Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

Download Full-text

Secure and Efficient Anonymous Authentication Scheme in Global Mobility Networks

Journal of Applied Mathematics ◽

10.1155/2013/302582 ◽

2013 ◽

Vol 2013 ◽

pp. 1-12 ◽

Cited By ~ 5

Author(s):

Jun-Sub Kim ◽

Jin Kwak

Keyword(s):

Mutual Authentication ◽

Authentication Scheme ◽

Session Key ◽

Replay Attack ◽

Anonymous Authentication ◽

Computational Overhead ◽

Global Mobility ◽

Global Mobility Network ◽

Man In The Middle ◽

Perfect Forward Secrecy

In 2012, Mun et al. pointed out that Wu et al.’s scheme failed to achieve user anonymity and perfect forward secrecy and disclosed the passwords of legitimate users. And they proposed a new enhancement for anonymous authentication scheme. However, their proposed scheme has vulnerabilities that are susceptible to replay attack and man-in-the-middle attack. It also incurs a high overhead in the database. In this paper, we examine the vulnerabilities in the existing schemes and the computational overhead incurred in the database. We then propose a secure and efficient anonymous authentication scheme for roaming service in global mobility network. Our proposed scheme is secure against various attacks, provides mutual authentication and session key establishment, and incurs less computational overhead in the database than Mun et al.'s scheme.

Download Full-text

An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

Applied Computational Intelligence and Soft Computing ◽

10.1155/2016/3916942 ◽

2016 ◽

Vol 2016 ◽

pp. 1-10

Author(s):

Yousheng Zhou ◽

Junfeng Zhou ◽

Feng Wang ◽

Feng Guo

Keyword(s):

Key Management ◽

Chaotic Map ◽

Mutual Authentication ◽

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Authentication Scheme ◽

Session Key ◽

The Real ◽

Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

Download Full-text

A Lattice-Based Authentication Scheme for Roaming Service in Ubiquitous Networks with Anonymity

Security and Communication Networks ◽

10.1155/2020/2637916 ◽

2020 ◽

Vol 2020 ◽

pp. 1-19

Author(s):

Yousheng Zhou ◽

Longan Wang

Keyword(s):

Privacy Preservation ◽

Mutual Authentication ◽

Public Key Cryptography ◽

Mobile User ◽

Authentication Scheme ◽

Home Networks ◽

Mobile Nodes ◽

Foreign Agent ◽

Ubiquitous Networks ◽

Authentication Schemes

In the ubiquitous networks, mobile nodes can obtain roaming service that enables them to get access to the services extended by their home networks in the field of foreign network. To provide secure and anonymous communication for legal mobile users in roaming services, there should be a mutual authentication between mobile user and foreign agent with the help of home agent. There are many roaming authentication schemes which have been proposed; however, with the progress of quantum computation, quantum attack poses security threats to many traditional public key cryptography-based authentication schemes; thus, antiquantum attack roaming authentication schemes need to be investigated. On account of the limitation of computational resources for mobile nodes, a lightweight anonymous and antiquantum authentication schemes need to be developed to enable mobile nodes to roam across multiple service domains securely and seamlessly. In consideration of the advantages of lattice in antiquantum, an NTRU-based authentication scheme with provable security and conditional privacy preservation is proposed to remedy these security weaknesses. Compared with the existing scheme, the proposed scheme not only improves efficiency but also can resist the quantum attack.

