scholarly journals Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments

2019 ◽  
Vol 2019 ◽  
pp. 1-13 ◽  
Author(s):  
Ping Wang ◽  
Bin Li ◽  
Hongjin Shi ◽  
Yaosheng Shen ◽  
Ding Wang

Investigating the security pitfalls of cryptographic protocols is crucial to understand how to improve security. At ICCCS’17, Wu and Xu proposed an efficient smart-card-based password authentication scheme for cloud computing environments to cope with the vulnerabilities in Jiang et al.’s scheme. However, we reveal that Wu-Xu’s scheme actually is subject to various security flaws, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services and further suggested a user-friendly scheme which is claimed to be suitable for multiserver architecture and robust against various attacks. In this work, we show that Roy et al.’s scheme fails to achieve truly two-factor security and shows poor scalability. At FGCS’18, Amin et al. pointed out that most of existing two-factor schemes are either insecure or inefficient for mobile devices due to the use of public-key techniques and thus suggested an improved protocol by using only light-weight symmetric key techniques. Almost at the same time, Wei et al. also observed this issue and proposed a new scheme based on symmetric key techniques with formal security proofs in the random oracle model. Nevertheless, we point out that both Amin et al.’s and Wei et al.’s schemes cannot achieve the claimed security goals (including the most crucial goal of “truly two-factor security”). Our results invalidate any use of the scrutinized schemes for cloud computing environments.

Author(s):  
Zhuo Hao ◽  
Sheng Zhong ◽  
Nenghai Yu

<p>Cloud computing is becoming popular quickly. In cloud computing, people store their important data in the cloud, which makes it important to ensure the data integrity and availability. Remote data integrity checking enables the client to perform data integrity verification without access to the complete file. This service brings convenience to clients, but degrades the server’s performance severely. Proper schemes must be designed to reduce the performance degradation.<br /> In this paper, a time-bound ticket-based mutual authentication scheme is proposed for solving this problem. The proposed authentication scheme achieves mutual authentication between the server and the client. The use of timebound tickets reduces the server’s processing overhead efficiently. The correspondence relationship between the digital ticket and the client’s smart card prevents user masquerade attack effectively. By security analysis, we show that the proposed scheme is resistant to masquerade attack, replay attack and password guessing attack. By performance analysis, we show that the proposed scheme has good efficiency. The proposed scheme is very suitable for cloud computing.</p>


2021 ◽  
Vol 3 (4) ◽  
Author(s):  
Seth Alornyo ◽  
Kingsford Kissi Mireku ◽  
Mustapha Adamu Mohammed ◽  
Daniel Adu-Gyamfi ◽  
Michael Asante

AbstractKey-insulated encryption reduces the problem of secret key exposure in hostile setting while signcryption cryptosystem attains the benefits of digitally signing a ciphertext and public key cryptosystem. In this study, we merge the primitives of parallel key-insulation cryptosystem and signcryption with equality test to construct ID-based parallel key-insulated signcryption with a test for equality (ID-PKSET) in cloud computing. The construction prevent data forgery, data re-play attacks and reduces the leakage of secret keys in harsh environments. Our scheme attains the security property of existential unforgeable chosen message attack (EUF-CMA) and indistinquishable identity chosen ciphertext attack (IND-ID-CCA2) using random oracle model.


2020 ◽  
Vol 2020 ◽  
pp. 1-15
Author(s):  
Behnam Zahednejad ◽  
Lishan Ke ◽  
Jing Li

