scholarly journals Achieving Better Privacy for the 3GPP AKA Protocol

2016 ◽  
Vol 2016 (4) ◽  
pp. 255-275 ◽  
Author(s):  
Pierre-Alain Fouque ◽  
Cristina Onete ◽  
Benjamin Richard
Keyword(s):  
Key Management ◽  
Provable Security ◽  
Mutual Authentication ◽  
Mobile Network ◽  
Authenticated Key Exchange ◽  
Network Servers ◽  
New Variant ◽  
Man In The Middle ◽  
Network Communications ◽  
3Rd Generation Partnership Project

Abstract Proposed by the 3rd Generation Partnership Project (3GPP) as a standard for 3G and 4G mobile-network communications, the AKA protocol is meant to provide a mutually-authenticated key-exchange between clients and associated network servers. As a result AKA must guarantee the indistinguishability from random of the session keys (key-indistinguishability), as well as client- and server-impersonation resistance. A paramount requirement is also that of client privacy, which 3GPP defines in terms of: user identity confidentiality, service untraceability, and location untraceability. Moreover, since servers are sometimes untrusted (in the case of roaming), the AKA protocol must also protect clients with respect to these third parties. Following the description of client-tracking attacks e.g. by using error messages or IMSI catchers, van den Broek et al. and respectively Arapinis et al. each proposed a new variant of AKA, addressing such problems. In this paper we use the approach of provable security to show that these variants still fail to guarantee the privacy of mobile clients. We propose an improvement of AKA, which retains most of its structure and respects practical necessities such as key-management, but which provably attains security with respect to servers and Man-in-the- Middle (MiM) adversaries. Moreover, it is impossible to link client sessions in the absence of client-corruptions. Finally, we prove that any variant of AKA retaining its mutual authentication specificities cannot achieve client-unlinkability in the presence of corruptions. In this sense, our proposed variant is optimal.

scholarly journals Secure Key Management and Mutual Authentication Protocol for Wireless Sensor Network using Hybrid Approach

2021 ◽  
Author(s):  
Sharmila ◽  
Pramod Kumar ◽  
Shashi Bhushan ◽  
Manoj Kumar ◽  
Mamoun Alazab
Keyword(s):  
Key Management ◽  
Mutual Authentication ◽  
Hybrid Approach ◽  
Limited Resource ◽  
Sensor Nodes ◽  
Wireless Sensor ◽  
Distribution Method ◽  
Key Establishment ◽  
Management Scheme ◽  
Hostile Environments

Abstract Wireless Sensor Networks (WSNs) play a crucial role in developing the Internet of Things (IoT) by collecting data from hostile environments like military and civil domains with limited resources. The above applications are prone to eavesdropper due to cryptographic algorithms' weaknesses for providing security in WSNs. The security protocols for WSNs are different from the traditional networks because of the limited resource of sensor nodes. Existing key management schemes require large key sizes to provide high-security levels, increasing the computational and communication cost for key establishment. This paper proposes a Hybrid Key Management Scheme for WSNs based on Elliptic Curve Cryptography (ECC) and a hash function to generate key pre-distribution keys. The Key establishment is carried out by merely broadcasting the node identity. The main reason for incorporating a hybrid approach in the key pre-distribution method is to achieve mutual authentication between the sensor nodes during the establishment phase. The proposed method reduces computational complexity with greater security and the proposed scheme can be competently applied into resource constraint sensor nodes

scholarly journals HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs

Symmetry ◽  
2020 ◽  
Vol 12 (6) ◽  
pp. 1003 ◽  
Author(s):  
Haowen Tan ◽  
Shichang Xuan ◽  
Ilyong Chung
Keyword(s):  
Key Management ◽  
Vehicular Networks ◽  
Vehicular Ad Hoc Networks ◽  
Intelligent Transportation System ◽  
Homomorphic Encryption ◽  
Mutual Authentication ◽  
Time Interval ◽  
Short Time Interval ◽  
Driving Experience ◽  
Cross Domain

