Research & Grants
RESEARCH INTERESTS
Attribute-based access control
Hierarchical access control
Time-bound hierarchical access control
Remote user authentication
Multi-server authentication
Authentication in Near Field Communication
Authentication in smart grid
Key management in wireless sensor networks
Authentication in vehicular ad-hoc networks
RESEARCH GRANTS
Funding: Start-up Research Grant (Seed Funding) from IIITS.
Project: Design, Analysis and Implementation of Security Protocols for Internet of Things and Cloud Computing.
Principal Investigator: Dr. Odelu Vanga
Duration: 3 years (2016-2019)
RESEARCH CONTRIBUTIONS
Attribute-based access control : Cloud Computing is characterized by virtual world with unlimited capability in terms of storage and processing power. Cloud computing allows computer users to conveniently rent access to fully featured applications, software development and deployment environments and computing infrastructure assets such as network-accessible data storage and processing with its salient features: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.
Mobile devices have become the primary computing device for individual and organizational users, and a popular mobile application (app) category is cloud apps. For example, Dropbox, a popular cloud storage app, has between 500 million and one billion downloads on Google Play store as of 16 December 2015. The aim is to ensure that data outsourced to the cloud will be protected from unauthorized access. Attribute-based Access Control techniques (for example, Ciphertext-Policy Attribute-Based Encryption and Key-Policy Attribute-Based Encryption) are the most suitable cryptographic tools to provide the data confidentiality as well as data accesses control in the field of cloud computing. However, mobile devices are generally resource-constrained, and cloud services are Internet-based and pay-and-use services. Thus, one of the associated key security challenges is the design of lightweight cryptographic solutions for mobile clients.
Contributions
Vanga Odelu, Ashok Kumar Das, Y. Sreenivasa Rao, Saru Kumari, Muhammad Khurram Khan, Kim-Kwang Raymond Choo, “Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment,” Computer Standards & Interfaces (Elsevier), Special Issue on “Cloud Computing Security and Privacy: Standards and Regulations”, 2016. In Press.
Vanga Odelu and Ashok Kumar Das, “Design of a new CP-ABE with constant size secret keys for lightweight devices using elliptic curve cryptography,” in Security and Communication Networks (Wiley), 2016. In Press.
Vanga Odelu, Ashok Kumar Das, Muhammad Khurram Khan, Kim-Kwang Raymond Choo, and Minho Jo, "Expressive CP-ABE Scheme for Mobile Devices in IoT satisfying Constant-size Keys and Ciphertexts," in IEEE Access, 2017. In Press.
Hierarchical access control : In a computer system, the information privacy stems from the legal decisions made to regulate proper accesses to the private information. The access matrix model has been used widely in order to produce the access control mechanism for the computer users. Since access control matrix is a spare matrix, storing it directly in the system requires a huge amount of storage space, and thus, it increases the implementation cost of the system. In order to remedy these drawbacks, a hierarchical representation mechanism was proposed in the literature, and such an hierarchy, called a user hierarchy. In many organizations, the personnel are frequently organized in the form of a hierarchy, and the information is distributed over the hierarchy on a need-to-know basis. This implies that the hierarchy represents the personnel relationships among the users in the system. The private information (objects) maintained by the organization are often stored in a database (or broadcast over the system), and the legitimate users in that organization can access those information according to their defined access privileges. Suppose a trusted central authority (CA) is responsible for managing the users and their access privileges. Let the users of a computer system be divided into different disjoint security classes (classes, in short) according to their positions and access control authorities in the system. Assume that the users are divided into n disjoint classes, say C1 , C2 , · · · , Cn , and a binary relation “≥” partially orders the set of security classes C = {C1 , C2 , · · · , Cn }, that is, it forms a partially ordered set (POSET, in short) with respect to the binary operation “≥” satisfying the following three properties:
(i). Reflexive property: Ci ≥ Ci , ∀Ci ∈ C;
(ii). Anti-symmetric property: If Ci , Cj ∈ C such that Ci ≥ Cj and Cj ≥ Ci , then Ci = Cj ;
(iii). Transitive property: If Ci , Cj , Ck ∈ C such that Ci ≥ Cj and Cj ≥ Ck , then Ci ≥ Ck .
