scholarly journals Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Younsung Choi ◽  
Junghyun Nam ◽  
Donghoon Lee ◽  
Jiye Kim ◽  
Jaewook Jung ◽  
...  
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Smart Cards ◽  
Security Requirements ◽  
Impersonation Attack ◽  
Single Server ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

scholarly journals A Lightweight Three-Factor Authentication and Key Agreement Scheme in Wireless Sensor Networks for Smart Homes

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 2012 ◽  
Author(s):  
Sooyeon Shin ◽  
Taekyoung Kwon
Keyword(s):  
Smart Home ◽  
Key Agreement ◽  
Smart Homes ◽  
Security Requirements ◽  
Wireless Sensor ◽  
Impersonation Attack ◽  
Secret Key ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Three Factor

A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our home life. For protecting WSNs for smart homes from those threats, authentication and key agreement are basic security requirements. There have been a large number of proposed authentication and key agreement scheme for WSNs. In 2017, Jung et al. proposed an efficient and security enhanced anonymous authentication with key agreement scheme by employing biometrics information as the third authentication factor. They claimed that their scheme resists on various security attacks and satisfies basic security requirements. However, we have discovered that Jung et al.’s scheme possesses some security weaknesses. Their scheme cannot guarantee security of the secret key of gateway node and security of session key and protection against user tracking attack, information leakage attack, and user impersonation attack. In this paper, we describe how those security weaknesses occur and propose a lightweight three-factor authentication and key agreement scheme in WSNs for smart homes, as an improved version of Jung et al.’s scheme. We then present a detailed analysis of the security and performance of the proposed scheme and compare the analysis results with other related schemes.

scholarly journals Password Based Client-Server-User Authenticated Key Agreement Mechanism for Cloud System

2019 ◽  
Vol 8 (4) ◽  
pp. 12839-12841
Keyword(s):  
Key Agreement ◽  
Identity Management ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Impersonation Attack ◽  
Session Key ◽  
Replay Attack ◽  
Authentication Mechanism ◽  
Diffie Hellman ◽  
Cloud Server

The authentication is an essential concern in the cloud environment to restrict the unauthorized users to retrieve the files from cloud server. Moreover, authentication mechanisms are used to prevent illegal access of resources over insecure channel. Thus proposed work provides the strong and efficient authentication process in cloud computing environment by chebyshev polynomial based chaotic maps Diffie Hellman property. The proposed authentication mechanism does not disclose the identity of the user to CSP. Moreover proposed authentication mechanism enables mutual authentication, Identity management, and session-key agreement. The Proposed mechanism of security analysis includes the enabling mutual authentication and key agreement, restricting the impersonation attack, man in the middle attack and replay attack.

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

scholarly journals Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

2012 ◽  
Vol 2012 ◽  
pp. 1-6 ◽  
Author(s):  
Younghwa An
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Smart Cards ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

scholarly journals Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity

2018 ◽  
Vol 2018 ◽  
pp. 1-14 ◽  
Author(s):  
Dongwoo Kang ◽  
Jaewook Jung ◽  
Hyoungshick Kim ◽  
Youngsook Lee ◽  
Dongho Won
Keyword(s):  
Key Agreement ◽  
Time Synchronization ◽  
User Authentication ◽  
Security Level ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Electronic Transactions ◽  
Security Properties ◽  
And Performance ◽  
High Possibility

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency.

scholarly journals Authentication protocols for smart homes

2021 ◽  
Author(s):  
Maninder Singh Raniyal
Keyword(s):  
Smart Home ◽  
User Authentication ◽  
Mutual Authentication ◽  
Smart Homes ◽  
Authentication Scheme ◽  
Security Requirements ◽  
Iot Security ◽  
Communication Topology ◽  
User Authentication Scheme ◽  
Authentication Schemes

One of the IoT's greatest opportunity and application still lies ahead in the form of smart home. In this ubiquitous/automated environment, due to the most likely heterogeneity of objects, communication, topology, security protocols, and the computationally limited na- ture of IoT objects, conventional authentication schemes may not comply with IoT security requirements since they are considered impractical, weak, or outdated. This thesis proposes: (1) The design of a two-factor device-to-device (D2D) Mutual Authentication Scheme for Smart Homes using OTP over Infrared Channel (referred to as D2DA-OTP-IC scheme); (2) The design of two proxy-password protected OTP-based schemes for smart homes, namely, the Password Protected Inter-device OTP-based Authentication scheme over Infrared Chan- nel and the Password Protected Inter-device OTP-based Authentication scheme using public key infrastructure; and (3) The design of a RSA-based two-factor user Authentication scheme for Smart Home using Smart Card.

scholarly journals An Authenticated Key Agreement Protocol Using Isogenies Between Elliptic Curves

2011 ◽  
Vol 6 (2) ◽  
pp. 258 ◽  
Author(s):  
Debiao He ◽  
Jianhua Chen ◽  
Jin Hu
Keyword(s):  
Key Agreement ◽  
Quantum Computer ◽  
Impersonation Attack ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Quantum Register ◽  
Public Key Cryptosystems ◽  
Key Agreement Protocol ◽  
Security Properties ◽  
Key Compromise Impersonation

All the current public-key cryptosystems will become insecure when size of a quantum register is sufficient. An authenticated key agreement protocol, which is against the attack of quantum computer, is proposed. The proposed protocol can provide the security properties known session key security, forward security, resistance to key-compromise impersonation attack and to unknown key-share attack, key control. We also prove its security in a widely accepted model.

scholarly journals An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme

2013 ◽  
Vol 2013 ◽  
pp. 1-5 ◽  
Author(s):  
Juan Qu ◽  
Li-min Zou
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Impersonation Attack ◽  
Forward Secrecy ◽  
Insider Attack ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
Authentication Schemes ◽  
Remote User

In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients.

Multi-Factor Identity Authenticated Key Agreement Protocol

2014 ◽  
Vol 556-562 ◽  
pp. 5597-5602
Author(s):  
Jun Wang ◽  
Yue Chen ◽  
Gang Yang ◽  
Hong Yong Jia ◽  
Ju Long Lan
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Impersonation Attack ◽  
Forward Security ◽  
Session Key ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Mutual Identity ◽  
Weak Resistance

This paper proposes scheme can achieve mutual authentication and session key agreement based on multi-factor. It improves the scheme proposed by Chuang et al on protecting from the stolen smart card attack, impersonation attack, server spoofing attack and man-in-the-middle attack, and guaranteeing on the forward security. It solves the problem of weak resistance to attacks in single-factor authentication approaches, by combining the smart card with biometrics and password. It also guarantees the security of mutual identity authentication between users and servers and that of session keys. It consumes more computing resources that the Chuang’s scheme, but it can resist to several known attacks efficiently.

Sign in / Sign up

Export Citation Format

Share Document