A machine learning-based scheme for the security analysis of authentication and key agreement protocols

2018 ◽  
Vol 32 (22) ◽  
pp. 16819-16831 ◽  
Author(s):  
Zhuo Ma ◽  
Yang Liu ◽  
Zhuzhu Wang ◽  
Haoran Ge ◽  
Meng Zhao
Keyword(s):  
Machine Learning ◽  
Key Agreement ◽  
Security Analysis ◽  
Authentication And Key Agreement ◽  
Agreement Protocols

scholarly journals A Novel Machine Learning-Based Approach for Security Analysis of Authentication and Key Agreement Protocols

2020 ◽  
Vol 2020 ◽  
pp. 1-15
Author(s):  
Behnam Zahednejad ◽  
Lishan Ke ◽  
Jing Li
Keyword(s):  
Machine Learning ◽  
Key Agreement ◽  
Security Analysis ◽  
Replay Attack ◽  
Authentication And Key Agreement ◽  
Password Guessing Attack ◽  
Dataset Size ◽  
Security Properties ◽  
Guessing Attack ◽  
Construction Model

The application of machine learning in the security analysis of authentication and key agreement protocol was first launched by Ma et al. in 2018. Although they received remarkable results with an accuracy of 72% for the first time, their analysis is limited to replay attack and key confirmation attack. In addition, their suggested framework is based on a multiclassification problem in which every protocol or dataset instance is either secure or prone to a security attack such as replay attack, key confirmation, or other attacks. In this paper, we show that multiclassification is not an appropriate framework for such analysis, since authentication protocols may suffer different attacks simultaneously. Furthermore, we consider more security properties and attacks to analyze protocols against. These properties include strong authentication and Unknown Key Share (UKS) attack, key freshness, key authentication, and password guessing attack. In addition, we propose a much more efficient dataset construction model using a tenth number of features, which improves the solving speed to a large extent. The results indicate that our proposed model outperforms the previous models by at least 10–20 percent in all of the machine learning solving algorithms such that upper-bound performance reaches an accuracy of over 80% in the analysis of all security properties and attacks. Despite the previous models, the classification accuracy of our proposed dataset construction model rises in a rational manner along with the increase of the dataset size.

scholarly journals Questioning the security of three recent authentication and key agreement protocols

IEEE Access ◽  
2021 ◽  
pp. 1-1
Author(s):  
Amir Masoud Rahmani ◽  
Mokhtar Mohammadi ◽  
Shima Rashidi ◽  
Jan Lansky ◽  
Stanislava Mildeova ◽  
...  
Keyword(s):  
Key Agreement ◽  
Authentication And Key Agreement ◽  
Agreement Protocols

PUF-based Authentication and Key Agreement Protocols for IoT, WSNs and Smart Grids: A Comprehensive Survey

2022 ◽  
pp. 1-1
Author(s):  
Priyanka Mall ◽  
Ruhul Amin ◽  
Ashok Kumar Das ◽  
Mark T. Leung ◽  
Kim-Kwang Raymond Choo
Keyword(s):  
Smart Grids ◽  
Key Agreement ◽  
Authentication And Key Agreement ◽  
Comprehensive Survey ◽  
Agreement Protocols

scholarly journals A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

Symmetry ◽  
2020 ◽  
Vol 12 (1) ◽  
pp. 150 ◽  
Author(s):  
Yicheng Yu ◽  
Liang Hu ◽  
Jianfeng Chu
Keyword(s):  
Cloud Computing ◽  
Internet Of Things ◽  
Secure Communication ◽  
Key Agreement ◽  
Security Analysis ◽  
Computing Environment ◽  
Cloud Computing Environment ◽  
Authentication And Key Agreement ◽  
Insider Attack ◽  
Cloud Servers

The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

scholarly journals Improved Authenticated Key Agreement Scheme for Fog-Driven IoT Healthcare System

2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Tsu-Yang Wu ◽  
Tao Wang ◽  
Yu-Qi Lee ◽  
Weimin Zheng ◽  
Saru Kumari ◽  
...  
Keyword(s):  
Key Agreement ◽  
Low Cost ◽  
Fog Computing ◽  
Security Analysis ◽  
Transportation Systems ◽  
Security Evaluation ◽  
Medical Systems ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Secure Authentication

The Internet of things (IoT) has been widely used for various applications including medical and transportation systems, among others. Smart medical systems have become the most effective and practical solutions to provide users with low-cost, noninvasive, and long-term continuous health monitoring. Recently, Jia et al. proposed an authentication and key agreement scheme for smart medical systems based on fog computing and indicated that it is safe and can withstand a variety of known attacks. Nevertheless, we found that it consists of several flaws, including known session-specific temporary information attacks and lack of per-verification. The opponent can readily recover the session key and user identity. In this paper, we propose a secure authentication and key agreement scheme, which compensates for the imperfections of the previously proposed. For a security evaluation of the proposed authentication scheme, informal security analysis and the Burrows–Abadi–Needham (BAN) logic analysis are implemented. In addition, the ProVerif tool is used to normalize the security verification of the scheme. Finally, the performance comparisons with the former schemes show that the proposed scheme is more applicable and secure.

Sign in / Sign up

Export Citation Format

Share Document