Key Management and Mutual Authentication for Multiple Field Records Smart Cards

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Download Full-text

Secure Key Management and Mutual Authentication Protocol for Wireless Sensor Network using Hybrid Approach

10.21203/rs.3.rs-328155/v1 ◽

2021 ◽

Author(s):

Sharmila ◽

Pramod Kumar ◽

Shashi Bhushan ◽

Manoj Kumar ◽

Mamoun Alazab

Keyword(s):

Key Management ◽

Mutual Authentication ◽

Hybrid Approach ◽

Limited Resource ◽

Sensor Nodes ◽

Wireless Sensor ◽

Distribution Method ◽

Key Establishment ◽

Management Scheme ◽

Hostile Environments

Abstract Wireless Sensor Networks (WSNs) play a crucial role in developing the Internet of Things (IoT) by collecting data from hostile environments like military and civil domains with limited resources. The above applications are prone to eavesdropper due to cryptographic algorithms' weaknesses for providing security in WSNs. The security protocols for WSNs are different from the traditional networks because of the limited resource of sensor nodes. Existing key management schemes require large key sizes to provide high-security levels, increasing the computational and communication cost for key establishment. This paper proposes a Hybrid Key Management Scheme for WSNs based on Elliptic Curve Cryptography (ECC) and a hash function to generate key pre-distribution keys. The Key establishment is carried out by merely broadcasting the node identity. The main reason for incorporating a hybrid approach in the key pre-distribution method is to achieve mutual authentication between the sensor nodes during the establishment phase. The proposed method reduces computational complexity with greater security and the proposed scheme can be competently applied into resource constraint sensor nodes

Download Full-text

Security Enhancements of a Mutual Authentication Scheme Using Smart Cards

Lecture Notes in Electrical Engineering - Ubiquitous Information Technologies and Applications ◽

10.1007/978-94-007-5857-5_77 ◽

2012 ◽

pp. 717-725

Author(s):

Younghwa An ◽

Youngdo Joo

Keyword(s):

Mutual Authentication ◽

Smart Cards ◽

Authentication Scheme ◽

Security Enhancements

Download Full-text

A Secure Remote Mutual Authentication and Key Agreement without Smart Cards

Information Technology Journal ◽

10.3923/itj.2009.333.339 ◽

2009 ◽

Vol 8 (3) ◽

pp. 333-339

Author(s):

Han-Cheng Hsiang ◽

Wei-Kuan Shih

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Smart Cards ◽

Authentication And Key Agreement

Download Full-text

HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs

Symmetry ◽

10.3390/sym12061003 ◽

2020 ◽

Vol 12 (6) ◽

pp. 1003 ◽

Cited By ~ 1

Author(s):

Haowen Tan ◽

Shichang Xuan ◽

Ilyong Chung

Keyword(s):

Key Management ◽

Vehicular Networks ◽

Vehicular Ad Hoc Networks ◽

Intelligent Transportation System ◽

Homomorphic Encryption ◽

Mutual Authentication ◽

Time Interval ◽

Short Time Interval ◽

Driving Experience ◽

Cross Domain

Emerging as the effective strategy of intelligent transportation system (ITS), vehicular ad hoc networks (VANETs) have the capacity of drastically improving the driving experience and road safety. In typical VANET scenarios, high mobility and volatility of vehicles result in dynamic topology of vehicular networks. That is, individual vehicle may pass through the effective domain of multiple neighboring road-side-units (RSUs) during a comparatively short time interval. Hence, efficient and low-latency cross-domain verification with all the successive RSUs is of significance. Recently, a lot of research on VANET authentication and key distribution was presented, while the critical cross-domain authentication (CDA) issue has not been properly addressed. Particularly, the existing CDA solutions mainly reply on the acquired confidential keying information from the neighboring entities (RSUs and vehicles), while too much trustworthiness is granted to the involved RSUs. Please note that the RSUs are distributively located and may be compromised or disabled by adversary, thus vital vehicle information may be revealed. Furthermore, frequent data interactions between RSUs and cloud server are always the major requisite so as to achieve mutual authentication with cross-domain vehicles, which leads to heavy bandwidth consumption and high latency. In this paper, we address the above VANET cross-domain authentication issue under the novel RSU edge networks assumption. Please note that RSUs are assumed to be semi-trustworthy entity in our design, where critical vehicular keying messages remain secrecy. Homomorphic encryption design is applied for all involved RSUs and vehicles. In this way, successive RSUs could efficiently verify the cross-domain vehicle with the transited certificate from the neighbor RSUs and vehicle itself, while the identity and secrets of each vehicle is hidden all the time. Afterwards, dynamic updating towards the anonymous vehicle identity is conducted upon validation, where conditional privacy preserving is available. Moreover, pairing-free mutual authentication method is used for efficiency consideration. Formal security analysis is given, proving that the HCDA mechanism yields desirable security properties on VANET cross domain authentication issue. Performance discussions demonstrate efficiency of the proposed HCDA scheme compared with the state-of-the-art.

