Multi-Factor Identity Authenticated Key Agreement Protocol

2014 ◽  
Vol 556-562 ◽  
pp. 5597-5602
Author(s):  
Jun Wang ◽  
Yue Chen ◽  
Gang Yang ◽  
Hong Yong Jia ◽  
Ju Long Lan
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Impersonation Attack ◽  
Forward Security ◽  
Session Key ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Mutual Identity ◽  
Weak Resistance

This paper proposes scheme can achieve mutual authentication and session key agreement based on multi-factor. It improves the scheme proposed by Chuang et al on protecting from the stolen smart card attack, impersonation attack, server spoofing attack and man-in-the-middle attack, and guaranteeing on the forward security. It solves the problem of weak resistance to attacks in single-factor authentication approaches, by combining the smart card with biometrics and password. It also guarantees the security of mutual identity authentication between users and servers and that of session keys. It consumes more computing resources that the Chuang’s scheme, but it can resist to several known attacks efficiently.

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

scholarly journals Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Younsung Choi ◽  
Junghyun Nam ◽  
Donghoon Lee ◽  
Jiye Kim ◽  
Jaewook Jung ◽  
...  
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Smart Cards ◽  
Security Requirements ◽  
Impersonation Attack ◽  
Single Server ◽  
Authenticated Key Agreement ◽  
Session Key ◽  
Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

scholarly journals Password Based Client-Server-User Authenticated Key Agreement Mechanism for Cloud System

2019 ◽  
Vol 8 (4) ◽  
pp. 12839-12841
Keyword(s):  
Key Agreement ◽  
Identity Management ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Impersonation Attack ◽  
Session Key ◽  
Replay Attack ◽  
Authentication Mechanism ◽  
Diffie Hellman ◽  
Cloud Server

The authentication is an essential concern in the cloud environment to restrict the unauthorized users to retrieve the files from cloud server. Moreover, authentication mechanisms are used to prevent illegal access of resources over insecure channel. Thus proposed work provides the strong and efficient authentication process in cloud computing environment by chebyshev polynomial based chaotic maps Diffie Hellman property. The proposed authentication mechanism does not disclose the identity of the user to CSP. Moreover proposed authentication mechanism enables mutual authentication, Identity management, and session-key agreement. The Proposed mechanism of security analysis includes the enabling mutual authentication and key agreement, restricting the impersonation attack, man in the middle attack and replay attack.

scholarly journals Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing

2020 ◽  
Vol 10 (18) ◽  
pp. 6268
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
MyeongHyun Kim ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Malicious Attacks ◽  
Session Key ◽  
Vehicular Cloud Computing ◽  
Vehicular Cloud ◽  
Man In The Middle

With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.

Sign in / Sign up

Export Citation Format

Share Document