Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1002/sat.1218

2018-01-01

Abstract:AbstractSummaryTo ensure secure communication in satellite communication systems, recently, Zhang et al presented an authentication with key agreement scheme and claimed that their scheme satisfies various security requirements. However, this paper demonstrates that Zhang et al's scheme is insecure against the stolen‐verifier attack and the denial of service attack. Furthermore, to authenticate a user, Zhang et al's scheme requires large computational load to exhaustively retrieve the user's identity and password from the account database according to a temporary identity and then update the temporary identity in the database. To overcome the weaknesses existing in Zhang et al's scheme, we proposed an enhanced authentication with key agreement scheme for satellite communication systems. The analyses of our proposed scheme show that the proposed scheme possesses perfect security properties and eliminates the weaknesses of Zhang et al's scheme well. Therefore, from the authors' viewpoints, the proposed scheme is more suitable for the authentication scheme of mobile satellite communication systems.This work demonstrates the authentication scheme proposed by Zhang et al for satellite communication systems is insecure against to the stolen‐verifier attack, the denial of service attack, and has terrible disadvantages in practice. To overcome these weaknesses, an enhanced authentication scheme without verification table is proposed, which possesses prefect security properties and eliminates the weaknesses of Zhang et al's scheme well. Furthermore, changing password in the improved scheme does not need to interact with the network control center. View Figure

Yuanyuan Zhang,Jianhua Chen,Baojun Huang

DOI: https://doi.org/10.1002/sat.1079

2015-01-01

International Journal of Satellite Communications and Networking

Abstract:Recently, Lee et al. proposed a simple and efficient authentication scheme for mobile satellite communication systems. However, we find that their scheme is vulnerable to the smart card loss attack, the denial of service attack and the replay attack. To overcome the weaknesses of Lee et al.'s scheme, we proposed an authentication scheme for mobile satellite communication systems to improve security. The proposed scheme possesses the essential properties and security requirements, which should be considered for the authentication scheme of mobile satellite communication systems. Copyright © 2014 John Wiley & Sons, Ltd.

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1002/dac.4508

2020-01-01

International Journal of Communication Systems

Abstract:The rapid development of satellite communications has brought great convenience to people's lives, as well as huge security challenges. In order to guarantee the security of users, a large number of authentication protocols have been proposed. Recently, Xu et al. proposed an improved mutual authentication protocol based on perfect forward secrecy for satellite communications. In this paper, we will point out that Xu et al.'s protocol cannot resist the offline password guessing attack and the replay attack and fails to provide user untraceability. To overcome these weaknesses, we propose a robust three-factor-based authentication protocol for satellite communication systems and analyze its correctness using Burrows-Abadi-Needham logic. In addition, the descriptive security analysis shows that our protocol is safe and robust against various attacks. By comparing with other related protocols, we find that our protocol has better performance.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Xinghua Wu,Aixin Zhang,Jianhua Li,Weiwei Zhao,Yuchen Liu

DOI: https://doi.org/10.1007/978-3-319-54705-3_12

2016-01-01

Abstract:Although many authentication and key agreement (AKA) schemes for the mobile satellite communication system have been proposed nowadays, the security performance of the existing schemes is still unable to satisfy the requirements of satellite communications. In 2015, Zhang et al. proposed an improved AKA scheme for satellite communication and they claimed that their scheme satisfied all the security requirements. However through a detailed analysis, in this paper we find that to some extent their scheme is vulnerable to replay attack, injection attack and verification table stolen attack. We further propose a new lightweight AKA scheme based on the synchronization mechanism of user’s temporary identity. The SVO logic is used to provide a formal security analysis. We also give an overall comparison of computation overhead and security performance among several related AKA schemes. Meanwhile a Java program is developed to test the time delay caused by the scheme on the user and NCC’s sides. All the results show that the proposed scheme has the advantages of high computation efficiency, good security performance and low time delay.

