A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

Download Full-text

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Security and Communication Networks ◽

10.1155/2017/1378128 ◽

2017 ◽

Vol 2017 ◽

pp. 1-13 ◽

Cited By ~ 8

Author(s):

Jongho Moon ◽

Youngsook Lee ◽

Jiye Kim ◽

Dongho Won

Keyword(s):

Chaotic Map ◽

Mutual Authentication ◽

Security Analysis ◽

Random Oracle ◽

Authentication Protocol ◽

Mobile User ◽

Internet Security ◽

Computationally Efficient ◽

Fuzzy Extractor ◽

On Line

Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

Download Full-text

Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments

Sensors ◽

10.3390/s19102358 ◽

2019 ◽

Vol 19 (10) ◽

pp. 2358 ◽

Cited By ~ 15

Author(s):

JoonYoung Lee ◽

SungJin Yu ◽

KiSung Park ◽

YoHan Park ◽

YoungHo Park

Keyword(s):

Open Channel ◽

Mutual Authentication ◽

Authentication Protocol ◽

Internet Security ◽

Authentication Protocols ◽

Session Key ◽

Security Issues ◽

Smart Factories ◽

Mutual Authentication Protocol ◽

Three Factor

Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.

Download Full-text

SKINNY-Based RFID Lightweight Authentication Protocol

Sensors ◽

10.3390/s20051366 ◽

2020 ◽

Vol 20 (5) ◽

pp. 1366 ◽

Cited By ~ 2

Author(s):

Liang Xiao ◽

He Xu ◽

Feng Zhu ◽

Ruchuan Wang ◽

Peng Li

Keyword(s):

Radio Frequency Identification ◽

Low Cost ◽

Rapid Development ◽

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Security Requirements ◽

Iot Devices ◽

Lightweight Authentication

With the rapid development of the Internet of Things and the popularization of 5G communication technology, the security of resource-constrained IoT devices such as Radio Frequency Identification (RFID)-based applications have received extensive attention. In traditional RFID systems, the communication channel between the tag and the reader is vulnerable to various threats, including denial of service, spoofing, and desynchronization. Thus, the confidentiality and integrity of the transmitted data cannot be guaranteed. In order to solve these security problems, in this paper, we propose a new RFID authentication protocol based on a lightweight block cipher algorithm, SKINNY, (short for LRSAS). Security analysis shows that the LRSAS protocol guarantees mutual authentication and is resistant to various attacks, such as desynchronization attacks, replay attacks, and tracing attacks. Performance evaluations show that the proposed solution is suitable for low-cost tags while meeting security requirements. This protocol reaches a balance between security requirements and costs.

Download Full-text

A Secure and Lightweight Three-Factor Remote User Authentication Protocol for Future IoT Applications

Journal of Sensors ◽

10.1155/2021/8871204 ◽

2021 ◽

Vol 2021 ◽

pp. 1-18

Author(s):

Bahaa Hussein Taher ◽

Huiyu Liu ◽

Firas Abedi ◽

Hongwei Lu ◽

Ali A. Yassin ◽

...

Keyword(s):

Sensor Networks ◽

Private Information ◽

User Authentication ◽

Mutual Authentication ◽

Authentication Protocol ◽

Internet Security ◽

Security And Privacy ◽

Smart Device ◽

Iot Applications ◽

Three Factor

With the booming integration of IoT technology in our daily life applications such as smart industrial, smart city, smart home, smart grid, and healthcare, it is essential to ensure the security and privacy challenges of these systems. Furthermore, time-critical IoT applications in healthcare require access from external parties (users) to their real-time private information via wireless communication devices. Therefore, challenges such as user authentication must be addressed in IoT wireless sensor networks (WSNs). In this paper, we propose a secure and lightweight three-factor (3FA) user authentication protocol based on feature extraction of user biometrics for future IoT WSN applications. The proposed protocol is based on the hash and XOR operations, including (i) a 3-factor authentication (i.e., smart device, biometrics, and user password); (ii) shared session key; (iii) mutual authentication; and (iv) key freshness. We demonstrate the proposed protocol’s security using the widely accepted Burrows–Abadi–Needham (BAN) logic, Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool, and the informal security analysis that demonstrates its other features. In addition, our simulations prove that the proposed protocol is superior to the existing related authentication protocols, in terms of security and functionality features, along with communication and computation overheads. Moreover, the proposed protocol can be utilized efficiently in most of IoT’s WSN applications, such as wireless healthcare sensor networks.

Download Full-text

A Secure and Efficient Lightweight Vehicle Group Authentication Protocol in 5G Networks

Wireless Communications and Mobile Computing ◽

10.1155/2021/4079092 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Junfeng Miao ◽

Zhaoshun Wang ◽

Xue Miao ◽

Longyue Xing

Keyword(s):

Vehicular Networks ◽

Chinese Remainder Theorem ◽

Chaotic Map ◽

Security Analysis ◽

High Mobility ◽

Authentication Protocol ◽

Security Requirements ◽

Vehicle Group ◽

Communication Overhead ◽

5G Networks

When mobile network enters 5G era, 5G networks have a series of unparalleled advantages. Therefore, the application of 5G network technology in the Internet of Vehicles (IoV) can promote more intelligently vehicular networks and more efficiently vehicular information transmission. However, with the combination of 5G networks and vehicular networks technology, it requires safe and reliable authentication and low computation overhead. Therefore, it is a challenge to achieve such low latency, security, and high mobility. In this paper, we propose a secure and efficient lightweight authentication protocol for vehicle group. The scheme is based on the extended chaotic map to achieve authentication, and the Chinese remainder theorem distributes group keys. Scyther is used to verify the security of the scheme, and the verification results show that the security of the scheme can be guaranteed. In addition, through security analysis, the scheme can not only effectively resist various attacks but also guarantee security requirements such as anonymity and unlinkability. Finally, by performance analysis and comparison, our scheme has less computation and communication overhead.