Download Full-text

An Enhanced Authentication Scheme for Internet of Things Based E-Healthcare System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8658 ◽

2020 ◽

Vol 17 (1) ◽

pp. 246-253 ◽

Cited By ~ 1

Author(s):

Ravi Raushan Kumar Chaudhary ◽

Ashish Singh ◽

Kakali Chatterjee

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Key Generation ◽

Key Exchange Protocol ◽

Session Key ◽

Diffie Hellman ◽

Healthcare Monitoring ◽

Diffie Hellman Key Exchange ◽

Mutual Authentication Protocol

Security is a major challenge in modern IoT based healthcare monitoring systems. It provides many benefits such as critical patient monitoring, remote diagnosis at anytime, anywhere. Hence, security of this data is essential when the healthcare professionals access it. Also, while storing the patients record; it must be kept safe from misuse and modification of data as other devices can easily track it. To prevent this type of threats, we have proposed a mutual authentication protocol to enhance health care security and to resist vulnerable attacks. The proposed scheme used Challenge response protocol for the authentication purpose and the Diffie-Hellman key exchange protocol is used for generation of the session key generation. The security analysis of the proposed scheme shows that the scheme is more secure and resist all the major attacks as compared to other schemes. The Formal verification of this schema also ensures that it resists most probable attacks in this system. The result of the proposed authentication scheme shows that it has low computational and communicational load.

Download Full-text

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

International Journal of Business Data Communications and Networking ◽

10.4018/ijbdcn.2016070104 ◽

2016 ◽

Vol 12 (2) ◽

pp. 62-79 ◽

Cited By ~ 12

Author(s):

Preeti Chandrakar ◽

Hari Om

Keyword(s):

Key Agreement ◽

User Authentication ◽

Mutual Authentication ◽

Security Analysis ◽

Session Key ◽

Key Agreement Protocol ◽

Remote User Authentication ◽

Session Key Agreement ◽

Man In The Middle ◽

Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

Download Full-text

A Novel Authentication Scheme for Multi-Server Environment of Industrial Internet

CONVERTER ◽

10.17762/converter.105 ◽

2021 ◽

pp. 718-729

Author(s):

Yu Zhang, Guangmin Sun

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Performance Comparison ◽

Authentication Scheme ◽

Session Key ◽

Industrial Internet ◽

The Face ◽

And Performance ◽

Value Decomposition ◽

Multi Server

Aiming at the security problems of authentication in multi-server environments, a novel three-factor authentication scheme for multi-server environments of industrial Internet is proposed. After verifying password and face, a temporary session key is established for the user and server. Then the user obtains the permission of application services and accessing resources. In process of verifying password, hash function is used to hide password. The method of verifying face is the face recognition based on singular value decomposition. During the key agreement phase, only four dot multiplication operations based on elliptic curve cryptography is used to realize one-time key for cryptograph transmission and mutual authentication. Through security analysis and performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value for multi-server environments of industrial Internet.

Download Full-text

GROUP AUTHENTICATION SCHEME BASED ON ZERO-KNOWLEDGE PROOF

PRIKLADNAYa DISKRETNAYa MATEMATIKA ◽

10.17223/20710410/51/3 ◽

2021 ◽

pp. 68-84

Author(s):

E. A. Shliakhtina ◽

◽

D. Y. Gamayunov ◽

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Third Party ◽

Convergence Time ◽

Group Signature ◽

Sybil Attack ◽

Zero Knowledge ◽

User Groups ◽

Zero Knowledge Proof

In this paper, we address the problem of mutual authentication in user groups in decentralized messaging systems without trusted third party. We propose a mutual authentication algorithm for groups using zero-knowledge proof. Using the algorithm, which is based on trust chains existing in decentralized network, users are able to authenticate each other without establishing a shared secret over side channel. The proposed algorithm is based on Democratic Group Signature protocol (DGS) and Communication-Computation Efficient Group Key algorithm for large and dynamic groups (CCEGK). We have performed security analysis of the proposed mutual authentication scheme against several attacks including Sybil attack and have made complexity estimation for the algorithm. The algorithm is implemented in an experimental P2P group messaging application, and using this implementation we estimate overhead of the authentication scheme and convergence time for several initial configurations of user groups and trust chains.