The relation Ci ≥ Cj in the POSET (C, ≥) represents that the users in the class Ci have a security level higher than or equal to those in the class Cj . Thus, the users in class Ci can have access to the information held by (or destined to) the users in class Cj , while the reverse is not allowed. For example, Xm is a piece of information that the CA desires to store in (or broadcast over) the system which is accessible to users in the class Cm . Then, the partially order relation “≥” on C implies that Xm is also accessible to the users in all classes Ci such that Ci ≥ Cm.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “DMAMA: Dynamic migration access control mechanism for mobile agents in distributed networks,” in Wireless Personal Communications (Springer), Vol. 84, No. 1, pp. 207-230, Sept. 2015.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A secure effective key management scheme for dynamic access control in a large leaf class hierarchy,” in Information Sciences (Elsevier), Vol. 269, No. C, pp. 270-285, 2014.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E- Medicine System,” in Journal of Medical Systems (Springer), Vol. 37, No. 2, pp. 1 - 18, 2013.
Ashok Kumar Das, Adrijit Goswami, and Vanga Odelu, “An efficient access control scheme in user hierarchy based on polynomial interpolation and hash function,” in International Journal of Communication Networks and Distributed Systems (Inderscience), Vol. 12, No. 2, pp. 129-151, 2014.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A novel linear polynomial-based dynamic key management scheme for hierarchical access control,” in International Journal of Trust Management in Computing and Communications (Inderscience), Vol. 1, No. 2, pp. 156-174,2013.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A New Key Management Scheme for a User Hierarchy based on a Hybrid Cryptosystem,” in Smart Computing Review (KAIS), vol. 3, no. 1, pp. 42-54, February 2013.
Time-bound hierarchical access control : A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys and private information to each class in the hierarchy, in such a way that key derivation also depends on temporal constraints. Once a time period expires, users in a class should not be able to access any subsequent keys if they are not authorized to do so. It has numerous applications including the Pay-TV systems and web-based subscription services.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A secure and efficient time-bound hierarchical access control scheme for secure broadcasting,” in International Journal of Ad Hoc and Ubiquitous Computing (InderScience), Vol. 22, No. 4, pp. 236-248, 2016.
Client-server authentication : In a client-server authentication, a remote server verifies whether a login client is genuine and trustworthy, and also for mutual authentication purpose a login client validates whether the remote server is genuine and trustworthy.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems,” in Wireless Personal Communications (Springer), Vol. 84, No. 4, pp. 2571-2598, Oct. 2015.
Ashok Kumar Das, Vanga Odelu, and Adrijit Goswami, “A robust and effective smart card-based remote user authentication mechanism using hash function,” in The Scientific World Journal (Hindawi Publishing Corporation), Vol. 2014, Article ID 719470, 16 pages.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card,” in Journal of Information Security and Applications (Elsevier), Vol. 21, pp. 1-19, 2015.
Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Vanga Odelu, and Muhammad Khurram Khan, “A User Anonymous Mutual Authentication Protocol,” in KSII Transactions on Internet and Information Systems, 2016, In Press.
Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das and Vanga Odelu. "Jamming resistant non-interactive anonymous and unlinkable authentication scheme for mobile satellite networks," in Security and Communication Networks (Wiley), 2016, In Press.
Sravani Challa, Ashok Kumar Das, Saru Kumari, Vanga Odelu, Fan Wu, and Xiong Li. "Provably secure three-factor authentication and key agreement scheme for session initiation protocol," in Security and Communication Networks (Wiley), 2016, Accepted.
Authentication in Telecare Medicine Information System (TMIS) : In TMIS, the patients at home and the doctors at a clinic or home healthcare agency communicate through public networks. In order to safeguard patients’ privacy, such as telephone number, medical record number, health information, the mechanism for authentication and key agreement protocols is extremely required. An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients health. However, in such system the illegal access must be prevented and the information from theft during transmission over the insecure Internet need to be prevented. To tackle such serious problems, the remote user authentication plays an important role.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system,” in Journal of King Saud University - Computer and Information Sciences (Elsevier), Vol. 28, No. 1, pp. 68-81, Jan 2016.
Ashok Kumar Das, Vanga Odelu, and Adrijit Goswami, “A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-Medical Server Environment in TMIS,” in Journal of Medical Systems (Springer), Vol. 39, No. 9, pp. 1 - 24, 2015.