Yuanyuan Zhang,Zhibo Zhai

DOI: https://doi.org/10.1371/journal.pone.0250205

IF: 3.7

2021-01-01

PLoS ONE

Abstract:Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Mingping Qi,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1002/sat.1279

2019-01-01

Abstract:AbstractSummaryRecently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.This paper demonstrates that Liu et al's scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, and then presents a new scheme. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience. View Figure

Shuishuai Xu,Xindong Liu,Mimi Ma,Jianhua Chen

DOI: https://doi.org/10.1002/sat.1309

2019-01-01

Abstract:AbstractSummaryAs the mobile network progresses fast, mobile communications have a far‐reaching influence in our daily life. In order to guarantee the communication security, a myriad of experts introduced many authentication protocols. Recently, Qi et al presented an enhanced authentication with key agreement protocol for satellite communications, and they proclaimed that their protocol could defend various attacks and support varied security requirements. Regrettably, in this paper, we prove that their protocol was fruitless in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it gets possession of faultless security properties and overcomes the flaws in the protocol of Qi et al perfectly. Thus, our improved protocol can be appropriated for the mobile communications.In this paper we prove that Qi et al.'s protocol was unsuccessful in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it has faultless security properties and overcomes the flaws in Qi et al.'s protocol perfectly. View Figure

Yuanyuan Zhang,Jianhua Chen,Baojun Huang

DOI: https://doi.org/10.1002/dac.2612

2014-01-01

International Journal of Communication Systems

Abstract:SUMMARYRecently, Chang et al. proposed an authentication and key agreement protocol for satellite communications, and they claimed that their scheme could withstand various attacks. However, in this paper, we will show that their scheme is vulnerable to the denial of service attack and the impersonation attack. Moreover, we also point out that the adversary could compute the session key through the intercepted message. The analysis shows the scheme of Chang et al. is not secure for practical applications. Copyright © 2013 John Wiley & Sons, Ltd.

Izwa Altaf,Muhammad Arslan Akram,Khalid Mahmood,Saru kumari,Hu Xiong,Muhammad Khurram Khan

DOI: https://doi.org/10.1002/ett.3894

IF: 3.6

2020-02-18

Transactions on Emerging Telecommunications Technologies

Abstract:<p>In these days, satellite communication networks are playing a significant role in facilitating the crucial infrastructural services that include environmental monitoring, electronic surveillance, public safety, intelligence operations for law enforcement, government agencies, and the military. However, security researchers have uncovered that many protocols for these satellite communication networks have some vulnerabilities and flaws that can allow remote attackers to intercept, block, and manipulate critical communication over the network. Therefore, in this article, we introduce an efficient and simple authentication key agreement protocol for securing mobile satellite communication systems. Our proposed protocol resists against denial of service, smart‐card stolen, replay, user impersonation, and stolen verifier attack. Furthermore, our protocol provides various functionality features like perfect‐forward secrecy, mutual‐authentication, dynamic identity, and session‐key agreement. Moreover, the performance analysis of our protocol shows that the communication and computation cost of the proposed protocol is far less than the existing protocols. Hence, our proposed protocol offers simple, efficient, secure authentication, and key agreement for mobile satellite systems.</p>

telecommunications

Yajuan Shi,Han Shen,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.14257/ijseia.2015.9.5.25

2015-01-01

International Journal of Software Engineering and Its Applications

Abstract:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

Debiao He,Jianhua Chen,Jin Hu

2010-01-01

Abstract:Recently, Yoon et al. and Wu proposed two improved remote mutual authentication and key agreement scheme for mobile devices on elliptic curve cryptosystem. In this paper, we show that Yoon et al.'s protocol fails to provide explicit key perfect forward secrecy and fails to achieve explicit key confirmation. We also point out Wu's scheme decreases efficiency by using the double secret keys and is vulnerable to the password guessing attack and the forgery attack. In order to overcome the drawback, we proposed and improved scheme. Through the comparison with other protocol, we believe that our improved scheme is more suitable for real-life applications.

