A WTLS Handshake Protocol with User Anonymity and Forward Secrecy

Password authentication scheme using smart cards is an important part of securely accessing the server program. In 2012, Chen et al. proposed a robust smart-card-based remote user password authentication scheme. Recently, Li et al. discovered the scheme of Chen et al. cannot really ensure forward secrecy, and it cannot achieve the goal of efficiency for wrong password login. Then, they proposed an enhanced remote user password authentication scheme based on smart cards. In this paper, we propose a novel authentication scheme by using elliptic curve cryptography. The new scheme can achieve both the user anonymity and the goal of efficiency of incorrect password detection, and can also establish a session key for the subsequent secure communication. Moreover, we show by a detailed analysis that it requires lower computation cost while improving the security of the scheme.

Download Full-text

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Security and Communication Networks ◽

10.1155/2018/9062675 ◽

2018 ◽

Vol 2018 ◽

pp. 1-15 ◽

Cited By ~ 5

Author(s):

Chenyu Wang ◽

Guoai Xu ◽

Wenting Li

Keyword(s):

User Anonymity ◽

Security Requirements ◽

Forward Secrecy ◽

Dictionary Attack ◽

Insider Attack ◽

Comparison Results ◽

Stolen Verifier Attack ◽

Adversary Model ◽

Heuristic Analysis ◽

Great Development

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1) their description of the adversary’s abilities is inaccurate; (2) their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

Download Full-text

Efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0

Science China Information Sciences ◽

10.1007/s11432-020-2975-6 ◽

2021 ◽

Vol 65 (1) ◽

Author(s):

Chenyu Wang ◽

Ding Wang ◽

Guoai Xu ◽

Debiao He

Keyword(s):

Industry 4.0 ◽

User Authentication ◽

Privacy Preserving ◽

Authentication Scheme ◽

Forward Secrecy ◽

User Authentication Scheme

Download Full-text

Using a Warm Hand-Off Approach to Enroll African American Caregivers in a Multi-Site Clinical Trial: The Handshake Protocol

Journal of Applied Gerontology ◽

10.1177/0733464821992920 ◽

2021 ◽

pp. 073346482199292

Author(s):

Fayron Epps ◽

Glenna Brewster ◽

Judy S. Phillips ◽

Rachel Nash ◽

Raj C. Shah ◽

...

Keyword(s):

African American ◽

Controlled Trial ◽

Culturally Congruent ◽

Phone Calls ◽

Emory University ◽

Hand Off ◽

Site Coordinator ◽

Handshake Protocol ◽

Minority Participants ◽

African American Caregivers

“Testing Tele-Savvy” was a three-arm randomized controlled trial that recruited participants from four National Institute on Aging (NIA)–funded Alzheimer’s Disease Centers with Emory University serving as the coordinating center. The enrollment process involved each center providing a list of eligible caregivers to the coordinating center to consent. Initially, the site proposed to recruit primarily African American caregivers generated a significant amount of referrals to the coordinating center, but a gap occurred in translating them into enrolled participants. To increase the enrollment rate, a “Handshake Protocol” was established, which included a warm handoff approach. During preset phone calls each week, the research site coordinator introduced potential participants to a culturally congruent co-investigator from the coordinating center who then completed the consent process. Within the first month of implementation, the team was 97% effective in meeting its goals. This protocol is an example of a successful, innovative approach to enrolling minority participants in multi-site clinical trials.

Download Full-text

Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽

10.3390/s21062057 ◽

2021 ◽

Vol 21 (6) ◽

pp. 2057

Author(s):

Yongho Ko ◽

Jiyoon Kim ◽

Daniel Gerbi Duguma ◽

Philip Virgil Astillo ◽

Ilsun You ◽

...

Keyword(s):

Performance Evaluation ◽

Secure Communication ◽

Communication Protocol ◽

Denial Of Service ◽

Mutual Authentication ◽

Information Leakage ◽

Security Protocol ◽

Security Requirements ◽

Forward Secrecy ◽

Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

Download Full-text

Cryptanalysis of a Group Key Establishment Protocol

Symmetry ◽

10.3390/sym13020332 ◽

2021 ◽

Vol 13 (2) ◽

pp. 332

Author(s):

Jorge Martínez Carracedo ◽

Adriana Suárez Corona

Keyword(s):

Forward Secrecy ◽

Key Establishment ◽

Group Key ◽

Active Attack ◽

Group Key Establishment

In this paper, we analyze the security of a group key establishment scheme proposed by López-Ramos et al. This proposal aims at allowing a group of users to agree on a common key. We present several attacks against the security of the proposed protocol. In particular, an active attack is presented, and it is also proved that the protocol does not provide forward secrecy.

Download Full-text