scholarly journals How to Design a Secure Anonymous Authentication and Key Agreement Protocol for Multi-Server Environments and Prove Its Security

Symmetry ◽  
2021 ◽  
Vol 13 (9) ◽  
pp. 1629
Author(s):  
Yun-Hsin Chuang ◽  
Chin-Laung Lei ◽  
Hung-Jr Shiu
Keyword(s):  
Secure Communication ◽  
Key Agreement ◽  
Vehicular Ad Hoc Networks ◽  
Smart Cities ◽  
Cloud Services ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Anonymous Authentication ◽  
Security Proofs ◽  
Multi Server

An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called “formal” security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security.

scholarly journals An efficient anonymous authentication and key agreement scheme with privacy-preserving for smart cities

2021 ◽  
Vol 17 (6) ◽  
pp. 155014772110268
Author(s):  
Xueya Xia ◽  
Sai Ji ◽  
Pandi Vijayakumar ◽  
Jian Shen ◽  
Joel J. P. C. Rodrigues
Keyword(s):  
Internet Of Things ◽  
Privacy Preservation ◽  
Key Agreement ◽  
Smart Cities ◽  
Security Analysis ◽  
Security And Privacy ◽  
Experimental Simulation ◽  
Authentication And Key Agreement ◽  
Anonymous Authentication ◽  
Evaluation Mechanism

Internet of Things devices are responsible for collecting and transmitting data in smart cities, assisting smart cities to release greater potential. As Internet of Things devices are increasingly connected to smart cities, security and privacy have gradually become important issues. Recently, research works on mitigating security challenges of Internet of Things devices in smart cities mainly focused on authentication. However, in most of the existing authentication protocols, the trustworthiness evaluation of Internet of Things devices in smart cities is ignored. Considering the trustworthiness evaluation of Internet of Things devices is an important constituent of data source authentication, in this article, a cloud-aided trustworthiness evaluation mechanism is first designed to improve the credibility of the Internet of Things devices in smart cities. Furthermore, aiming at the problem that the user’s privacy is easy to leak in the process of authentication, an anonymous authentication and key agreement scheme based on non-interactive zero knowledge argument is proposed. The proposed scheme can ensure the privacy preservation and data security of Internet of Things devices in smart cities. The security analysis demonstrates that the proposed scheme is secure under q-SDH problem. The experimental simulation indicates that the performance of the proposal is greatly improved compared with other similar schemes.

scholarly journals An Extended Chaotic Map-Based Authentication and Key Agreement Scheme for Multi-Server Environment

Mathematics ◽  
2021 ◽  
Vol 9 (8) ◽  
pp. 798
Author(s):  
Yicheng Yu ◽  
Oliver Taylor ◽  
Rui Li ◽  
Baiho Sunagawa
Keyword(s):  
Secure Communication ◽  
Key Agreement ◽  
Chaotic Map ◽  
Mutual Authentication ◽  
Network Services ◽  
Authentication And Key Agreement ◽  
Key Agreement Protocol ◽  
And Performance ◽  
Multi Server ◽  
Three Factor

With the increasing number of users and the emergence of different types of network services, a multi-server architecture has emerged in recent years. In order to ensure the secure communication of Internet participants in an open network environment, the authentication and key agreement protocol for multi-server architectures were proposed in the past. In 2018, Chatterjee et al. put forward a lightweight three-factor authentication and key agreement protocol for a multi-server environment, and they claimed that all known security features with satisfactory performance could be realized in their protocol. However, it is found that their scheme is vulnerable to user impersonation attacks and cannot achieve user un-traceability and three-factor security through our cryptanalysis. In order to solve these shortcomings, we propose a new lightweight and anonymous three-factor authentication scheme for the multi-server environment in this article. Furthermore, the proposed protocol is proved to be AKE secure theoretically, and we use BAN-logic to prove that our protocol realizes mutual authentication between communication participants. Finally, we show that our proposed scheme is practical and efficient through the comparison of security features and performance.

scholarly journals An Enhanced Lightweight Dynamic Pseudonym Identity Based Authentication and Key Agreement Scheme Using Wireless Sensor Networks for Agriculture Monitoring

