GROUP AUTHENTICATION SCHEME BASED ON ZERO-KNOWLEDGE PROOF

2021 ◽  
pp. 68-84
Author(s):  
E. A. Shliakhtina ◽  
◽  
D. Y. Gamayunov ◽  
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Third Party ◽  
Convergence Time ◽  
Group Signature ◽  
Sybil Attack ◽  
Zero Knowledge ◽  
User Groups ◽  
Zero Knowledge Proof

In this paper, we address the problem of mutual authentication in user groups in decentralized messaging systems without trusted third party. We propose a mutual authentication algorithm for groups using zero-knowledge proof. Using the algorithm, which is based on trust chains existing in decentralized network, users are able to authenticate each other without establishing a shared secret over side channel. The proposed algorithm is based on Democratic Group Signature protocol (DGS) and Communication-Computation Efficient Group Key algorithm for large and dynamic groups (CCEGK). We have performed security analysis of the proposed mutual authentication scheme against several attacks including Sybil attack and have made complexity estimation for the algorithm. The algorithm is implemented in an experimental P2P group messaging application, and using this implementation we estimate overhead of the authentication scheme and convergence time for several initial configurations of user groups and trust chains.

scholarly journals Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

2014 ◽  
Vol 2014 ◽  
pp. 1-8 ◽  
Author(s):  
Youngsook Lee ◽  
Juryon Paik
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Mobile User ◽  
Authentication Scheme ◽  
Third Party ◽  
Dictionary Attack ◽  
Session Key ◽  
Foreign Agent ◽  
Anonymous Authentication ◽  
Man In The Middle

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

scholarly journals An access control model for the Internet of Things based on zero-knowledge token and blockchain

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Lihua Song ◽  
Xinran Ju ◽  
Zongke Zhu ◽  
Mengchen Li
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Single Point ◽  
Control Model ◽  
Third Party ◽  
Security Level ◽  
Zero Knowledge ◽  
Access Control Model ◽  
Test Analysis ◽  
Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

scholarly journals An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

2016 ◽  
Vol 2016 ◽  
pp. 1-10
Author(s):  
Yousheng Zhou ◽  
Junfeng Zhou ◽  
Feng Wang ◽  
Feng Guo
Keyword(s):  
Key Management ◽  
Chaotic Map ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Random Oracle Model ◽  
Random Oracle ◽  
Authentication Scheme ◽  
Session Key ◽  
The Real ◽  
Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

An Enhanced Authentication Scheme for Internet of Things Based E-Healthcare System

2020 ◽  
Vol 17 (1) ◽  
pp. 246-253 ◽  
Author(s):  
Ravi Raushan Kumar Chaudhary ◽  
Ashish Singh ◽  
Kakali Chatterjee
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Key Generation ◽  
Key Exchange Protocol ◽  
Session Key ◽  
Diffie Hellman ◽  
Healthcare Monitoring ◽  
Diffie Hellman Key Exchange ◽  
Mutual Authentication Protocol

Security is a major challenge in modern IoT based healthcare monitoring systems. It provides many benefits such as critical patient monitoring, remote diagnosis at anytime, anywhere. Hence, security of this data is essential when the healthcare professionals access it. Also, while storing the patients record; it must be kept safe from misuse and modification of data as other devices can easily track it. To prevent this type of threats, we have proposed a mutual authentication protocol to enhance health care security and to resist vulnerable attacks. The proposed scheme used Challenge response protocol for the authentication purpose and the Diffie-Hellman key exchange protocol is used for generation of the session key generation. The security analysis of the proposed scheme shows that the scheme is more secure and resist all the major attacks as compared to other schemes. The Formal verification of this schema also ensures that it resists most probable attacks in this system. The result of the proposed authentication scheme shows that it has low computational and communicational load.

scholarly journals Password authentication scheme based on smart card and QR code

2021 ◽  
Vol 23 (1) ◽  
pp. 140
Author(s):  
Mushtaq Hasson ◽  
Ali A. Yassin ◽  
Abdulla J. Yassin ◽  
Abdullah Mohammed Rashid ◽  
Aqeel A. Yaseen ◽  
...  
Keyword(s):  
Smart Card ◽  
Key Management ◽  
Service Providers ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Cloud Service ◽  
Cloud Services ◽  
Authentication Scheme ◽  
Qr Code ◽  
Practical Applications

As a hopeful computing paradigm, cloud services are obtainable to end users based on pay-as-you-go service. Security is represented one of the vital issues for the extended adoption of cloud computing, with the object of accessing several cloud service providers, applications, and services by using anonymity features to authenticate the user. We present a good authentication scheme based on quick response (QR) code and smart card. Furthermore, our proposed scheme has several crucial merits such as key management, mutual authentication, one-time password, user anonymity, freely chosen password, secure password changes, and revocation by using QR code. The security of proposed scheme depends on crypto-hash function, QR-code validation, and smart card. Moreover, we view that our proposed scheme can resist numerous malicious attacks and are more appropriate for practical applications than other previous works. The proposed scheme has proved as a strong mutual authentication based on burrows-abadi-needham (BAN) logic and security analysis. Furthermore, our proposed scheme has good results compared with related work.

scholarly journals Fast Mutual Authentication Using RSA Moduli

2021 ◽  
Author(s):  
Anatoly Anisimov ◽  
Andrey Novokshonov
Keyword(s):  
Hash Function ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Third Party ◽  
Interactive Proof ◽  
Zero Knowledge ◽  
Trusted Third Party ◽  
Secret Information ◽  
Mutual Authentication Protocol

We describe a fast three-round mutual authentication protocol for parties A and B belonging to the same coalition group. Parties A and B keep their own independent long-term private keys that are used in the process of authentication and can be used for other purposes. The scheme assumes an initial setup with a trusted third party T. This party initiates another secret information that includes factors of a large RSA modulus. For authentication, both parties must demonstrate each other the knowledge of their private keys without revealing them and the ability to factorize a large RSA modulus. Thus, the protocol based on the suggested scheme provides reciprocal authentication. The scheme possesses all desirable properties of an interactive proof, i.e., completeness, soundness, and zero-knowledge. The security of the protocol relies on assumptions of difficulty of the RSA factorization and existence of a cryptographic hash function.

Sign in / Sign up

Export Citation Format

Share Document