Research on Lightweight Mutual Authentication for the Product Authorization Chain

With the development of the globalization economic integration in Internet of Things (IoT), it is very crucial to protect the wireless two-way authentication between users’ intelligent terminals and servers in the product authorization chain. In order to ensure that legitimate users connect to the wireless network correctly, a lightweight wireless mutual authentication scheme for the product authorization chain was proposed contrapose to the security defect of Kaul and Awasthi’s scheme, which easily suffered from offline password guessing attack. The improved scheme uses lightweight hash function and verifies the freshness of messages by using the send packet sequence number instead of timestamp, which can avoid strict clock synchronization between devices, and user passwords can be updated by themselves. Security analysis and cost and efficiency analysis show that the scheme presented in this paper has higher security, lower storage and communication costs, and lower computational complexity.

Download Full-text

A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing

International Journal of Computers Communications & Control ◽

10.15837/ijccc.2011.2.2170 ◽

2011 ◽

Vol 6 (2) ◽

pp. 227 ◽

Cited By ~ 24

Author(s):

Zhuo Hao ◽

Sheng Zhong ◽

Nenghai Yu

Keyword(s):

Cloud Computing ◽

Mutual Authentication ◽

Security Analysis ◽

Data Integrity ◽

Authentication Scheme ◽

Replay Attack ◽

Good Efficiency ◽

Password Guessing Attack ◽

Integrity Checking ◽

Guessing Attack

<p>Cloud computing is becoming popular quickly. In cloud computing, people store their important data in the cloud, which makes it important to ensure the data integrity and availability. Remote data integrity checking enables the client to perform data integrity verification without access to the complete file. This service brings convenience to clients, but degrades the server’s performance severely. Proper schemes must be designed to reduce the performance degradation.<br /> In this paper, a time-bound ticket-based mutual authentication scheme is proposed for solving this problem. The proposed authentication scheme achieves mutual authentication between the server and the client. The use of timebound tickets reduces the server’s processing overhead efficiently. The correspondence relationship between the digital ticket and the client’s smart card prevents user masquerade attack effectively. By security analysis, we show that the proposed scheme is resistant to masquerade attack, replay attack and password guessing attack. By performance analysis, we show that the proposed scheme has good efficiency. The proposed scheme is very suitable for cloud computing.</p>

Download Full-text

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

Applied Sciences ◽

10.3390/app8101789 ◽

2018 ◽

Vol 8 (10) ◽

pp. 1789 ◽

Cited By ~ 6

Author(s):

Chien-Ming Chen ◽

Bin Xiang ◽

King-Hang Wang ◽

Kuo-Hui Yeh ◽

Tsu-Yang Wu

Keyword(s):

Secure Communication ◽

Key Agreement ◽

Mutual Authentication ◽

Security Analysis ◽

Memory Device ◽

Session Initiation Protocol ◽

Application Layer ◽

Password Guessing Attack ◽

Guessing Attack ◽

Layer Control

Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.

Download Full-text

A Novel Machine Learning-Based Approach for Security Analysis of Authentication and Key Agreement Protocols

Security and Communication Networks ◽

10.1155/2020/8848389 ◽

2020 ◽

Vol 2020 ◽

pp. 1-15

Author(s):

Behnam Zahednejad ◽

Lishan Ke ◽

Jing Li

Keyword(s):

Machine Learning ◽

Key Agreement ◽

Security Analysis ◽

Replay Attack ◽

Authentication And Key Agreement ◽

Password Guessing Attack ◽

Dataset Size ◽

Security Properties ◽

Guessing Attack ◽

Construction Model

The application of machine learning in the security analysis of authentication and key agreement protocol was first launched by Ma et al. in 2018. Although they received remarkable results with an accuracy of 72% for the first time, their analysis is limited to replay attack and key confirmation attack. In addition, their suggested framework is based on a multiclassification problem in which every protocol or dataset instance is either secure or prone to a security attack such as replay attack, key confirmation, or other attacks. In this paper, we show that multiclassification is not an appropriate framework for such analysis, since authentication protocols may suffer different attacks simultaneously. Furthermore, we consider more security properties and attacks to analyze protocols against. These properties include strong authentication and Unknown Key Share (UKS) attack, key freshness, key authentication, and password guessing attack. In addition, we propose a much more efficient dataset construction model using a tenth number of features, which improves the solving speed to a large extent. The results indicate that our proposed model outperforms the previous models by at least 10–20 percent in all of the machine learning solving algorithms such that upper-bound performance reaches an accuracy of over 80% in the analysis of all security properties and attacks. Despite the previous models, the classification accuracy of our proposed dataset construction model rises in a rational manner along with the increase of the dataset size.

Download Full-text

Research on the Network Security Protocols Based on the Strand Spaces Theory

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.457-458.1134 ◽

2013 ◽

Vol 457-458 ◽

pp. 1134-1138

Author(s):

Bao Ju Liu ◽

Jian Xi Wang

Keyword(s):

Network Security ◽

Hash Function ◽

Security Protocols ◽

Password Guessing Attack ◽

Strand Spaces ◽

Guessing Attack

This paper focuses on different password guessing attack forms of attacker performed based on the strand spaces model. We extend the attacker’s strand spaces model in order to describe and analyze the guessing ability of the attacker. A protocol has been improved by the use of Hash function. The improved protocol has been proved to resist password guessing attack.

