Improved ECC-Based Three-Factor Multiserver Authentication Scheme

A multiserver environment can improve the efficiency of mobile network services more effectively than a single server in managing the increase in users. Because of the large number of users, the security of users’ personal information and communication information is more important in a multiserver environment. Recently, Wang et al. proposed a multiserver authentication scheme based on biometrics and proved the security of their scheme. However, we first demonstrate that their scheme is insecure against a known session-specific temporary information attacks, user impersonation attacks, and server impersonation attacks. To solve the security weakness, we propose an improved scheme based on Wang et al.’s scheme. The security of our improved scheme is also validated based on the formal security analysis, Burrows–Abadi–Needham (BAN) logic, ProVerif, and informal security analysis. Security and performance comparisons prove the security and efficiency of our scheme.

Download Full-text

Formal Verification of Authentication and Service Authorization Protocols in 5G-Enabled Device-to-Device Communications Using ProVerif

Electronics ◽

10.3390/electronics10131608 ◽

2021 ◽

Vol 10 (13) ◽

pp. 1608

Author(s):

Ed Kamya Kiyemba Edris ◽

Mahdi Aiash ◽

Jonathan Loo

Keyword(s):

Service Providers ◽

Security Analysis ◽

Mobile Network ◽

Network Services ◽

Control Mechanisms ◽

D2d Communications ◽

Fifth Generation ◽

Device To Device ◽

Pi Calculus ◽

Authentication And Authorization

Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols.

Download Full-text

Security and Performance of Single Sign-on Based on One-Time Pad Algorithm

Cryptography ◽

10.3390/cryptography4020016 ◽

2020 ◽

Vol 4 (2) ◽

pp. 16

Author(s):

Maki Kihara ◽

Satoshi Iriyama

Keyword(s):

Access Control ◽

Personal Information ◽

Security Analysis ◽

Free Access ◽

Multiple Systems ◽

Single Sign On ◽

Man In The Middle ◽

Execution Speed ◽

And Performance ◽

The One

Single sign-on (SSO) techniques allow access control for multiple systems with a single login. The aim of our study is to construct an authentication algorithm that provides the authentication information of a user to a requester without requiring any specific token, thereby achieving domain-free access control. In this study, we propose an authentication algorithm for SSO based on a verifiable encryption (VE)-based authentication algorithm and implementation. VE is a kind of cryptosystem that allows calculation on cyphertexts, generating an encrypted result, which matches the distance between two plaintexts when decrypting. In our approach, we first construct the mathematical SSO algorithm based on the VE-based algorithm, and then implement the algorithm by applying the one-time pad to the algorithm and using sample data. We also consider robustness against theoretical attacks such as man-in-the-middle attack. In addition to that, our algorithm is robust against the well-known classical and theoretical attacks, the man-in-the-middle attack against the proposed algorithm is also impracticable. Furthermore, with security analysis using Proverif, the algorithm has been shown to be secure. The execution speed is less than 1 ms even with a text length of 8192 bits. Based on our results, it is evident that the computational burden of trusted third parties, such as a certificate authority, can be alleviated because the public key agreement is not required in our algorithm. Moreover, since only the authentication information is disclosed to the service provider, big tech such as GAFA cannot obtain personal information of the user without consent. As for the originality of our algorithm, any personal information, such as biometric information and non-contact magnetic IC cards in addition to the pair of ID and password, which is used for common SSO algorithms, is available.

Download Full-text

Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems

Journal of Ambient Intelligence and Humanized Computing ◽

10.1007/s12652-017-0516-2 ◽

2017 ◽

Vol 9 (4) ◽

pp. 1061-1073 ◽

Cited By ~ 40

Author(s):

Qi Jiang ◽

Zhiren Chen ◽

Bingyan Li ◽

Jian Shen ◽

Li Yang ◽

...

