scholarly journals Two-Factor User Authentication with Key Agreement Scheme Based on Elliptic Curve Cryptosystem

2014 ◽  
Vol 2014 ◽  
pp. 1-6 ◽  
Author(s):  
Juan Qu ◽  
Xiao-Ling Tan
Keyword(s):  
Elliptic Curve ◽  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Elliptic Curve Cryptosystem ◽  
Password Guessing Attack ◽  
High Level

A password authentication scheme using smart card is called two-factor authentication scheme. Two-factor authentication scheme is the most accepted and commonly used mechanism that provides the authorized users a secure and efficient method for accessing resources over insecure communication channel. Up to now, various two-factor user authentication schemes have been proposed. However, most of them are vulnerable to smart card loss attack, offline password guessing attack, impersonation attack, and so on. In this paper, we design a password remote user authentication with key agreement scheme using elliptic curve cryptosystem. Security analysis shows that the proposed scheme has high level of security. Moreover, the proposed scheme is more practical and secure in contrast to some related schemes.

scholarly journals Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”

2018 ◽  
Vol 11 (4) ◽  
pp. 190-194
Author(s):  
YALIN CHEN ◽  
JUE-SAM CHOU ◽  
I - CHIUNG LIAO
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.

scholarly journals Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

2012 ◽  
Vol 2012 ◽  
pp. 1-6 ◽  
Author(s):  
Younghwa An
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Smart Cards ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

scholarly journals Privacy Preserving User Authentication Scheme based on Password and Smart Card for Multi-Server Environment

2020 ◽  
Author(s):  
Stanley Mlatho ◽  
Prince Chirwa ◽  
Yesaya Gabriel ◽  
Hyunsung Kim
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Denial Of Service ◽  
Security Analysis ◽  
Privacy Preserving ◽  
Authentication Scheme ◽  
User Friendliness ◽  
Denial Of Service Attack ◽  
User Authentication Scheme ◽  
Multi Server

Abstract Advancement in information and communication technology provides a scalable platform for various communication services, where a remote user can access the server from anywhere and anytime. The multi-server environment introduces a scalable platform such that a user can interact with any server using single registration. These services adopt authentication schemes in order to ensure secure and privacy preserving access to the resources. Recently Zhao et al. proposed a user authentication scheme based on password and smart card for the multi-server environment. They argued that their scheme is secure from well-known attacks. In this paper, we first identify that Zhao et al.’s scheme suffers from the denial of service attack and the privacy attack and does not provide user friendliness. After that, we propose a new privacy preserving user authentication scheme as a remedy scheme of Zhao et al.’s scheme. Through the rigorous formal and informal security analysis, we show that our scheme is secure against various known attacks including attacks founded in Zhao et al.’s scheme. Furthermore, we simulate our scheme for the formal security verification using ProVerif tool.

Cryptanalysis of Ahirwal-Sonwanshi ID-Based Remote User Authentication Scheme

2015 ◽  
Vol 764-765 ◽  
pp. 858-862 ◽  
Author(s):  
Yung Cheng Lee ◽  
Pei Ju Lee
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Denial Of Service ◽  
Authentication Scheme ◽  
Password Guessing Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Due to the rapid growth of computer and communication technologies, people obtain variety of online services quickly. However, all networks are vulnerable to lots of security threats and attacks. The remote authentication scheme provides an efficient method to validate the remote users and servers. Ahirwal and Sonwanshi proposed a remote user authentication scheme with smart card in 2012. They indicated that Song’s smart card based password authentication protocol cannot resist the offline password guessing attack, insider attack, forward secrecy and denial of service attack. They proposed an ID-based authentication scheme to fix security flaws. The scheme uses one-way hash function and bitwise XOR operation such that the computation complexity is very low. However, in this article, we will show that their scheme cannot withstand the offline password guessing attack as they declared. An adversary can use the intercepted messages of two login sessions to obtain the password.

scholarly journals A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography

Sensors ◽  
2018 ◽  
Vol 18 (7) ◽  
pp. 2394 ◽  
Author(s):  
Guosheng Xu ◽  
Shuming Qiu ◽  
Haseeb Ahmad ◽  
Guoai Xu ◽  
Yanhui Guo ◽  
...  
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curve Cryptography ◽  
Secure Communication ◽  
Vital Role ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Password Guessing Attack ◽  
Perfect Forward Secrecy ◽  
Guessing Attack ◽  
Multi Server

To provide secure communication, the authentication-and-key-agreement scheme plays a vital role in multi-server environments, Internet of Things (IoT), wireless sensor networks (WSNs), etc. This scheme enables users and servers to negotiate for a common session initiation key. Our proposal first analyzes Amin et al.’s authentication scheme based on RSA and proves that it cannot provide perfect forward secrecy and user un-traceability, and is susceptible to offline password guessing attack and key-compromise user impersonation attack. Secondly, we provide that Srinivas et al.’s multi-server authentication scheme is not secured against offline password guessing attack and key-compromise user impersonation attack, and is unable to ensure user un-traceability. To remedy such limitations and improve computational efficiency, we present a multi-server two-factor authentication scheme using elliptic curve cryptography (ECC). Subsequently, employing heuristic analysis and Burrows–Abadi–Needham logic (BAN-Logic) proof, it is proven that the presented scheme provides security against all known attacks, and in particular provides user un-traceability and perfect forward security. Finally, appropriate comparisons with prevalent works demonstrate the robustness and feasibility of the presented solution in multi-server environments.

scholarly journals Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3144 ◽  
Author(s):  
Huawei Wang ◽  
Dianli Guo ◽  
Hua Zhang ◽  
Qiaoyan Wen
Keyword(s):  
User Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
User Privacy ◽  
Dynamic Id ◽  
Multiple Servers ◽  
And Performance ◽  
Multi Server ◽  
Server Architecture

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.

Sign in / Sign up

Export Citation Format

Share Document