Hong-bin Tang,Xin-song Liu

DOI: https://doi.org/10.1002/dac.2428

2012-01-01

International Journal of Communication Systems

Abstract:SUMMARYA dynamic user authentication scheme allows a user and a remote server to authenticate each other without leaking the user's identity. In 2011, Wen and Li proposed an improved dynamic ID‐based remote user authentication with key agreement scheme for mobile and home networks. They claimed that their scheme was more secure than the scheme of Wang et al. However, we demonstrate that their scheme is vulnerable to the privileged insider, off‐line password guessing, impersonation, and server spoofing attacks. At the same time, it does not provide any user anonymity and forward secrecy property. Thus, it is not feasible for real‐life implementation.Copyright © 2012 John Wiley & Sons, Ltd.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1016/j.jnca.2013.02.034

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Smart card based password authentication is one of the simplest and efficient authentication mechanisms to ensure secure communication in insecure network environments. Recently, Chen et al. have pointed out the weaknesses of some password authentication schemes and proposed a robust smart card based remote user password authentication scheme to improve the security. As per their claims, their scheme is efficient and can ensure forward secrecy of the session key. However, we find that Chen et al.'s scheme cannot really ensure forward secrecy, and it cannot detect the wrong password in login phase. Besides, the password change phase of Chen et al.'s scheme is unfriendly and inefficient since the user has to communicate with the server to update his/her password. In this paper, we propose a modified smart card based remote user password authentication scheme to overcome the aforementioned weaknesses. The analysis shows that our proposed scheme is user friendly and more secure than other related schemes.

Ahmed Yaser Fahad Alsahlani,Songfeng Lu

2016-01-01

Abstract:Authentication using smart card is a mechanism to verify the legitimacy of the user over insecure communication. Recently, Chen et al. figured out some weaknesses in previously published schemes, they proposed a robust smart card based remote user password authentication scheme. They claimed that, their scheme is efficient and can ensure the session key forward secrecy. We analyzed their scheme, we found that, it cannot detect incorrect password within login phase. Furthermore, the user required to communicate with the server to change or update his/her password. Besides, it cannot securely forward the secrecy. In this paper, we propose a scheme to overcome the aforesaid weaknesses and produce an enhanced authentication scheme based remote user password using smart card. We use a TRPT (Temporary Registration Password Technique) within registration phase to secure user's password. Our proposed scheme can resist various malicious attacks, achieve mutual authentication, user can choose and change his/her password freely without need to communicates with the server, securely forward secrecy, and the login password never been exposed or transferred over channel. We show that, our proposed scheme achieved the goal, and it is more legible to practical use compared to the other related schemes.

Marimuthu Karuppiah,Ashok Kumar Das,Xiong Li,Saru Kumari,Fan Wu,Shehzad Ashraf Chaudhry,R. Niranchana

DOI: https://doi.org/10.1007/s11036-018-1061-8

2018-01-01

Abstract:Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

Debiao He,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1002/sec.506

2011-01-01

Abstract:The session initiation protocol (SIP) is a powerful signaling protocol that controls communication on the Internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of mobile and ubiquitous computing. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Very recently, Arshad et al. demonstrated that Tsai's scheme was vulnerable to offline password guessing attack and stolen-verifier attack. They also pointed that Tsai's scheme did not provide known-key secrecy and perfect forward secrecy. In order to overcome the weaknesses, Arshad et al. also proposed an improved mutual authentication scheme based on elliptic curve discrete logarithm problem for SIP and claimed that their scheme can withstand various attacks. In this paper, we do a cryptanalysis of Arshad et al.'s scheme and show that Arshad et al.'s scheme is vulnerable to the password guessing attack.

Xiong Li,Junguo Liao,Saru Kumari,Wei Liang,Fan Wu,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s11277-015-2737-z

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently proposed dynamic ID authentication and key agreement scheme by Lin. We find Lin’s scheme is totally cannot be used in real applications because of the following weaknesses: it has some design drawbacks such as it does not have the wrong password detection mechanism and its password change phase is incorrect; the user can login to the server using any wrong identity or password because of the inherent defects in the design of the authentication message; at the same time, Lin’s scheme is vulnerable to the mobile device loss attack and denial of service attack. For security considerations, we propose some principles which should be followed in the design of the user authentication schemes. According to these design principles, we design a new dynamic ID-based user authentication scheme using mobile device. We formally analyze the security features of the proposed scheme using BAN logic, and give the provable security analysis in random oracle model. Besides, we also discuss our scheme can resist other well known attacks. The functionality and performance comparisons shown that the proposed scheme enhances the security features and keeps the efficiency at the same time.