Keyword(s):

Information Systems ◽

Medical Information ◽

Security Analysis ◽

Authentication Scheme ◽

Medical Information Systems ◽

Telecare Medical Information Systems ◽

Three Factor

Download Full-text

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

ITM Web of Conferences ◽

10.1051/itmconf/20171301020 ◽

2017 ◽

Vol 13 ◽

pp. 01020 ◽

Cited By ~ 3

Author(s):

Debasis Giri ◽

Tanmoy Maitra

Keyword(s):

User Authentication ◽

Authentication Scheme ◽

Single Server ◽

Fuzzy Extractor ◽

Remote User Authentication ◽

User Authentication Scheme ◽

Remote User ◽

Three Factor

Download Full-text

A Novel Authentication Scheme for Multi-Server Environment of Industrial Internet

CONVERTER ◽

10.17762/converter.105 ◽

2021 ◽

pp. 718-729

Author(s):

Yu Zhang, Guangmin Sun

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Performance Comparison ◽

Authentication Scheme ◽

Session Key ◽

Industrial Internet ◽

The Face ◽

And Performance ◽

Value Decomposition ◽

Multi Server

Aiming at the security problems of authentication in multi-server environments, a novel three-factor authentication scheme for multi-server environments of industrial Internet is proposed. After verifying password and face, a temporary session key is established for the user and server. Then the user obtains the permission of application services and accessing resources. In process of verifying password, hash function is used to hide password. The method of verifying face is the face recognition based on singular value decomposition. During the key agreement phase, only four dot multiplication operations based on elliptic curve cryptography is used to realize one-time key for cryptograph transmission and mutual authentication. Through security analysis and performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value for multi-server environments of industrial Internet.

Download Full-text

A Light and Anonymous Three-Factor Authentication Protocol for Wireless Sensor Networks

Symmetry ◽

10.3390/sym14010046 ◽

2021 ◽

Vol 14 (1) ◽

pp. 46

Author(s):

Lianghong Zhu ◽

Huaikun Xiang ◽

Kai Zhang

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Key Agreement ◽

Security Analysis ◽

Wireless Sensor ◽

Cryptographic Primitives ◽

Logic Verification ◽

And Performance ◽

Agreement Protocols ◽

Three Factor

Recently, wireless sensor networks (WSNs) have been widely used in a variety of fields, and make people’s lives more convenient and efficient. However, WSNs are usually deployed in a harsh and insecure environment. Furthermore, sensors with limited hardware resources have a low capacity for data processing and communication. For these reasons, research on efficient and secure real-time authentication and key agreement protocols based on the characteristics of WSNs has gradually attracted the attention of academics. Although many schemes have been proposed, most of them cannot achieve all known security features with satisfactory performance, among which anonymity, N-Factor security, and forward secrecy are the most vulnerable. In order to solve these shortcomings, we propose a new lightweight and anonymous three-factor authentication scheme based on symmetric cryptographic primitives for WSNs. By using the automated security verification tool ProVerif, BAN-logic verification, and an informal security analysis, we prove that our proposed scheme is secure and realizes all known security features in WSNs. Moreover, we show that our proposed scheme is practical and efficient through the comparison of security features and performance.

Download Full-text

Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Sensors ◽

10.3390/s19143144 ◽

2019 ◽

Vol 19 (14) ◽

pp. 3144 ◽

Cited By ~ 1

Author(s):

Huawei Wang ◽

Dianli Guo ◽

Hua Zhang ◽

Qiaoyan Wen

Keyword(s):

User Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Impersonation Attack ◽

User Privacy ◽

Dynamic Id ◽

Multiple Servers ◽

And Performance ◽

Multi Server ◽

Server Architecture

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.