Download Full-text

Improvement of a Security Enhanced One-time Mutual Authentication and Key Agreement Scheme

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l3761.1081219 ◽

2019 ◽

Vol 8 (12) ◽

pp. 5031-5036

Keyword(s):

Smart Card ◽

Key Agreement ◽

Mutual Authentication ◽

Authentication Scheme ◽

Authentication And Key Agreement ◽

Password Guessing Attack ◽

Authentication Schemes ◽

One Time Password ◽

Guessing Attack ◽

Password Based Authentication

So far, many one-time password based authentication schemes have been proposed; however, none is secure enough. In 2004, W.C.Ku proposed hash-based strongpassword based authentication scheme without using smart card that is vulnerable to the password guessing attack, not achieving mutual authentication and key agreement. In this paper, we propose a new improved version of Ku’s scheme that is eliminated these weaknesses.

Download Full-text

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

The Scientific World JOURNAL ◽

10.1155/2014/719470 ◽

2014 ◽

Vol 2014 ◽

pp. 1-16 ◽

Cited By ~ 3

Author(s):

Ashok Kumar Das ◽

Vanga Odelu ◽

Adrijit Goswami

Keyword(s):

Smart Card ◽

Hash Function ◽

User Authentication ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Remote Server ◽

Remote User Authentication ◽

User Authentication Scheme ◽

Remote User

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

Download Full-text

Defining Limits of Resistance to Off-Line Password Guessing Attack and Denial-of-Service Attack in Multi-server Authentication Schemes

Advances in Intelligent Systems and Computing - Recent Developments in Mechatronics and Intelligent Robotics ◽

10.1007/978-3-319-65978-7_39 ◽

2017 ◽

pp. 251-256

Author(s):

ChangYu Zhu ◽

Hong Wang

Keyword(s):

Denial Of Service ◽

Denial Of Service Attack ◽

Password Guessing Attack ◽

Service Attack ◽

Authentication Schemes ◽

Guessing Attack ◽

Multi Server

Download Full-text

On the computational complexity of cost efficiency analysis models

Applied Mathematics and Computation ◽

10.1016/j.amc.2006.10.030 ◽

2007 ◽

Vol 188 (1) ◽

pp. 638-640 ◽

Cited By ~ 8

Author(s):

G.R. Jahanshahloo ◽

M. Soleimani-damaneh ◽

A. Mostafaee

Keyword(s):

Computational Complexity ◽

Cost Efficiency ◽

Efficiency Analysis ◽

Analysis Models

Download Full-text

RFID Mutual Authentication Protocols based on Gene Mutation and Transfer

Journal of Communications Software and Systems ◽

10.24138/jcomss.v9i1.157 ◽

2013 ◽

Vol 9 (1) ◽

pp. 44 ◽

Cited By ~ 1

Author(s):

Raghav V. Sampangi ◽

Srinivas Sampalli

Keyword(s):

Gene Mutation ◽

Radio Frequency Identification ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Rfid Tags ◽

Simulation Studies ◽

Frequency Identification ◽

Dynamic Updates ◽

Mutual Authentication Protocol

Radio Frequency Identification (RFID) is a technology that is very popular due to the simplicity in its technology and high adaptability in a variety of areas. The simplicity in the technology, however, comes with a caveat – RFID tags have severe resource restrictions, which make them vulnerable to a range of security attacks. Such vulnerability often results in the loss of privacy of the tag owner and other attacks on tags. Previous research in RFID security has mainly focused on authenticating entities such as readers / servers, which communicate with the tag. Any security mechanism is only as strong as the encryption keys used. Since RFID communication is wireless, critical messages such as key exchange messages are vulnerable to attacks. Therefore, we present a mutual authentication protocol that relies on independent generation and dynamic updates of encryption keys thereby removing the need for key exchange, which is based on the concept of gene mutation and transfer. We also present an enhanced version of this protocol, which improves the security offered by the first protocol. The novelty of the proposed protocols is in the independent generation, dynamic and continuous updates of encryption keys and the use of the concept of gene mutation / transfer to offer mutual authentication of the communicating entities. The proposed protocols are validated by simulation studies and security analysis.

Download Full-text

An Efficient and Privacy-Preserving Biometric Identification Scheme Based on the FITing-Tree

Security and Communication Networks ◽

10.1155/2021/2313389 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Xiaopeng Yang ◽

Hui Zhu ◽

Songnian Zhang ◽

Rongxing Lu ◽

Xuesong Gao

Keyword(s):

Homomorphic Encryption ◽

Security Analysis ◽

Privacy Preserving ◽

Biometric Identification ◽

Large Dataset ◽

Biometric Data ◽

Communication Costs ◽

Identification Scheme ◽

Biometric Template ◽

Cloud Servers

Biometric identification services have been applied to almost all aspects of life. However, how to securely and efficiently identify an individual in a huge biometric dataset is still very challenging. For one thing, biometric data is very sensitive and should be kept secure during the process of biometric identification. On the other hand, searching a biometric template in a large dataset can be very time-consuming, especially when some privacy-preserving measures are adopted. To address this problem, we propose an efficient and privacy-preserving biometric identification scheme based on the FITing-tree, iDistance, and a symmetric homomorphic encryption (SHE) scheme with two cloud servers. With our proposed scheme, the privacy of the user’s identification request and service provider’s dataset is guaranteed, while the computational costs of the cloud servers in searching the biometric dataset can be kept at an acceptable level. Detailed security analysis shows that the privacy of both the biometric dataset and biometric identification request is well protected during the identification service. In addition, we implement our proposed scheme and compare it to a previously reported M-Tree based privacy-preserving identification scheme in terms of computational and communication costs. Experimental results demonstrate that our proposed scheme is indeed efficient in terms of computational and communication costs while identifying a biometric template in a large dataset.

Download Full-text