scholarly journals Password Based Key Exchange with Mutual Authentication

2004 ◽  
pp. 267-279 ◽  
Author(s):  
Shaoquan Jiang ◽  
Guang Gong
Keyword(s):  
Mutual Authentication ◽  
Key Exchange

scholarly journals RFID Mutual Authentication Protocols based on Gene Mutation and Transfer

2013 ◽  
Vol 9 (1) ◽  
pp. 44 ◽  
Author(s):  
Raghav V. Sampangi ◽  
Srinivas Sampalli
Keyword(s):  
Gene Mutation ◽  
Radio Frequency Identification ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Key Exchange ◽  
Rfid Tags ◽  
Simulation Studies ◽  
Frequency Identification ◽  
Dynamic Updates ◽  
Mutual Authentication Protocol

Radio Frequency Identification (RFID) is a technology that is very popular due to the simplicity in its technology and high adaptability in a variety of areas. The simplicity in the technology, however, comes with a caveat – RFID tags have severe resource restrictions, which make them vulnerable to a range of security attacks. Such vulnerability often results in the loss of privacy of the tag owner and other attacks on tags. Previous research in RFID security has mainly focused on authenticating entities such as readers / servers, which communicate with the tag. Any security mechanism is only as strong as the encryption keys used. Since RFID communication is wireless, critical messages such as key exchange messages are vulnerable to attacks. Therefore, we present a mutual authentication protocol that relies on independent generation and dynamic updates of encryption keys thereby removing the need for key exchange, which is based on the concept of gene mutation and transfer. We also present an enhanced version of this protocol, which improves the security offered by the first protocol. The novelty of the proposed protocols is in the independent generation, dynamic and continuous updates of encryption keys and the use of the concept of gene mutation / transfer to offer mutual authentication of the communicating entities. The proposed protocols are validated by simulation studies and security analysis.

scholarly journals An efficient 3D Diffie-Hellman based Two-Server password-only authenticated key exchange

2019 ◽  
Vol 16 (1) ◽  
Author(s):  
Anitha Kumari K ◽  
Sudha Sadasivam G
Keyword(s):  
Large Scale ◽  
Communication Complexity ◽  
Mutual Authentication ◽  
Formal Proof ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Diffie Hellman ◽  
Technological World ◽  
Client Side ◽  
Evaluation Parameters

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversarial attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plane geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principles, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

scholarly journals Scrutinizing the Vulnerability of Ephemeral Diffie–Hellman over COSE (EDHOC) for IoT Environment Using Formal Approaches

2021 ◽  
Vol 2021 ◽  
pp. 1-18
Author(s):  
Jiyoon Kim ◽  
Daniel Gerbi Duguma ◽  
Sangmin Lee ◽  
Bonam Kim ◽  
JaeDeok Lim ◽  
...  
Keyword(s):  
Task Force ◽  
Mutual Authentication ◽  
Key Exchange ◽  
Security Environment ◽  
Diffie Hellman ◽  
Verification Methods ◽  
Security Properties ◽  
Perfect Forward Secrecy ◽  
Resource Exhaustion ◽  
Future Work

Most existing conventional security mechanisms are insufficient, mainly attributable to their requirements for heavy processing capacity, large protocol message size, and longer round trips, for resource-intensive devices operating in an Internet of Things (IoT) context. These devices necessitate efficient communication and security protocols that are cognizant of the severe resource restrictions regarding energy, computation, communication, and storage. To realize this, the IETF (Internet Engineering Task Force) is currently working towards standardizing an ephemeral key-based lightweight and authenticated key exchange protocol called EDHOC (Ephemeral Diffie–Hellman over COSE). The protocol’s primary purpose is to build an OSCORE (Object Security for Constrained RESTful Environments) security environment by supplying crucial security properties such as secure key exchange, mutual authentication, perfect forward secrecy, and identity protection. EDHOC will most likely dominate IoT security once it becomes a standard. It is, therefore, imperative to inspect the protocol for any security flaw. In this regard, two previous studies have shown different security vulnerabilities of the protocol using formal security verification methods. Yet, both missed the vital security flaws we found in this paper: resource exhaustion and privacy attacks. In finding these vulnerabilities, we leveraged BAN-Logic and AVISPA to formally verify both EDHOC protocol variants. Consequently, we described these security flaws together with the results of the related studies and put forward recommended solutions as part of our future work.

Sign in / Sign up

Export Citation Format

Share Document