Anil Kumar Sutrala, Ashok Kumar Das, Vanga Odelu, Mohammad Wazid, and Saru Kumari, “Secure anonymity-preserving password-based user authentication and session key agreement protocol for telecare medicine information systems,” in Computer Methods and Programs in Biomedicine (Elsevier), Vol. 135, pp. 167-185, 2016.
Three-party authentication : In two-party password authenticated key exchange scheme, the two parties A and B share a password in advance and establish a common session key to communicate securely. However, in large-scale communication environments, the password management can be a challenging issue. In order to overcome this problem, three-party authenticated key exchange (3PAKE) techniques was introduced in the literature. In 3PAKE, the trusted server S exists and mediates between two communicating parties A and B to allow mutual authentication and agree on a common session key.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards,” Security and Communication Networks (Wiley), Vol. 8, No. 18, pp. 4136-4156, Dec. 2015.
Authentication in Near Field Communication (NFC) : In the NFC environment, the Trusted Service Manager (TSM) is responsible to distribute user keys to the registered users based upon the requests from the users and it does not involve in the authentication process. The authentication protocol involves only two parties, namely, an initiator user and a target user. The initiator user generates a radio frequency field and starts the NFC interface. After receiving communication signals, the target user sends a response message to the initiator user through the radio frequency field. After mutual authentication, both the initiator user and target user establish and agree on a secure session key. Due to the shared nature of wireless communication networks, there are several kinds of security vulnerabilities in NFC environment including impersonation and man-in-the-middle attacks. Thus, the security is one of the prerequisite for NFC applications. Moreover, transmission capacity of NFC technology is limited as its operating frequency is 13.56 MHz with transmission speed ranging from 106 Kbps to 424 Kbps up to 10 cm. Since the widely use of mobile devices, such as smart phones and personal laptops, in combination of NFC technology, authentication protocol must ensure high security along with low computation and communication costs.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “SEAP: Secure and Efficient Authentication Protocol for NFC Applications Using Pseudonyms,” in IEEE Transactions on Consumer Electronics, 2016. Accepted.
Single Sign-on mechanism for distributed computer networks : Due to the portability and availability of mobile devices, such as smart phones and laptops, the usage of mobile devices is largely increasing in the real-life applications. The mobile user can use the mobile devices to access multi-services, such as process online payment, order goods, receive/reply electronic mails, or download music, etc., from the different service providers in distributed computer networks. Thus, the distributed locations of service providers make it efficient and convenient for subscribers to access the resources. In a single-server environment, a user needs to register with each server separately and keep different identity/password pairs for accessing each service provider. Thus, when users have to keep so much secret information, security problems can occur and increase the overhead for the networks. In a unidirectional identification scheme, an entity identifies the other party by challenging some secret information, and then, mutual identification can allow two communicating parties to verify each other. However, it is impossible to directly apply two-party authentication methods for a single server environment to a multi-server environment. To withstand these security drawbacks, several multi-server authentication schemes have been presented in the literature. The single sign-on (SSO) authentication is a good remedy to this problem as it allows a user with a single credential to access multiple service providers. In a multi-server environment, there are three parties, namely user (U ), service provider (S), registration center (RC). We can divide the multi-server authentication schemes into the following two categories:
Without the involvement of RC: In this case, user U and server S mutually authenticate and establish a session key without the involvement of RC in the authentication process.
With the presence of RC: On contrary, in this case, user U and server S mutually authenticate and agree on a session key with the presence of RC in the authentication process.
The user privacy is also a desirable in distributed computing environment since the information exchanged might be abused by some other organizations for marketing purposes. Thus, the authentication schemes become the trusted components in a communication system in order to protect the sensitive information against a malicious adversary by means of providing variety of security services, such as mutual authentication, user credentials privacy and session key security.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A Secure Biometrics-Based Multi-Server Authentication Protocol using Smart Cards,” in IEEE Transactions on Information Forensics and Security, Vol. 10, No. 9, pp. 1953 - 1966, Sept. 2015.
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks,” in Security and Communication Networks (Wiley), Vol. 8, No. 9, pp. 1732-11752, 2014.
Vanga Odelu, Ashok Kumar Das, Saru Kumari, Xinyi Huang, and Mohammad Wazid, “Provably secure authenticated key agreement scheme for distributed mobile cloud computing services,” in Future Generation Computer Systems (Elsevier), 2016, In Press. (2015 SCI Impact Factor: 2.430)
A. Goutham Reddy, Ashok Kumar Das, Vanga Odelu, and Kee-Young Yoo. ”An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based On Elliptic Curve Cryptography,” in PLoS ONE, Vol. 11, No. 5, pp. 1-28, 2016.
