YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Alzubair Hassan,Rafik Hamza,Fagen Li,Awad Ali,Mohammed Bakri Bashir,Samar M. Alqhtani,Tawfeeg Mohmmed Tawfeeg,Adil Yousif

DOI: https://doi.org/10.1109/ACCESS.2022.3186683

IF: 3.9

2022-01-01

IEEE Access

Abstract:Mobile devices have become very important for our daily needs. The user authentication protocols with the key agreement are required to deal with the security issues that arise from the use of mobile devices through Internet applications. However, existing user authentication protocols are only suitable if the client and the server use a similar cryptographic approach. Therefore, it is important to develop an authentication protocol for mobile environments with heterogeneous cryptographic approaches. In this paper, an efficient user authentication and key agreement protocol is proposed for a heterogeneous client-server mobile environment. The security of the proposed scheme is formally proved under the q-strong Diffie-Hellman problem (q-SDH), the q-bilinear Diffe-Hellman inversion problem (q-BDHI), and the modified bilinear Diffie-Hellman inversion problem (mBDHI), respectively. Our scheme has reasonable processing costs and communication costs on the client and server sides. Moreover, our scheme is suitable for applications that use different cryptographic approaches. In particular, the proposed protocol can work when the client applies the identity-based cryptosystem and the server applies the certificateless cryptosystem.

Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Alzubair Hassan,Nabeil Eltayieb,Rashad Elhabob,Fagen Li

DOI: https://doi.org/10.1007/s12652-017-0622-1

IF: 3.662

2017-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Identity-based user authentication protocols have been presented to be applicable to resource-constrained devices such as mobile phones. Unfortunately, the previous protocols have the drawback of the key escrow problem. A new protocol of a user authenticated key exchange for the mobile client-server environment is presented based on certificateless public key cryptography (CL-PKC). Our protocol solves the key escrow problem in user authentication schemes based on identity-based public key cryptography (ID-PKC). In addition, the proposed protocol is resisted to both adversaries' types I and II and achieves perfect forward secrecy. The security of the proposed protocol has been proved using computational Diffie-Hellman (CDH) assumption in the random oracle model. Experimental results show that our scheme is better than He et al. and Tsai et al. schemes respectively in communication cost.

Alzubair Hassan,Nabeil Eltayieb,Rashad Elhabob,Fagen Li

DOI: https://doi.org/10.1007/978-3-319-59463-7_59

2018-01-01

Abstract:Based on mobile devices limitations, several user authentications and key exchange schemes have been proposed for mobile devices using identity-based public key cryptography (ID-PKC). However, these schemes suffer from key escrow problem. Moreover, they are not secure against impersonation attacks, and they can't achieve perfect forward secrecy. In this paper, a new user authentication and key exchange protocol for the mobile client-server environment is proposed. Certificateless public key cryptography (CL-PKC) and bilinear pairing are adopted in the proposed scheme. Our protocol solves the key escrow problem of identity-based public key cryptography. Also, it is secure against both adversaries type I and type II. Furthermore, the proposed protocol achieves perfect forward secrecy. We prove the security of our protocol in the random oracle model under the Computational Diffie-Hellman (CDH) problem. Hence, the proposed scheme is more suitable for the mobile devices environments.

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1002/dac.3341

2017-01-01

International Journal of Communication Systems

Abstract:SummaryThe primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.1016/j.inffus.2011.01.001

IF: 18.6

2012-01-01

Information Fusion

Abstract:Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks and can not provide provable security. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. The proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. The scheme also provides the known session key security, the perfect forward secrecy, the no key-compromise impersonation, the no unknown key-share and the no key control. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. We also give a security proof under the random oracle.

Kai Xi,Tohari Ahmad,Fengling Han,Jiankun Hu

DOI: https://doi.org/10.1002/sec.225

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment. Copyright (C) 2010 John Wiley & Sons, Ltd.

Xiong Li,Yongping Xiong,Jian Ma,Wendong Wang

DOI: https://doi.org/10.1016/j.jnca.2011.11.009

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Generally, if a user wants to use numerous different network services, he/she must register himself/herself to every service providing server. It is extremely hard for users to remember these different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Sood et al. analyzed Hsiang and Shih's multi-server authentication protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication, the session key agreement and can resist several kinds of attacks. However, through careful analysis, we find that Sood et al.'s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect. We propose an efficient and security dynamic identity based authentication protocol for multi-server architecture that removes the aforementioned weaknesses. The proposed protocol is extremely suitable for use in distributed multi-server architecture since it provides user's anonymity, mutual authentication, efficient, and security.

Alzubair Hassan,Rafik Hamza,Vittor Gift Mawutor,Akash Suresh Patil,Fagen Li

DOI: https://doi.org/10.1007/978-3-030-30619-9_9

2019-01-01

Abstract:Nowadays, smartphone applications are the most widespread in our daily lives. These applications raised several security concerns such as authentication, key agreement, and mutual authentication. Accordingly, the researchers have been presented several user authentication schemes based on the identity-based cryptography (IBC) and certificateless cryptography (CLC). Smartphones considered as limited resources devices, thus, it needs lightweight protocols. However, the existing schemes are suffering from high computational costs especially the one that depends on CLC. In this paper, a lightweight certificateless user authentication scheme based on the elliptic curve cryptography (ECC) is introduced. The proposed scheme has the lowest computation costs comparing with the existing certificateless user’s authentication protocols. Furthermore, The proposed scheme is secure under the computational Diffie-Hellman (CDH) Problem and the elliptic curve discrete logarithm problem (ECDLP). Indeed, the proposed scheme is suitable to use in the mobile client-server environment and the Internet of things (IoT) applications.

