Hu Xiong,Xiaofeng Wang,Fagen Li

DOI: https://doi.org/10.1587/transfun.e95.a.256

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Recently, Kang et al. discussed some security flaws of Wu et al's and Wei et al.'s authentication schemes that guarantee user anonymity in wireless communications and showed how to overcome the problems regarding anonymity and the forged login messages. However, we will show that Kang et al.'s improved scheme still did not provide user anonymity as they claimed.

Jian-bin Hu,Hu Xiong,Zhong Chen

2012-01-01

Abstract:Seamless roaming is highly desirable for wireless communications, and security such as authentication and privacy preserving of mobile users is challenging. Recently, Wu et al. and Wei et al. proposed two authentication schemes that guarantee user anonymity in wireless communications, respectively. However, Kang et al. pointed out some security flaws of Wu et al.’s and Wei et al.’s authentication schemes and showed how to overcome the problems regarding anonymity and the forged login messages. In this paper, we will show that Kang et al.’s improved scheme still did not provide user anonymity as they claimed and give a further improvement to fix the problem without losing any features of the original scheme.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Debiao He,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.1007/s11277-013-1282-x

IF: 2.017

2013-01-01

Wireless Personal Communications

Abstract:Authentication protocols with anonymity attracted wide attention since they could protect users’ privacy in wireless communications. Recently, Hsieh and Leu proposed an anonymous authentication protocol based on elliptic curve Diffie–Hellman problem for wireless access networks and claimed their protocol could provide anonymity. However, by proposing a concrete attack, we point out that their protocol cannot provide user anonymity. To overcome its weakness, we propose an improved protocol. We also provide an analysis of our proposed protocol to prove its superiority, even though its computational cost is slightly higher.

Yanfei Fan,Bin Lin,Yixin Jiang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2008.ecp.891

2008-01-01

Abstract:In this paper, we propose an efficient privacy-preserving scheme for secure packet transmission at wireless link layer. The proposed scheme is constructed by using hash values in reverse hash chains as interface identifiers. It can successfully and efficiently resist the Media Access Control (MAC) address based attacks, such as flow tracking and traffic analysis, which are launched by either outside or even inside attackers. In addition, some optimization techniques are also introduced to further improve the efficiency of the proposed scheme. The extensive analysis and simulations demonstrate the enhanced security and efficiency of the proposed scheme.

Jianwei Niu,Xiong Li

DOI: https://doi.org/10.1002/sec.601

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:ABSTRACTUser authentication and privacy protection are important issues for wireless and mobile communication systems such as GSM, 3G, and 4G wireless networks. Recently, Yoon et al. proposed a user‐friendly authentication scheme with anonymity for wireless communications. However, in this paper, we show that user anonymity of their scheme is not achieved under the eavesdropping attack and their scheme is not fair in the key agreement. In order to ensure security authentication and protect user anonymity for wireless communications, we propose a novel user authentication scheme with anonymity based on elliptic curve cryptosystem, which can resist various known types of attacks and is more practical for wireless and mobile communications. Copyright © 2012 John Wiley & Sons, Ltd.

WangDing,WangPing

IF: 5.493

2014-01-01

Computer Networks

Abstract:Display Omitted We demonstrate privacy breaches into two password authentication schemes for WSNs.Public-key techniques are indispensible to achieve user untraceability.Our principle is applicable ...

Ding Wang,Ping Wang

DOI: https://doi.org/10.1016/j.comnet.2014.07.010

IF: 5.493

2014-01-01

Computer Networks

Abstract:•We demonstrate privacy breaches into two password authentication schemes for WSNs.•Public-key techniques are indispensible to achieve user untraceability.•Our principle is applicable to two-factor authentication for universal environments.•We discuss the viable solutions to practical realization of user anonymity.•Experimental timings of related public-key operations on small devices are reported.

Xiong Li,Jieyao Peng,Saru Kumari,Fan Wu,Marimuthu Karuppiah,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.compeleceng.2017.02.011

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:•We point out the security weaknesses of Liu et al.’s lightweight authentication protocol for wireless body area networks.•We propose an enhanced 1-round authentication protocol for wireless body area networks with user anonymity.•We evaluate the security features of the proposed protocol using formal analysis based on BAN logic and informal analysis.•The comparison results show that our protocol improves the security with equivalent cost.

HE Yuan,XU Li,HUANG Xin-yi

DOI: https://doi.org/10.3969/j.issn.1000-5277.2013.02.005

2013-01-01

Abstract:It presents an anonymous authentication scheme based on blind signature and a scheme based on partially blind signature,in order to improve user anonymity,protect user's identity privacy and pseudonym based location privacy from Wireless mesh networks(WMNs) infrastructure respectively.Users can select an anonymous set determined by the service provider and the times to authenticate anonymously according to their needs.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Jie Gu,Liang Zhao,Zhi Xue

DOI: https://doi.org/10.1109/icitis.2010.5689562

2010-01-01

Abstract:Recently, many smart card-based anonymous authentication schemes have been proposed to preserve user's anonymity. Unfortunately, most of these schemes do not achieve to preserve user's anonymity from the malicious user. In 2008, Kim et al. proposed a scheme which not only guaranteed user privacy but also provided traceable anonymity authentication. In this paper, we first point out that Kim et al.'s scheme still does not provide user anonymity as they claimed, then we highlight the inherent design flaw of Kim et al.'s scheme and the previous ones failing to protect user's anonymity. Finally an efficient anonymous authentication scheme is proposed to solve these aforementioned problems.