Emerging as the effective strategy of intelligent transportation system (ITS), vehicular ad hoc networks (VANETs) have the capacity of drastically improving the driving experience and road safety. In typical VANET scenarios, high mobility and volatility of vehicles result in dynamic topology of vehicular networks. That is, individual vehicle may pass through the effective domain of multiple neighboring road-side-units (RSUs) during a comparatively short time interval. Hence, efficient and low-latency cross-domain verification with all the successive RSUs is of significance. Recently, a lot of research on VANET authentication and key distribution was presented, while the critical cross-domain authentication (CDA) issue has not been properly addressed. Particularly, the existing CDA solutions mainly reply on the acquired confidential keying information from the neighboring entities (RSUs and vehicles), while too much trustworthiness is granted to the involved RSUs. Please note that the RSUs are distributively located and may be compromised or disabled by adversary, thus vital vehicle information may be revealed. Furthermore, frequent data interactions between RSUs and cloud server are always the major requisite so as to achieve mutual authentication with cross-domain vehicles, which leads to heavy bandwidth consumption and high latency. In this paper, we address the above VANET cross-domain authentication issue under the novel RSU edge networks assumption. Please note that RSUs are assumed to be semi-trustworthy entity in our design, where critical vehicular keying messages remain secrecy. Homomorphic encryption design is applied for all involved RSUs and vehicles. In this way, successive RSUs could efficiently verify the cross-domain vehicle with the transited certificate from the neighbor RSUs and vehicle itself, while the identity and secrets of each vehicle is hidden all the time. Afterwards, dynamic updating towards the anonymous vehicle identity is conducted upon validation, where conditional privacy preserving is available. Moreover, pairing-free mutual authentication method is used for efficiency consideration. Formal security analysis is given, proving that the HCDA mechanism yields desirable security properties on VANET cross domain authentication issue. Performance discussions demonstrate efficiency of the proposed HCDA scheme compared with the state-of-the-art.

scholarly journals An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

2016 ◽  
Vol 2016 ◽  
pp. 1-10
Author(s):  
Yousheng Zhou ◽  
Junfeng Zhou ◽  
Feng Wang ◽  
Feng Guo
Keyword(s):  
Key Management ◽  
Chaotic Map ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Random Oracle Model ◽  
Random Oracle ◽  
Authentication Scheme ◽  
Session Key ◽  
The Real ◽  
Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

scholarly journals Secure Authentication and Key Management Protocols for Mobile Multihop WiMAX Networks

2015 ◽  
Vol 73 (1) ◽  
Author(s):  
Adnan Shahid Khan ◽  
Halikul Lenando ◽  
Johari Abdullah ◽  
Norsheila Fisal
Keyword(s):  
Key Management ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Security Measures ◽  
Medium Access ◽  
Wimax Networks ◽  
Smart Grid Communications ◽  
Management Scheme ◽  
Management Schemes ◽  
Secure Authentication

Mobile Multihop Relay (MMR) network is one of the emerging technologies, especially LTE-Advanced, WiMAX and the Smart grid communications. Ensuring security is one of the most imperative and challenging issues in MMR networks. Privacy Key Management (PKM) protocol is proposed to ensure the security measures in MMR networks. However, the protocol still faces several security threats, specifically Denial of Service (DoS), replay attacks, Man in the Middle (MitM) attacks and the interleaving attacks, which is termed as Medium Access Control (MAC) layer attacks. This paper proposed a modified version PKM protocol for both unilateral and mutual authentication, which is termed as Self-organized Efficient Authentication and Key Management Scheme (SEAKS) authentication protocol. This protocol ensures secure end-to-end data transmission using distributed hop-by-hop authentication and localized key management schemes with a very simple and efficient way.

scholarly journals An efficient 3D Diffie-Hellman based Two-Server password-only authenticated key exchange

2019 ◽  
Vol 16 (1) ◽  
Author(s):  
Anitha Kumari K ◽  
Sudha Sadasivam G
Keyword(s):  
Large Scale ◽  
Communication Complexity ◽  
Mutual Authentication ◽  
Formal Proof ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Diffie Hellman ◽  
Technological World ◽  
Client Side ◽  
Evaluation Parameters

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversarial attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plane geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principles, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

scholarly journals Password authentication scheme based on smart card and QR code

2021 ◽  
Vol 23 (1) ◽  
pp. 140
Author(s):  
Mushtaq Hasson ◽  
Ali A. Yassin ◽  
Abdulla J. Yassin ◽  
Abdullah Mohammed Rashid ◽  
Aqeel A. Yaseen ◽  
...  
Keyword(s):  
Smart Card ◽  
Key Management ◽  
Service Providers ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Cloud Service ◽  
Cloud Services ◽  
Authentication Scheme ◽  
Qr Code ◽  
Practical Applications

As a hopeful computing paradigm, cloud services are obtainable to end users based on pay-as-you-go service. Security is represented one of the vital issues for the extended adoption of cloud computing, with the object of accessing several cloud service providers, applications, and services by using anonymity features to authenticate the user. We present a good authentication scheme based on quick response (QR) code and smart card. Furthermore, our proposed scheme has several crucial merits such as key management, mutual authentication, one-time password, user anonymity, freely chosen password, secure password changes, and revocation by using QR code. The security of proposed scheme depends on crypto-hash function, QR-code validation, and smart card. Moreover, we view that our proposed scheme can resist numerous malicious attacks and are more appropriate for practical applications than other previous works. The proposed scheme has proved as a strong mutual authentication based on burrows-abadi-needham (BAN) logic and security analysis. Furthermore, our proposed scheme has good results compared with related work.

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

Sign in / Sign up

Export Citation Format

Share Document