Download Full-text

A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch003 ◽

2013 ◽

pp. 35-51

Author(s):

Ioana Lasc ◽

Reiner Dojen ◽

Tom Coffey

Keyword(s):

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Service Condition ◽

Satellite Communications ◽

Authentication Protocol ◽

Security Protocol ◽

New Type ◽

Mobile Satellite ◽

Mutual Authentication Protocol

Many peer-to-peer security protocols proposed for wireless communications use one-time shared secrets for authentication purposes. This paper analyses online update mechanisms for one-time shared secrets. A new type of attack against update mechanisms, called desynchronisation attack, is introduced. This type of attack may lead to a permanent denial of service condition. A case study demonstrates the effectiveness of desynchronisation attacks against a security protocol for mobile satellite communications. A new mutual authentication protocol for satellite communications, incorporating a resynchronisation capability, is proposed to counter the disruptive effects of desynchronisation attacks. The new protocol has an esynchronisation phase that is initiated whenever desynchronisation is suspected. Thus, the possibility of causing permanent denial of service conditions by mounting desynchronisation attacks is eliminated. A security analysis of the proposed protocol establishes its resistance against attacks like replay attacks, dictionary attacks, and desynchronisation attacks.

Download Full-text

Efficient Hierarchical Authentication Protocol for Multiserver Architecture

Security and Communication Networks ◽

10.1155/2020/2523834 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Jiangheng Kou ◽

Mingxing He ◽

Ling Xiong ◽

Zeqiong Lv

Keyword(s):

Service Providers ◽

Security Analysis ◽

Authentication Protocol ◽

Security Requirements ◽

Secure Communications ◽

Security Model ◽

Practical Applications ◽

Levels Of Service ◽

Different Levels ◽

Provably Secure

The multiserver architecture authentication (MSAA) protocol plays a significant role in achieving secure communications between devices. In recent years, researchers proposed many new MSAA protocols to gain more functionality and security. However, in the existing studies, registered users can access to all registered service providers in the system without any limitation. To ensure that the system can restrict users that are at different levels and can access to different levels of service providers, we propose a new lightweight hierarchical authentication protocol for multiserver architecture using a Merkle tree to verify user’s authentication right. The proposed protocol has hierarchical authentication functionality, high security, and reasonable computation and communication costs. Moreover, the security analysis demonstrates that the proposed protocol satisfies the security requirements in practical applications, and the proposed protocol is provably secure in the general security model.

Download Full-text

Security Analysis of a Mutual Authentication Protocol for RFID Systems

2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control ◽

10.1109/imccc.2012.64 ◽

2012 ◽

Author(s):

Yuanyuan Yang ◽

Zhen Lu ◽

Zhuo Chen ◽

Xiang Wei ◽

Jian Gu

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Rfid Systems ◽

Mutual Authentication Protocol

Download Full-text

Privacy-Preserving Authentication Scheme for Roaming Service in Global Mobility Networks

International journal of Computer Networks & Communications ◽

10.5121/ijcnc.2021.13507 ◽

2021 ◽

Vol 13 (5) ◽

pp. 111-128

Author(s):

Sung Woon Lee ◽

Hyunsung Kim

Keyword(s):

Rapid Development ◽

Security Analysis ◽

Mobile User ◽

Authentication Scheme ◽

Privacy Concerns ◽

Global Mobility ◽

Lightweight Authentication ◽

Symmetric Key Cryptography ◽

Exclusive Or ◽

Global Mobility Networks

With the rapid development of mobile intelligent technologies and services, users can freely experience ubiquitous services in global mobility networks. It is necessary to provide authentications and protection to the privacy of mobile users. Until now, many authentication and privacy schemes were proposed. However, most of the schemes have been exposed to some security problems. Recently, Madhusudhan and Shashidhara (M&S) proposed a lightweight authentication scheme, denoted as the M&S scheme, for roaming services in global mobility networks. This paper shows that the M&S scheme has security flaws including two masquerading attacks and a mobile user trace attack. After that, we propose a privacypreserving authentication scheme for global mobility networks. The proposed scheme not only focused on the required security but also added privacy concerns focused on anonymity based on a dynamic pseudonym, which is based on exclusive-or operation, hash operation and symmetric key cryptography. Formal security analysis is performed based on Burrow-Abadi-Needdham (BAN) logic and the ProVerif tool, which concludes that the proposed scheme is secure. The analysis shows that the proposed authentication scheme is secure and provides privacy with a reasonable performance.

Download Full-text

A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment

Sensors ◽

10.3390/s19163598 ◽

2019 ◽

Vol 19 (16) ◽

pp. 3598 ◽

Cited By ~ 13

Author(s):

SungJin Yu ◽

KiSung Park ◽

YoungHo Park

Keyword(s):

Cloud Computing ◽

Mutual Authentication ◽

Internet Security ◽

Authentication Scheme ◽

Sensitive Information ◽

Computing Environment ◽

Session Key ◽

Cloud Computing Environment ◽

Smart Healthcare ◽

Three Factor

With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.

Download Full-text