The application of machine learning in the security analysis of authentication and key agreement protocol was first launched by Ma et al. in 2018. Although they received remarkable results with an accuracy of 72% for the first time, their analysis is limited to replay attack and key confirmation attack. In addition, their suggested framework is based on a multiclassification problem in which every protocol or dataset instance is either secure or prone to a security attack such as replay attack, key confirmation, or other attacks. In this paper, we show that multiclassification is not an appropriate framework for such analysis, since authentication protocols may suffer different attacks simultaneously. Furthermore, we consider more security properties and attacks to analyze protocols against. These properties include strong authentication and Unknown Key Share (UKS) attack, key freshness, key authentication, and password guessing attack. In addition, we propose a much more efficient dataset construction model using a tenth number of features, which improves the solving speed to a large extent. The results indicate that our proposed model outperforms the previous models by at least 10–20 percent in all of the machine learning solving algorithms such that upper-bound performance reaches an accuracy of over 80% in the analysis of all security properties and attacks. Despite the previous models, the classification accuracy of our proposed dataset construction model rises in a rational manner along with the increase of the dataset size.


2017 ◽  
Vol 2017 ◽  
pp. 1-11 ◽  
Author(s):  
Kai Zhang ◽  
Lifei Wei ◽  
Xiangxue Li ◽  
Haifeng Qian

Outsourcing computation with verifiability is a merging notion in cloud computing, which enables lightweight clients to outsource costly computation tasks to the cloud and efficiently check the correctness of the result in the end. This advanced notion is more important in marine mobile computing since the oceangoing vessels are usually constrained with less storage and computation resources. In such a scenario, vessels always firstly outsource data set and perform a function computing over them or at first outsource computing functions and input data set into them. However, vessels may choose which delegation computation type to outsource, which generally depends on the actual circumstances. Hence, we propose a scalable verifiable outsourcing computation protocol (SV-OC) in marine cloud computing at first and extract a single-mode version of it (SM-SV-OC), where both protocols allow anyone who holds verification tokens to efficiently verify the computed result returned from cloud. In this way, the introduced “scalable” property lets vessels adjust the protocol to cope with different delegation situations in practice. We additionally prove both SV-OC and SM-SV-OC achieving selective soundness in the random oracle model and evaluate their performance in the end.


2011 ◽  
Vol 216 ◽  
pp. 510-513
Author(s):  
Yung Cheng Lee

The authenticated key agreement protocols are widely used mechanisms for users to negotiate session keys and authenticate each other. Until now, there are many authenticated key agreement protocols proposed. However, many of them suffer from various attacks such as guessing attack, replay attack, impersonate attack, etc. In this paper, we propose a simple password-based authenticated key agreement protocol to solve these problems. The proposed protocol not only provides forward and backward secrecy, but also can resist replay attack, modification attack, and password guessing attack. Moreover, the computation cost of the protocol is very low.


Information ◽  
2018 ◽  
Vol 9 (10) ◽  
pp. 242 ◽  
Author(s):  
Chen Guo ◽  
Xingbing Fu ◽  
Yaojun Mao ◽  
Guohua Wu ◽  
Fagen Li ◽  
...  

With the advent of cloud computing, more and more users begin to outsource encrypted files to cloud servers to provide convenient access and obtain security guarantees. Searchable encryption (SE) allows a user to search the encrypted files without leaking information related to the contents of the files. Searchable symmetric encryption (SSE) is an important branch of SE. Most of the existing SSE schemes considered single-user settings, which cannot meet the requirements for data sharing. In this work, we propose a multi-user searchable symmetric encryption scheme with dynamic updates. This scheme is applicable to the usage scenario where one data owner encrypts sensitive files and shares them among multiple users, and it allows secure and efficient searches/updates. We use key distribution and re-encryption to achieve multi-user access while avoiding a series of issues caused by key sharing. Our scheme is constructed based on the index structure where a bit matrix is combined with two static hash tables, pseudorandom functions and hash functions. Our scheme is proven secure in the random oracle model.


