made rather than a computer-generated certificate. However, user-made passwords and the ability to change one's password are important for making an application user-friendly, so many schemes work to accommodate the characteristic. A password based protocol with mutual authentication is important because user identities and passwords are still protected, as the messages are only readable to the two parties involved.

However, a negative aspect about password-based authentication is that password tables can take up a lot of memory space. One way around using a lot of memory during a password-based authentication scheme is to implement one-time passwords (OTP), which is a password sent to the user via SMS or email. OTPs are time-sensitive, which means that they will expire after a certain amount of time and that memory does not need to be stored.

Multi-factor authentication
Recently, more schemes have higher level authentication than password based schemes. While password-based authentication is considered as "single-factor authentication," schemes are beginning to implement smart card (two-factor) or biometric-based (three-factor) authentication schemes. Smart cards are simpler to implement and easy for authentication, but still have risks of being tampered with. Biometrics have grown more popular over password-based schemes because it is more difficult to copy or guess session keys when using biometrics, but it can be difficult to encrypt noisy data. Due to these security risks and limitations, schemes can still employ mutual authentication regardless of how many authentication factors are added.

Certificate based schemes and system applications
Mutual authentication is often found in schemes employed in the Internet of Things (IoT), where physical objects are incorporated into the Internet and can communicate via IP address. Authentication schemes can be applied to many types of systems that involve data transmission. As the Internet's presence in mechanical systems increases, writing effective security schemes for large numbers of users, objects, and servers can become challenging, especially when needing schemes to be lightweight and have low computational costs. Instead of password-based authentication, devices will use certificates to verify each other's identities.

Radio networks
Mutual authentication can be satisfied in radio network schemes, where data transmissions through radio frequencies are secure after verifying the sender and receiver.

Radio Frequency Identification (RFID) tags are commonly used for object detection, which many manufacturers are implementing into their warehouse systems for automation. This allows for a faster way to keep up with inventory and track objects. However, keeping track of items in a system with RFID tags that transmit data to a cloud server increases the chances of security risks, as there are now more digital elements to keep track of. A three way mutual authentication can occur between RFID tags, the tag readers, and the cloud network that stores this data in order to keep RFID tag data secure and unable to be manipulated.

Similarly, an alternate RFID tag and reader system that assigns designated readers to tags has been proposed for extra security and low memory cost. Instead of considering all tag readers as one entity, only certain readers can read specific tags. With this method, if a reader is breached, it will not affect the whole system. Individual readers will communicate with specific tags during mutual authentication, which runs in constant time as readers use the same private key for the authentication process.

Many e-Healthcare systems that remotely monitor patient health data use wireless body area networks (WBAN) that transmit data through radio frequencies. This is beneficial for patients that should not be disturbed while being monitored, and can reduced the workload for medical worker and allow them to focus on the more hands-on jobs. However, a large concern for healthcare providers and patients about using remote health data tracking is that sensitive patient data is being transmitted through unsecured channels, so authentication occurs between the medical body area network user (the patient), the Healthcare Service Provider (HSP) and the trusted third party.

Cloud based computing
e-Healthcare clouds are another way to store patient data collected remotely. Clouds are useful for storing large amounts of data, such as medical information, that can be accessed by many devices whenever needed. Telecare Medical Information Systems (TMIS), an important way for medical patients to receive healthcare remotely, can ensure secured data with mutual authentication verification schemes. Blockchain is one way that has been proposed to mutually authenticate the user to the database, by authenticating with the main mediBchain node and keeping patient anonymity.

Fog-cloud computing is a networking system that can handle large amounts of data, but still has limitations regarding computational and memory cost. Mobile edge computing (MEC) is considered to be an improved, more lightweight fog-cloud computing networking system, and can be used for medical technology that also revolves around location-based data. Due to the large physical range required of locational tracking, 5G networks can send data to the edge of the cloud to store data. An application like smart watches that track patient health data can be used to call the nearest hospital if the patient shows a negative change in vitals.

Fog node networks can be implemented in car automation, keeping data about the car and its surrounding states secure. By authenticating the fog nodes and the vehicle, vehicular handoff becomes a safe process and the car’s system is safe from hackers.

Machine to machine verification
Many systems that do not require a human user as part of the system also have protocols that mutually authenticate between parties. In unmanned aerial vehicle (UAV) systems, a platform authentication occurs rather than user authentication. Mutual authentication during vehicle communication prevents one vehicle's system from being breached, which can then affect the whole system negatively. For example, a system of drones can be employed for agriculture work and cargo delivery, but if one drone were to be breached, the whole system has the potential to collapse.