scholarly journals Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity

2018 ◽  
Vol 2018 ◽  
pp. 1-14 ◽  
Author(s):  
Dongwoo Kang ◽  
Jaewook Jung ◽  
Hyoungshick Kim ◽  
Youngsook Lee ◽  
Dongho Won
Keyword(s):  
Key Agreement ◽  
Time Synchronization ◽  
User Authentication ◽  
Security Level ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Electronic Transactions ◽  
Security Properties ◽  
And Performance ◽  
High Possibility

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency.

scholarly journals Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Younsung Choi ◽  
Junghyun Nam ◽  
Donghoon Lee ◽  
Jiye Kim ◽  
Jaewook Jung ◽  
...  
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Smart Cards ◽  
Security Requirements ◽  
Impersonation Attack ◽  
Single Server ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

scholarly journals An Authenticated Key Agreement Protocol Using Isogenies Between Elliptic Curves

2011 ◽  
Vol 6 (2) ◽  
pp. 258 ◽  
Author(s):  
Debiao He ◽  
Jianhua Chen ◽  
Jin Hu
Keyword(s):  
Key Agreement ◽  
Quantum Computer ◽  
Impersonation Attack ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Quantum Register ◽  
Public Key Cryptosystems ◽  
Key Agreement Protocol ◽  
Security Properties ◽  
Key Compromise Impersonation

All the current public-key cryptosystems will become insecure when size of a quantum register is sufficient. An authenticated key agreement protocol, which is against the attack of quantum computer, is proposed. The proposed protocol can provide the security properties known session key security, forward security, resistance to key-compromise impersonation attack and to unknown key-share attack, key control. We also prove its security in a widely accepted model.

scholarly journals A New Enhanced Authentication Mechanism Using Session Key Agreement Protocol

2018 ◽  
Vol 18 (4) ◽  
pp. 61-74 ◽  
Author(s):  
S. Usha ◽  
S. Kuppuswami ◽  
M. Karthik
Keyword(s):  
Information Security ◽  
Key Agreement ◽  
Cryptographic Protocols ◽  
Personal Privacy ◽  
Session Key ◽  
Driving License ◽  
Key Agreement Protocol ◽  
Authentication Mechanism ◽  
Session Key Agreement ◽  
Security Properties

Abstract Cryptographic protocols are the backbone of information security. Unfortunately the security of several important components of these protocols can be neglected. This causes violation of personal privacy and threats to democracy. Integration of biometrics with cryptography can overcome this problem. In this paper an enhanced session key agreement protocol which uses the data derived from iris signature is suggested to improve the security of biometric based applications like e-Passport, e-Driving license, etc. The authenticity and security properties of the proposed protocol are analyzed using ProVerif tool and demonstrate it satisfies the intended properties.

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

scholarly journals Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”

2018 ◽  
Vol 11 (4) ◽  
pp. 190-194
Author(s):  
YALIN CHEN ◽  
JUE-SAM CHOU ◽  
I - CHIUNG LIAO
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.

Sign in / Sign up

Export Citation Format

Share Document