A Secure and Privacy-Preserving Three-Factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things

The Internet of things is playing more and more important role in smart healthcare, smart grids, and smart transportation, and using wireless sensor network (WSN), we can easily obtain and transmit information. However, the data security and users’ privacy are the biggest challenges for WSN because sensor nodes have low computing power and low storage capacity and are easy to be captured, and wireless networks are vulnerable. In 2021, Shuai et al. proposed a lightweight three-factor anonymous authentication scheme for WSN. However, we found that their protocol is vulnerable to stolen-verifier attack, modification of messages’ attack, and no perfect forward secrecy. Then, a new three-factor anonymous authentication scheme using elliptic curve cryptography (ECC) is proposed. Through informal and formal security analyses, our scheme can resist various known attacks and maintains low computational complexity.

Design, Analysis, and Implementation of a Twofactor Authentication Scheme using Graphical Password

With the increase in the number of e-services, there is a sharp increase in online financial transactions these days. These services require a strong authentication scheme to validate the users of these services and allow access to the resources for strong security. Since two-factor authentication ensures the required security strength, various organizations employ biometric-based or Smart Card or Cryptographic Token-based methods to ensure the safety of user accounts. But most of these methods require a verifier table for validating users at a server. This poses a security threat of stolen-verifier attack. To address this issue, there is a strong need for authentication schemes for e-services that do not require a verifier table at the server. Therefore, this paper proposes the design of an authentication scheme for eservices which should be resistant to various attacks including a stolen verifier attack. The paper will also discuss: 1) The proposed scheme analyzed for security provided against the known authentication attacks 2) The concept implementation of the proposed scheme.

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1) their description of the adversary’s abilities is inaccurate; (2) their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography

Recently, a password authentication and update scheme has been presented by Islam and Biswas to remove the security weaknesses in Lin and Huang’s scheme. Unfortunately, He et al., Wang et al., and Li have found out that Islam and Biswas’ improvement was vulnerable to offline password guessing attack, stolen verifier attack, privilege insider attack, and denial of service attack. In this paper, we further analyze Islam and Biswas’ scheme and demonstrate that their scheme cannot resist password compromise impersonation attack. In order to remedy the weaknesses mentioned above, we propose an improved anonymous remote authentication scheme using smart card without using bilinear paring computation. In addition, the verifier tables are no longer existent, and the privacy of users could be protected better. Furthermore, our proposal not only inherits the advantages in Islam and Biswas’ scheme, but also provides more features, including preserving user anonymity, supporting offline password change, revocation, reregistration with the same identifier, and system update. Finally, we compare our enhancement with related works to illustrate that the improvement is more secure and robust, while maintaining low performance cost.

On the Security of the Discrete Logarithm Based Remote Authentication Scheme Using Smart Cards

Nowadays, we can easily obtain variety of services through network. But due to the open environment, networks are vulnerable to variety of security threats. Ramasamy et al. proposed a discrete logarithm based remote authentication scheme with smart cards. Their scheme provides mutual authentication and withstanding the denial of service attack, forgery attack, parallel session attack and smart card loss attack. In this article, we show that their scheme is not a practical solution for remote accessing. It also lacks key agreement mechanism; and users cannot update password freely. Moreover, their scheme cannot resist the stolen verifier attack and off-line guessing attack.