Alavalapati Goutham Reddy, Eun-Jun Yoon, Ashok Kumar Das, Vanga Odelu, and Kee-Young Yoo. "Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment," in IEEE Access, 2017, Accepted.
Authentication in Smart Grid : Recently, the smart grid technology is recognized as the next generation of power grid. It uses two-way flows of electricity and information to create a widely distributed automated energy delivery network. A smart grid usually contains four components: sensing, communication, control, and actuation systems. The smart meters (SMs) are 9the important components of a smart grid, which are composed of sensing and communication modules, and the service systems from service providers (SPs) contain communication, control, and actuation modules. The use of SMs is rapidly increasing in the homes to monitor energy consumption in real time and SMs provide power pricing information to consumers. Due to the wireless nature of SMs, a malicious adversary can eavesdrop, modify, and interrupt the transmitted messages between SMs and SPs. Moreover, SMs are installed in the close proximity of houses are usually protected by the physical locks only. Thus, there is a possibility to compromise physically the SMs by an adversary when he/she breaks the physical lock, and also impersonates those SMs by capturing the secret credentials stored in its memory. The information of energy use is stored at the SMs and distributed thereafter acts as an information-rich side channel; it reveals the customer behaviors and habits, for example, the activities like watching television have the detectable power consumption signatures. Hence, the credentials’ privacy is also another important issue in the smart grid. As a result, SMs are most attractive targets for an adversary as the vulnerabilities can easily be monetized. Since the rapid growth in the smart grid technology, designing a secure and efficient key distribution mechanism for smart grid environment becomes an emerging research topic.
Contributions
Vanga Odelu, Ashok Kumar Das, Mohammad Wazid, and Mauro Conti, “Provably Secure Authenticated Key Agreement Scheme for Smart Grid,” in IEEE Transactions on Smart Grid, 2016, In Press.
Key management in wireless sensor networks : An access control scheme in wireless sensor networks consists of two tasks: node authentication and key establishment. In node authentication, a deployed node needs to prove its identity to its neighbour nodes and also to prove that it has the right to access the existing sensor network. On the other hand, in key establishment, the secret shared keys need to be established between a deployed node and its neighbour nodes to protect secure communications among them.
Contributions
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “A secure and scalable group access control scheme for wireless sensor networks,” in Wireless Personal Communications (Springer), Vol. 85, No. 4, pp. 1765-1788, Dec. 2015.
Ashok Kumar Das, Anil Kumar Sutrala, Saru Kumari, Vanga Odelu, Mohammad Wazid and Xiong Li, “An efficient multi-gateway based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks,” in Security and Communication Networks (Wiley), Vol. 9, No. 13, pp. 2070-2092, 2016.
Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Mohammad Wazid, and Vanga Odelu, “Secure anonymous mutual authentication for star two-tier wireless body area networks,” in Computer Methods and Programs in Biomedicine (Elsevier), Vol. 135, pp. 37-50, 2016.
Ashok Kumar Das, Saru Kumari, Vanga Odelu, Xiong Li, FanWu and Xinyi Huang, “Provably secure user authentication and key agreement scheme for wireless sensor networks,” Security and Communication Networks (Wiley), 2016. In Press.
Authentication in vehicular ad-hoc networks : Vehicular Ad hoc Network (VANET) is considered as a special type of Mobile Ad hoc Network (MANET), which allows the vehicles on roads to form a self-organized network. VANETs provide multiple benefits, such as the in-built warning system which warns the driver about the accidents so that he/she can take quick decisions on the basis of provided information. The vehicles further share the information with each other. It also provides information about 10traffic congestion at the different roads so that driver can take decision on the basis of this information and can select alternative roads. In summary, VANETs help to improve the road environment, infotainment dissemination, and traffic safety for drivers as well as passengers. Recent studies reveals that the market for vehicular communications will reach several billions of euros in the coming year. Therefore, considerable research efforts are needed in this field.
Contributions
Saru Kumari, Marimuthu Karuppiah, Xiong Li, Fan Wu, Ashok Kumar Das, and Vanga Odelu, “An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks,” in Security and Communication Networks (Wiley), 2016, In Press.