Download Full-text

A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem

International Journal of Business Data Communications and Networking ◽

10.4018/ijbdcn.2017010107 ◽

2017 ◽

Vol 13 (1) ◽

pp. 74-84 ◽

Cited By ~ 12

Author(s):

Rifaqat Ali ◽

Arup Kumar Pal

Keyword(s):

User Authentication ◽

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Performance Comparison ◽

Authentication Scheme ◽

Authentication Protocols ◽

Session Key ◽

Rsa Cryptosystem ◽

Three Factor

In remote user authentication, a server confirms the authenticity of a user via unreliable channel. Several authentication protocols are devised in the literature relied on the identity, password and biometric of a user. But, most of the authentication protocols are either computationally expensive or not-secure from several kinds of malicious threats. In this document, the authors have suggested a secure and robust three-factor (such as password, smartcard and biometric) based authentication scheme by using RSA cryptosystem. The proposed protocol is validated through BAN logic. Then, formal security analysis using random oracle model shows that the identity, password, biometric and session key are highly secure from an adversary. Besides, the informal security analysis of our protocol proves that it withstands to several kinds of malicious attacks. In addition, performance comparison of presented scheme with respect to other schemes is comparatively suitable in the context of communication and computation costs.

Download Full-text

Detecting Cyber-Attacks on Wireless Mobile Networks Using Multicriterion Fuzzy Classifier with Genetic Attribute Selection

Mobile Information Systems ◽

10.1155/2015/585432 ◽

2015 ◽

Vol 2015 ◽

pp. 1-13 ◽

Cited By ~ 4

Author(s):

El-Sayed M. El-Alfy ◽

Feras N. Al-Obeidat

Keyword(s):

Mobile Networks ◽

Mobile Network ◽

Cyber Attacks ◽

Fuzzy Classification ◽

Attribute Selection ◽

Network Services ◽

Selection Strategy ◽

Fuzzy Classifier ◽

Wide Range ◽

Information And Communication

With the proliferation of wireless and mobile network infrastructures and capabilities, a wide range of exploitable vulnerabilities emerges due to the use of multivendor and multidomain cross-network services for signaling and transport of Internet- and wireless-based data. Consequently, the rates and types of cyber-attacks have grown considerably and current security countermeasures for protecting information and communication may be no longer sufficient. In this paper, we investigate a novel methodology based on multicriterion decision making and fuzzy classification that can provide a viable second-line of defense for mitigating cyber-attacks. The proposed approach has the advantage of dealing with various types and sizes of attributes related to network traffic such as basic packet headers, content, and time. To increase the effectiveness and construct optimal models, we augmented the proposed approach with a genetic attribute selection strategy. This allows efficient and simpler models which can be replicated at various network components to cooperatively detect and report malicious behaviors. Using three datasets covering a variety of network attacks, the performance enhancements due to the proposed approach are manifested in terms of detection errors and model construction times.

Download Full-text

Improvement of a Dynamic ID-Based Remote User Authentication Scheme for Multi-Server Environment Using Smart Card

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.380-384.286 ◽

2013 ◽

Vol 380-384 ◽

pp. 286-289

Author(s):

Zhen Zhen Wang ◽

Jin Kou Ding ◽

Zheng Ping Jin ◽

Hua Zhang

Keyword(s):

Smart Card ◽

User Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Remote User Authentication ◽

Dynamic Id ◽

User Authentication Scheme ◽

And Performance ◽

Multi Server ◽

Remote User

In 2011, Lee et al. analyzed the security weaknesses of Hsiang et al.s scheme and proposed a security dynamic ID-based multi-server remote user authentication scheme. They claimed that their protocol is secure and efficient. However, we observe that Lee et al.'s scheme is still vulnerable to stolen smart card attack, malicious server attack. To remedy these security weaknesses, we propose an improved dynamic ID-based remote user authentication scheme for multi-server environment. Besides, security analysis and performance analysis show that compared with other remote user authentication schemes, the proposed scheme is more secure and possesses lower computation cost. As a result, the proposed scheme seems to be more practical for users with portable mobile devices in multi-server environment.

Download Full-text