2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Lingyan Xue ◽  
Qinglong Huang ◽  
Shuaiqing Zhang ◽  
Haiping Huang ◽  
Wenming Wang

The Internet of Things (IoT) has built an information bridge between people and the objective world, wherein wireless sensor networks (WSNs) are an important driving force. For applications based on WSN, such as environment monitoring, smart healthcare, user legitimacy authentication, and data security, are always worth exploring. In recent years, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are revealed to various vulnerabilities (e.g., password guessing attack, impersonation attack, and replay attack) due to nonuniform security evaluation criteria. Wang et al. put forward 12 pieces of widely accepted evaluation criteria by investigating quantities of relevant literature. In this paper, we first propose a lightweight multifactor authentication protocol for multigateway WSNs using hash functions and XOR operations. Further, BAN logic and BPR model are employed to formally prove the correctness and security of the proposed scheme, and the informal analysis with Wang et al.’s criteria also indicates that it can resist well-known attacks. Finally, performance analysis of the compared schemes is given, and the evaluation results show that only the proposed scheme can satisfy all 12 evaluation criteria and keep efficient among these schemes.


2018 ◽  
Vol 2018 ◽  
pp. 1-16 ◽  
Author(s):  
Cheolhee Park ◽  
Hyunil Kim ◽  
Dowon Hong ◽  
Changho Seo

Over the recent years, cloud storage services have become increasingly popular, where users can outsource data and access the outsourced data anywhere, anytime. Accordingly, the data in the cloud is growing explosively. Among the outsourced data, most of them are duplicated. Cloud storage service providers can save huge amounts of resources via client-side deduplication. On the other hand, for safe outsourcing, clients who use the cloud storage service desire data integrity and confidentiality of the outsourced data. However, ensuring confidentiality and integrity in the cloud storage environment can be difficult. Recently, in order to achieve integrity with deduplication, the notion of deduplicatable proof of storage has emerged, and various schemes have been proposed. However, previous schemes are still inefficient and insecure. In this paper, we propose a symmetric key based deduplicatable proof of storage scheme, which ensures confidentiality with dictionary attack resilience and supports integrity auditing based on symmetric key cryptography. In our proposal, we introduce a bit-level challenge in a deduplicatable proof of storage protocol to minimize data access. In addition, we prove the security of our proposal in the random oracle model with information theory. Implementation results show that our scheme has the best performance.


2020 ◽  
Vol 39 (6) ◽  
pp. 8609-8620
Author(s):  
Chintan Patel ◽  
Dhara Joshi ◽  
Nishant Doshi ◽  
A. Veeramuthu ◽  
Rutvij Jhaveri

With the agile development of the Internet era, starting from the message transmission to money transactions, everything is online now. Remote user authentication (RUA) is a mechanism in which a remote server verifies the user’s correctness over the shared or public channel. In this paper, we analyze an RUA scheme proposed by Chen for the multi-server environment and prove that their scheme is not secured. We also find numerous vulnerabilities such as password guessing attack, replay attack, Registration Center (RC) spoofing attack, session key verification attack, and perfect forward secrecy attack for Chen’s scheme. After performing the cryptanalysis of Chen’s scheme, we propose a biometric-based RUA scheme for the same multi-server environment. We prove that the proposed authentication scheme achieves higher security than Chen’s scheme with the use of informal security analysis as well as formal security analysis. The formal security analysis of the proposed scheme is done using a widely adopted random oracle method.


2011 ◽  
Vol 145 ◽  
pp. 184-188
Author(s):  
Young Hwa An

In 2008, Bindu et al. proposed an improvement to Chien et al.'s remote password authentication scheme preserving user anonymity, and has asserted that the scheme is secure against replay attack, guessing attack, insider attack and man-in-the-middle attack, etc. However, in this paper, we have shown that Bindu et al.'s scheme is still insecure against man-in-the-middle attack and password guessing attack, and does not provide user anonymity. Also, we propose an improved scheme to withstand these weaknesses, while preserving their merits, even if the secret information stored in the smart card is revealed. As a result of analysis, the proposed scheme is secure against user impersonation attack, server masquerading attack, password guessing attack and does provide user anonymity. And we can see that the proposed scheme is relatively more effective than Bindu et al.'s scheme.


Sign in / Sign up

Export Citation Format

Share Document