Insider Attack Prevention using Multifactor Authentication Protocols - A Survey

Secure and efficient authentication protocols are necessary for cloud service. Multifactor authentication protocols taking advantage of smart card, user’s password, and biometric, are more secure than password-based single-factor authentication protocols which are widely used in practice. However, most of the multiserver authentication protocols may have weak points, such as smart card loss attack, man-in-the-middle attack, anonymity, and high computation cost of authentication center. In order to overcome the above weaknesses, we propose a novel multiserver multifactor authentication protocol based on the Kerberos protocol using the extended Chebyshev chaotic mapping as a cryptographic algorithm. The proposed protocol achieves anonymity without sharing secret keys in advance and needs the user to register with the authentication center only once. Finally, we prove the security of the new protocol with BAN logic and compare it with other multifactor authentication protocols for multiserver environment. The results show that our proposed protocol is more secure and efficient and better for practical application.

Download Full-text

Comprehensive Analysis of Broadcast Authentication protocols in Wireless Sensor Networks

Journal of Computer Science and Information Technology ◽

10.15640/jcsit.v2n3-4a6 ◽

2014 ◽

Vol 2 (3 & 4) ◽

Author(s):

Masoum Farahmandian ◽

Mohammad Masdari ◽

Vahid Farahmandian

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Comprehensive Analysis ◽

Wireless Sensor ◽

Authentication Protocols ◽

Broadcast Authentication

Download Full-text

Security Analysis of Wireless Authentication Protocols

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327908666180806112157 ◽

2019 ◽

Vol 9 (2) ◽

pp. 247-252 ◽

Cited By ~ 1

Author(s):

Ashish Joshi ◽

Amar Kumar Mohapatra

Keyword(s):

Execution Time ◽

Communication Systems ◽

Security Analysis ◽

Cryptographic Protocols ◽

Command Line ◽

Time Analysis ◽

Authentication Protocols ◽

Replay Attack ◽

Peer Communication ◽

Digital Communication Systems

Background & Objective: Cryptographic protocols had been evident method for ensuring con dentiality, Integrity and authentication in various digital communication systems. However the validation and analysis of such cryptographic protocols was limited to usage of formal mathematical models until few years back. Methods: In this paper, various popular cryptographic protocols have been studied. Some of these protocols (PAP, CHAP, and EAP) achieve security goals in peer to peer communication while others (RADIUS, DIAMETER and Kerberos) can work in multiparty environment. These protocols were validated and analysed over two popular security validation and analysis tools AVISPA and Scyther. The protocols were written according to their documentation using the HLPSL and SPDL for analysis over AVISPA and Scyther respectively. The results of these tools were analysed to nd the possible attack an each protocol. Afterwards The execution time analysis of the protocols were done by repeating the experiment for multiple iterations over the command line versions of these tools.As the literature review suggested, this research also validates that using password based protocols (PAP) is faster in terms of execution time as compared to other methods, Usage of nonces tackles the replay attack and DIAMETER is secure than RADIUS. Results and Conclusion: The results also showed us that DIAMETER is faster than RADIUS. Though Kerberos protocol was found to safe, the results tell us that it is compromisable under particular circumstances.

Download Full-text

An Improved Fuzzy Vector Signature with Reusability

Applied Sciences ◽

10.3390/app10207141 ◽

2020 ◽

Vol 10 (20) ◽

pp. 7141

Author(s):

Ilhwan Lim ◽

Minhye Seo ◽

Dong Hoon Lee ◽

Jong Hwan Park

Keyword(s):

Sampling Method ◽

Performance Comparison ◽

Error Rates ◽

Efficiency Improvement ◽

Fuzzy Extractor ◽

Authentication Protocols ◽

Biometric Data ◽

Single User ◽

Helper Data ◽

Fuzzy Vector

Fuzzy vector signature (FVS) is a new primitive where a fuzzy (biometric) data w is used to generate a verification key (VKw), and, later, a distinct fuzzy (biometric) data w′ (as well as a message) is used to generate a signature (σw′). The primary feature of FVS is that the signature (σw′) can be verified under the verification key (VKw) only if w is close to w′ in a certain predefined distance. Recently, Seo et al. proposed an FVS scheme that was constructed (loosely) using a subset-based sampling method to reduce the size of helper data. However, their construction fails to provide the reusability property that requires that no adversary gains the information on fuzzy (biometric) data even if multiple verification keys and relevant signatures of a single user, which are all generated with correlated fuzzy (biometric) data, are exposed to the adversary. In this paper, we propose an improved FVS scheme which is proven to be reusable with respect to arbitrary correlated fuzzy (biometric) inputs. Our efficiency improvement is achieved by strictly applying the subset-based sampling method used before to build a fuzzy extractor by Canetti et al. and by slightly modifying the structure of the verification key. Our FVS scheme can still tolerate sub-linear error rates of input sources and also reduce the signing cost of a user by about half of the original FVS scheme. Finally, we present authentication protocols based on fuzzy extractor and FVS scheme and give performance comparison between them in terms of computation and transmission costs.

Download Full-text

Remote Quantum-Safe Authentication of Entities with Physical Unclonable Functions

Photonics ◽

10.3390/photonics8070289 ◽

2021 ◽

Vol 8 (7) ◽

pp. 289

Author(s):

Georgios M. Nikolopoulos

Keyword(s):

Authentication Protocol ◽

Authentication Protocols ◽

Photonic Networks ◽

Physical Unclonable Functions ◽

Quantum Protocols ◽

Open Question ◽

Standard Techniques

Physical unclonable functions have been shown to be a useful resource of randomness for implementing various cryptographic tasks including entity authentication. All the related entity authentication protocols that have been discussed in the literature so far, either they are vulnerable to an emulation attack, or they are limited to short distances. Hence, quantum-safe remote entity authentication over large distances remains an open question. In the first part of this work, we discuss the requirements that an entity authentication protocol has to offer, to be useful for remote entity authentication in practice. Subsequently, we propose a protocol, which can operate over large distances, and offers security against both classical and quantum adversaries. The proposed protocol relies on standard techniques, it is fully compatible with the infrastructure of existing and future photonic networks, and it can operate in parallel with other quantum protocols, including QKD protocols.

Download Full-text