Ding WANG,Wen-Ting LI,Ping WANG

DOI: https://doi.org/10.13328/j.cnki.jos.005361

2018-01-01

Journal of Software

Abstract:The design of secure and efficient user authentication protocols for multi-server environment is becoming a hot research topic in the cryptographic protocol community. Based on the widely accepted adversary model, this paper analyzes three representative, recently proposed user authentication schemes for multi-server environment. The paper reveals that: 1) Wan et al.’s scheme is subject to offline password guessing attack as opposed to the authors’ claim, and it also cannot provide user anonymity and forward secrecy; 2) Amin et al.’s scheme cannot withstand offline password guessing attack, cannot preserve user anonymity and is vulnerable to two kinds o f forward secrecy issues; 3) Reedy et al.’s scheme cannot resist against user impersonation attack and offline password guessing attack, and  基金项目: 国家自然科学基金(61472016); 国家重点研发计划(2016YFB0800603, 2017YFB1200700) Foundation item: National Natural Science Foundation of China (61472016); National Key Research and Development Plan (2016YFB0800603, 2017YFB1200700) 本文由“面向隐私保护的新型技术与密码算法”专题特约编辑黄欣沂教授推荐. 收稿时间: 2017-05-30; 修改时间: 2017-07-13; 采用时间: 2017-08-22; jos 在线出版时间: 2017-10-17 CNKI 网络优先出版: 2017-10-17 13:38:05, http://kns.cnki.net/kcms/detail/11.2560.TP.20171017.1338.008.html 1938 Journal of Software 软件学报 Vol.29, No.7, July 2018 also falls short of user un-traceability. The paper highlights three principles for designing more robust anonymous multi-factor authentication schemes: Public key principle, user anonymity principle and forward secrecy principle, explaining the essential reasons for the security flaws of the above protocols. It further proposes some amendments for the identified secur ity flaws.

Jinyuan Sun,Chi Zhang,Yanchao Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/tdsc.2009.50

2011-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Anonymity has received increasing attention in the literature due to the users' awareness of their privacy nowadays. Anonymity provides protection for users to enjoy network services without being traced. While anonymity related issues have been extensively studied in payment-based systems such as e-cash [1] and peer-to-peer (P2P) [2] systems, little effort has been devoted to wireless mesh networks (WMNs). On the other hand, the network authority requires conditional anonymity such that misbehaving entities in the network remain traceable. In this paper, we propose a security architecture to ensure unconditional anonymity for honest users and traceability of misbehaving users for network authorities in WMNs. The proposed architecture strives to resolve the conflicts between the anonymity and traceability objectives, in addition to guaranteeing fundamental security requirements including authentication, confidentiality, data integrity, and non-repudiation [3]. Further security enhancements can be incorporated, rendering the proposed architecture conditionally anonymous in terms of network access activities, location information, and communication paths.

Qiong Pu,Jian Wang,Shuhua Wu

DOI: https://doi.org/10.1504/ijahuc.2013.052345

2013-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:User privacy is a notable security issue in wireless communications support roaming. However, the mobile authentication schemes existing in the literature cannot achieve this goal in an efficient way. In this paper, we propose a novel lightweight authentication scheme with anonymity and unlinkability for roaming service in large-scale wireless networks. Moreover, we formally analyse our proposed scheme with the BAN-logic and show that it can withstand the several possible attacks.

Ding Wang,Ping Wang,Jing Liu

DOI: https://doi.org/10.1109/WCNC.2014.6953015

2014-01-01

Abstract:User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

Lihua Liu

DOI: https://doi.org/10.1109/jsyst.2024.3490536

IF: 4.802

2024-12-07

IEEE Systems Journal

Abstract:We show that the authentication protocol (Ma and Cheng [10]) fails to keep user anonymity, not as claimed. We suggest a method to fix it. Besides, we find there is a flawed equality, in which some terms are inaccessible to the user. This flaw results in the failure for the user to finish his computations. We also suggest a method to fix this mistake.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Lili Xu,Fan Wu

DOI: https://doi.org/10.1007/s10916-014-0179-x

Abstract:Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients' time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients' privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen's scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al's scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.

Mengxia Shuai,Nenghai Yu,Hongxia Wang,Ling Xiong,Yue Li

DOI: https://doi.org/10.4018/joeuc.20210501.oa1

2021-01-01

Journal of Organizational and End User Computing

Abstract:Security and privacy issues in wireless medical sensor networks (WMSNs) have attracted lots of attention in both academia and industry due to the sensitiveness of medical system. In the past decade, extensive research has been carried out on these security issues, but no single study exists that addresses them adequately, especially for some important security properties, such as user anonymity and forward secrecy. As a step towards this direction, in this paper, the authors propose a lightweight three -factor anonymous authentication scheme with forward secrecy for personalized healthcare applications using only the lightweight cryptographic primitives. The proposed scheme adopts pseudonym identity technique to protect users' real identities and employs one-way hash chain technique to ensure forward secrecy. Analysis and comparison results demonstrate that the proposed scheme can not only reduce execution time by 34% as compared with the most effective related schemes, but also achieve more security and functional features.

Junghyun Nam,Kim-Kwang Raymond Choo,Sangchul Han,Moonseong Kim,Juryon Paik,Dongho Won

DOI: https://doi.org/10.1371/journal.pone.0116709

2015-09-23

Abstract:A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Cryptography and Security