Sensors ◽  
2019 ◽  
Vol 19 (5) ◽  
pp. 1146 ◽  
Author(s):  
Meriske Chen ◽  
Tian-Fu Lee ◽  
Jiann-I Pan
Keyword(s):  
Key Agreement ◽  
Raw Materials ◽  
Denial Of Service ◽  
Modern Technology ◽  
User Privacy ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Monitoring Process ◽  
Perfect Forward Secrecy ◽  
Enhance Efficiency

Agriculture plays an important role for many countries. It provides raw materials for foodand provides large employment opportunities for people in the country, especially for countrieswith a dense population. To enhance agriculture productivity, modern technology such as wirelesssensor networks (WSNs) can be utilized to help in monitoring important parameters in thwagricultural field such as temperature, light, soil moisture, etc. During the monitoring process, ifsecurity compromises happen, such as interception or modification of the parameters, it may leadto false decisions and bring damage to agriculture productivity. Therefore, it is very important todevelop secure authentication and key agreement for the system. Recently, Ali et al. proposed anauthentication and key agreement scheme using WSNs for agriculture monitoring. However, it failsto provide user untraceability, user anonymity, and session key security; it suffers from sensor nodeimpersonation attack and perfect forward secrecy attack; and even worse has denial of service as aservice. This study discusses these limitations and proposes a new secure and more efficientauthentication and key agreement scheme for agriculture monitoring using WSNs. The proposedscheme utilizes dynamic pseudonym identity to guarantee user privacy and eliminates redundantcomputations to enhance efficiency.

scholarly journals A Lightweight Three-Factor Authentication and Key Agreement Scheme in Wireless Sensor Networks for Smart Homes

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 2012 ◽  
Author(s):  
Sooyeon Shin ◽  
Taekyoung Kwon
Keyword(s):  
Smart Home ◽  
Key Agreement ◽  
Smart Homes ◽  
Security Requirements ◽  
Wireless Sensor ◽  
Impersonation Attack ◽  
Secret Key ◽  
Session Key ◽  
Authentication And Key Agreement ◽  
Three Factor

A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our home life. For protecting WSNs for smart homes from those threats, authentication and key agreement are basic security requirements. There have been a large number of proposed authentication and key agreement scheme for WSNs. In 2017, Jung et al. proposed an efficient and security enhanced anonymous authentication with key agreement scheme by employing biometrics information as the third authentication factor. They claimed that their scheme resists on various security attacks and satisfies basic security requirements. However, we have discovered that Jung et al.’s scheme possesses some security weaknesses. Their scheme cannot guarantee security of the secret key of gateway node and security of session key and protection against user tracking attack, information leakage attack, and user impersonation attack. In this paper, we describe how those security weaknesses occur and propose a lightweight three-factor authentication and key agreement scheme in WSNs for smart homes, as an improved version of Jung et al.’s scheme. We then present a detailed analysis of the security and performance of the proposed scheme and compare the analysis results with other related schemes.

scholarly journals A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

Symmetry ◽  
2020 ◽  
Vol 12 (1) ◽  
pp. 150 ◽  
Author(s):  
Yicheng Yu ◽  
Liang Hu ◽  
Jianfeng Chu
Keyword(s):  
Cloud Computing ◽  
Internet Of Things ◽  
Secure Communication ◽  
Key Agreement ◽  
Security Analysis ◽  
Computing Environment ◽  
Cloud Computing Environment ◽  
Authentication And Key Agreement ◽  
Insider Attack ◽  
Cloud Servers

The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

Full Session Key Agreement Scheme Based on Chaotic Map in Vehicular Ad Hoc Networks

2020 ◽  
Vol 69 (8) ◽  
pp. 8914-8924 ◽  
Author(s):  
Jie Cui ◽  
Yali Wang ◽  
Jing Zhang ◽  
Yan Xu ◽  
Hong Zhong
Keyword(s):  
Ad Hoc Networks ◽  
Key Agreement ◽  
Vehicular Ad Hoc Networks ◽  
Ad Hoc ◽  
Chaotic Map ◽  
Session Key ◽  
Session Key Agreement ◽  
Hoc Networks
Sign in / Sign up

Export Citation Format

Share Document