Download Full-text

Security analysis for chaotic maps-based mutual authentication and key agreement using smart cards for wireless networks

Journal of Information and Optimization Sciences ◽

10.1080/02522667.2018.1470752 ◽

2019 ◽

Vol 40 (3) ◽

pp. 725-750 ◽

Cited By ~ 1

Author(s):

A. Shakiba

Keyword(s):

Wireless Networks ◽

Key Agreement ◽

Chaotic Maps ◽

Mutual Authentication ◽

Security Analysis ◽

Smart Cards ◽

Authentication And Key Agreement

Download Full-text

Achieving Better Privacy for the 3GPP AKA Protocol

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2016-0039 ◽

2016 ◽

Vol 2016 (4) ◽

pp. 255-275 ◽

Cited By ~ 10

Author(s):

Pierre-Alain Fouque ◽

Cristina Onete ◽

Benjamin Richard

Keyword(s):

Key Management ◽

Provable Security ◽

Mutual Authentication ◽

Mobile Network ◽

Authenticated Key Exchange ◽

Network Servers ◽

New Variant ◽

Man In The Middle ◽

Network Communications ◽

3Rd Generation Partnership Project

Abstract Proposed by the 3rd Generation Partnership Project (3GPP) as a standard for 3G and 4G mobile-network communications, the AKA protocol is meant to provide a mutually-authenticated key-exchange between clients and associated network servers. As a result AKA must guarantee the indistinguishability from random of the session keys (key-indistinguishability), as well as client- and server-impersonation resistance. A paramount requirement is also that of client privacy, which 3GPP defines in terms of: user identity confidentiality, service untraceability, and location untraceability. Moreover, since servers are sometimes untrusted (in the case of roaming), the AKA protocol must also protect clients with respect to these third parties. Following the description of client-tracking attacks e.g. by using error messages or IMSI catchers, van den Broek et al. and respectively Arapinis et al. each proposed a new variant of AKA, addressing such problems. In this paper we use the approach of provable security to show that these variants still fail to guarantee the privacy of mobile clients. We propose an improvement of AKA, which retains most of its structure and respects practical necessities such as key-management, but which provably attains security with respect to servers and Man-in-the- Middle (MiM) adversaries. Moreover, it is impossible to link client sessions in the absence of client-corruptions. Finally, we prove that any variant of AKA retaining its mutual authentication specificities cannot achieve client-unlinkability in the presence of corruptions. In this sense, our proposed variant is optimal.

Download Full-text

An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

Applied Computational Intelligence and Soft Computing ◽

10.1155/2016/3916942 ◽

2016 ◽

Vol 2016 ◽

pp. 1-10

Author(s):

Yousheng Zhou ◽

Junfeng Zhou ◽

Feng Wang ◽

Feng Guo

Keyword(s):

Key Management ◽

Chaotic Map ◽

Mutual Authentication ◽

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Authentication Scheme ◽

Session Key ◽

The Real ◽

Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

Download Full-text

Secure Authentication and Key Management Protocols for Mobile Multihop WiMAX Networks

Jurnal Teknologi ◽

10.11113/jt.v73.3258 ◽

2015 ◽

Vol 73 (1) ◽

Author(s):

Adnan Shahid Khan ◽

Halikul Lenando ◽

Johari Abdullah ◽

Norsheila Fisal

Keyword(s):

Key Management ◽

Denial Of Service ◽

Mutual Authentication ◽

Security Measures ◽

Medium Access ◽

Wimax Networks ◽

Smart Grid Communications ◽

Management Scheme ◽

Management Schemes ◽

Secure Authentication

Mobile Multihop Relay (MMR) network is one of the emerging technologies, especially LTE-Advanced, WiMAX and the Smart grid communications. Ensuring security is one of the most imperative and challenging issues in MMR networks. Privacy Key Management (PKM) protocol is proposed to ensure the security measures in MMR networks. However, the protocol still faces several security threats, specifically Denial of Service (DoS), replay attacks, Man in the Middle (MitM) attacks and the interleaving attacks, which is termed as Medium Access Control (MAC) layer attacks. This paper proposed a modified version PKM protocol for both unilateral and mutual authentication, which is termed as Self-organized Efficient Authentication and Key Management Scheme (SEAKS) authentication protocol. This protocol ensures secure end-to-end data transmission using distributed hop-by-hop authentication and localized key management schemes with a very simple and efficient way.

Download Full-text

Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards

Applied Sciences ◽

10.3390/app10228291 ◽

2020 ◽

Vol 10 (22) ◽

pp. 8291

Author(s):

Anuj Kumar Singh ◽

Arun Solanki ◽

Anand Nayyar ◽

Basit Qureshi

Keyword(s):

Elliptic Curve ◽

Smart Card ◽

Mutual Authentication ◽

Computational Cost ◽

Authentication Protocol ◽

Security Protocol ◽

Smart Cards ◽

Communication Overhead ◽

Authentication Mechanism ◽

Computational Overhead

In the modern computing environment, smart cards are being used extensively, which are intended to authenticate a user with the system or server. Owing to the constrictions of computational resources, smart card-based systems require an effective design and efficient security scheme. In this paper, a smart card authentication protocol based on the concept of elliptic curve signcryption has been proposed and developed, which provides security attributes, including confidentiality of messages, non-repudiation, the integrity of messages, mutual authentication, anonymity, availability, and forward security. Moreover, the analysis of security functionalities shows that the protocol developed and explained in this paper is secure from password guessing attacks, user and server impersonation, replay attacks, de-synchronization attacks, insider attacks, known key attacks, and man-in-the-middle attacks. The results have demonstrated that the proposed smart card security protocol reduces the computational overhead on a smart card by 33.3% and the communication cost of a smart card by 34.5%, in comparison to the existing efficient protocols. It can, thus, be inferred from the results that using elliptic curve signcryption in the authentication mechanism reduces the computational cost and communication overhead by a significant amount.

Download Full-text