Download Full-text

A Robust Authentication Scheme for Client-Server Architecture With Provable Security Analysis

Network and Communication Technologies ◽

10.5539/nct.v3n1p6 ◽

2018 ◽

Vol 3 (1) ◽

pp. 6

Author(s):

Saeed Ullah Jan ◽

Fawad Qayum

Keyword(s):

User Authentication ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Session Key ◽

Memory Space ◽

Client Server ◽

Remote Server ◽

Server Architecture ◽

Client Server Architecture

Client-server computing is the analytical development of compatible programming with significant supposition and the detachment of a massive program into its fundamental parts ("modules"), which can create the chance for extra enhancement, inconsiderable improvement, and prominent maintainability. In client-server computing, total extensive modules don't need to be accomplished within the similar memory space totally but can execute independently on a suitable hardware and software platform according to their behavior. The user authentication is the dominant constraint for client-server computing that limits the illegitimate right of entry into the main workstation. This research is mainly focused on the design of a robust authentication scheme for client-server architecture computing. It carries some additional features like security, virtualization, user's programs security, individuality supervision, integrity, control access to server and authentication. The proposed background also delivers the characteristic supervision, mutual authentication, and establishment of secure session key among users and the remote server.

Download Full-text

Security Analysis on “Anonymous Authentication Scheme for Smart Home Environment with Provable Security”

Wireless Communications and Mobile Computing ◽

10.1155/2020/8838363 ◽

2020 ◽

Vol 2020 ◽

pp. 1-4

Author(s):

Meijia Xu ◽

Qiying Dong ◽

Mai Zhou ◽

Chenyu Wang ◽

Yangyang Liu

Keyword(s):

Smart Home ◽

User Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Dictionary Attack ◽

Anonymous Authentication ◽

Smart Home Environment ◽

User Authentication Scheme ◽

Authentication Schemes ◽

The Internet Of Things

As an important application of the Internet of Things, smart home has greatly facilitated our life. Since the communication channels of smart home are insecure and the transmitted data are usually sensitive, a secure and anonymous user authentication scheme is required. Numerous attempts have been taken to design such authentication schemes. Recently, Shuai et al. (Computer & Security 86(2019):132146) designed an anonymous authentication scheme for smart home using elliptic curve cryptography. They claimed that the proposed scheme is secure against various attacks and provides ideal attributes. However, we show that their scheme cannot resist inside attack and offline dictionary attack and also fails to achieve forward secrecy. Furthermore, we give some suggestions to enhance the security of the scheme. These suggestions also apply to other user authentication schemes with similar flaws.

Download Full-text

An Authentication and Secure Communication Scheme for In-Vehicle Networks Based on SOME/IP

Sensors ◽

10.3390/s22020647 ◽

2022 ◽

Vol 22 (2) ◽

pp. 647

Author(s):

Bin Ma ◽

Shichun Yang ◽

Zheng Zuo ◽

Bosong Zou ◽

Yaoguang Cao ◽

...

Keyword(s):

Secure Communication ◽

Rapid Development ◽

Security Analysis ◽

Research Area ◽

Authentication Scheme ◽

Session Key ◽

Positive Effects ◽

Important Approach ◽

Communication Scheme ◽

Vehicle Networks

The rapid development of intelligent networked vehicles (ICVs) has brought many positive effects. Unfortunately, connecting to the outside exposes ICVs to security threats. Using secure protocols is an important approach to protect ICVs from hacker attacks and has become a hot research area for vehicle security. However, most of the previous studies were carried out on V2X networks, while those on in-vehicle networks (IVNs) did not involve Ethernet. To this end, oriented to the new IVNs based on Ethernet, we designed an efficient secure scheme, including an authentication scheme using the Scalable Service-Oriented Middleware over IP (SOME/IP) protocol and a secure communication scheme modifying the payload field of the original SOME/IP data frame. The security analysis shows that the designed authentication scheme can provide mutual identity authentication for communicating parties and ensure the confidentiality of the issued temporary session key; the designed authentication and secure communication scheme can resist the common malicious attacks conjointly. The performance experiments based on embedded devices show that the additional overhead introduced by the secure scheme is very limited. The secure scheme proposed in this article can promote the popularization of the SOME/IP protocol in IVNs and contribute to the secure communication of IVNs.

Download Full-text