Kaiping Xue,Peilin Hong,Changsha Ma

DOI: https://doi.org/10.1016/j.jcss.2013.07.004

IF: 1.043

2014-02-01

Journal of Computer and System Sciences

Abstract:Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, base on Sood et al.ʼs protocol (2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture (2012). Li et al. claim that the proposed scheme can make up the security weaknesses of Sood et al.ʼs protocol. Unfortunately, our further research shows that Li et al.ʼs protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers donʼt need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.ʼs paper, but also some other security features, such as traceability and identity protection.

computer science, theory & methods, hardware & architecture

Junsong Zhang,Jian Ma,Xiong Li,Wendong Wang

DOI: https://doi.org/10.3837/tiis.2014.08.021

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.

Mengxiang Guan,Jiaxing Song,Weidong Liu

DOI: https://doi.org/10.1109/cscloud.2016.26

2016-01-01

Abstract:Password-based user authentication service is widely used in Internet. Most of the password-based authentication protocols are constructed under the single-server structure that a authencitation server stores cleartext passwords or verification data derived from password and responds to users' authentication request.The security of single-server authentication system is very fragile. In particular, when the server is comprimised, all of users' verification data is exposed to the attacker. Nowadays, development of mobile Internet leads the demand of authentication on roaming device. In this scenario, easily memorable short password and simple secret is accepted by most people despite of its security limitation. The utilization of short password worsens the situation of single-server authentication protocol. Attackers controlling the system can launch off-line dictionary attack from internal of server side to obtain users' original password.Multi-server authentication protocols can improve the security of verification data by distributed storing data on the cluster. This approach increases the difficulty of internal attack and guarantees security even if a portion of servers in the cluster are controlled by adversary. But in practice, There are some problems in existing multi-server protocols. For example, communicating with multiple servers brings extra network and computational burden to client device.To address these problems, in this paper we propose a novel password-based multi-server authenication protocol which not only require less computation on client device but remain functional and secure even if adversary controls some servers and forces them collude to attack our protocol.

Qi Mingping,Chen Jianhua

DOI: https://doi.org/10.1007/s11227-021-04121-8

2022-01-01

Abstract:This paper presents a provably secure post-quantum authentication and key establishment protocol for mobile environments, which is the first one from supersingular isogeny to our best knowledge that achieves the client user authentication by using the convenient password and the server authentication by using the password-transformed secret value and its certificate, together with the final session key establishment between them. This makes it be quite suitable for providing quantum-resilient security assurance in mobile environments in the near future post-quantum era. The presented protocol actually is constructed by integrating the password-based authentication way with the key encapsulation mechanism and thereby is named as PBKEM for short. The presented post-quantum PBKEM protocol from supersingular isogeny is formally proved secure in the random oracle model under the well-known Bellare–Pointcheval–Rogaway (BPR) security model, whose security is finally reduced to the SI-CDH security assumption and the IND-CCA security of the SIKE scheme. Moreover, it is implemented on a personal computer by using the SIDH Library provided by Microsoft, and the experimental results have shown that the protocol is efficient enough to be applied in practice to provide quantum-resilient security assurance.

Hung-Min Sun,Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Chia-Hsien Lin,Huaxiong Wang

DOI: https://doi.org/10.1016/j.ins.2015.01.037

IF: 8.1

2015-01-01

Information Sciences

Abstract:Secure group communication over an untrusted open network is a continuing problem, especially in mobile environments. With the development of 3G networks and mobile computing technology, the number of group-oriented applications is increasing rapidly. Although these applications are convenient, achieving secure group communication to protect user privacy is a major concern. This study presents an authenticated group key agreement protocol for mobile environments. By using certificateless public key cryptography, the protocol reduces the cost of managing the certificates and avoids the key escrow problem. Instead of a fully-trusted server, the protocol uses a semi-trusted server, which helps users communicate but does not learn about the group key. The analytical results indicate that the proposed protocol provides good security in mobile environments.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

Her-Tyan Yeh,Hung-Min Sun

DOI: https://doi.org/10.1016/s0164-1212(03)00093-1

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Up to now, most of the literature on three-party authentication and key distribution protocols has focused on the environment in which two users (clients) establish a session key through an authentication server. In this paper, we discuss another environment in which a user (client) requests service from an application server through an authentication server. We propose two secure and efficient authentication protocols (KTAP: key transfer authentication protocol and KAAP: key agreement authentication protocol) to fit this environment. These two proposed protocols can be efficiently applied to various communication systems in distributed computing environments since they provide security, efficiency, and reliability.

Xiong Li,Jian Ma,Wendong Wang,Yongping Xiong,Junsong Zhang

DOI: https://doi.org/10.1016/j.mcm.2012.06.033

2013-01-01

Mathematical and Computer Modelling

Abstract:With the purpose of using numerous different network services with single registration, various multi-server authentication schemes have been proposed. Furthermore, in order to protect the users from being tracked when they login to the remote server, researchers have proposed some dynamic ID based remote user authentication schemes for multi-server environments. Recently, Lee et al. have pointed out the security weaknesses of Hsiang and Shih’s dynamic ID based multi-server authentication scheme, and proposed an improved dynamic ID based authentication scheme for multi-server environments. They claimed that their scheme provided user anonymity, mutual authentication, session key agreement and can resist several kinds of attacks. In this paper, however, we find that Lee et al.’s scheme is still vulnerable to forgery attack and server spoofing attack. Besides, their scheme cannot provide proper authentication if the mutual authentication message is partly modified by the attacker. In order to remove these security weaknesses, we propose a novel smart card and dynamic ID based authentication scheme for multi-server environments. In order to protect the user from being tracked, the proposed scheme enables the user’s identity to change dynamically when the user logs into the server. The proposed scheme is suitable for use in multi-server environments such as financial security authentication since it can ensure security while maintaining efficiency.