Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Feng Xu,Xin Lv,Qi Zhou,Xuan Liu

DOI: https://doi.org/10.3837/tiis.2014.05.018

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:As a new type of wireless network, Ad hoc network does not depend on any pre-founded infrastructure, and it has no centralized control unit. The computation and transmission capability of each node are limited. In this paper, a self-updating one-time password mutual authentication protocol for Ad hoc network is proposed. The most significant feature is that a hash chain can update by itself smoothly and securely through capturing the secure bit of the tip. The updating process does not need any additional protocol or re-initialization process and can be continued indefinitely to give rise to an infinite length hash chain, that is, the times of authentication is unlimited without reconstructing a new hash chain. Besides, two random variable are added into the messages interacted during the mutual authentication, enabling the protocol to resist man-in-the-middle attack. Also, the user’s identity information is introduced into the seed of hash chain, so the scheme achieves anonymity and traceability at the same time.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

LI Bing,YUAN Jian,WANG Jian,WANG Yue

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.01.016

2009-01-01

Abstract:A digital signature scheme based on multi-dimensional Hash chains was developed to reduce the computations needed to secure routing of wireless ad-hoc networks to improve their feasibility.A ad-hoc wireless routing security protocol based on this scheme is also provided.The algorithm uses the modular exponentiation in the RSA(Rivest,Shamir,Adleman)scheme to construct multi-dimensional Hash chains to generate the digital signatures.The computations are reduced by using smaller exponents.The computations are reduced about 20% compared with the traditional RSA scheme when using a 1 024-bit key.The security capacity of this scheme still relies on the RSA algorithm and the Hash function.This scheme and protocol can enhance the routing security of ad-hoc wireless networks.

CHEN Shao-Wei,CHEN Rui,LING Li

2010-01-01

Abstract:Although RFID technology has been increasingly popular and commonly used,there are still a host of defects in security and privacy.This paper proposes a new improved authentication protocol based on the existing protocols and Hash algorithm,and to some extent,it solves the security and privacy problems. This protocal can prevent replay attack,statistical analysis,spoofing attack,privacy track,and is suitable for the distributed system.

Ke Xu,Xiaowei Ma,Chunyu Liu

DOI: https://doi.org/10.1109/icc.2008.292

2008-01-01

Abstract:Being one of the leading signaling protocols of VoIP applications, SIP protocol becomes popular in IP-based multimedia services, and securing SIP has become a priority. In this paper, we develop a novel authentication scheme which relies only on one way hash functions. In contrast to the computationally expensive asymmetric RSA signature scheme, our scheme is efficient in signing and verifying procedures. And hash tree is exploited to store and verify key information. Our scheme can be used in SIP entities which have less computation power and limited memory.

HM Sun,BC Chen,HT Yeh

DOI: https://doi.org/10.1016/j.jcss.2003.10.003

IF: 1.043

2004-01-01

Journal of Computer and System Sciences

Abstract:To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp we can neither trust signed documents when the signer's signature key, was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that he has accidentally lost his signature key. Based on relative temporal authentication, several linking schemes for digital time-stamping have been proposed to solve this problem. However, these schemes suffer from the forward forgery which is an attempt to stamp a present time-stamp on a past document by an unauthorized one. In addition, the verification cost in these schemes is too high because it is dependent upon the number of the issued time-stamps. In this paper, we propose four time-stamped signature schemes that are based on absolute temporal authentication. These proposed schemes are very efficient in verifying the validity of time-stamped signatures and are quite secure against the forward forgery. It is natural that the time-stamped signature schemes based on absolute temporal authentication suffer from the weakness when the signer colludes with the Time-Stamping Service. To combat the collusion problem, time-stamped signature schemes with hybrid temporal authentication are therefore proposed.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Daojing He,Yi Gao,Sammy Chan,Chun Chen,Jiajun Bu

2010-01-01

Abstract:Designing a user authentication protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and sensor node has limited energy, processing and storage resources. Recently, several authentication schemes have been proposed. This short paper shows some security problems and design weaknesses in those schemes. Furthermore, an enhanced two-factor user authentication protocol is presented. The proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. Security and performance analyses demonstrate that compared to the well-known authentication schemes, our proposal is more secure and efficient.

Xiushu Jin,Kazumasa Omote

DOI: https://doi.org/10.1371/journal.pone.0310094

IF: 3.7

2024-09-13

PLoS ONE

Abstract:In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.

multidisciplinary sciences

Yue Li,Mingcheng Xu,Gaojian Xu

DOI: https://doi.org/10.1007/s11227-022-04558-5

2022-05-18

Abstract:Nowadays, most of the federation chain identity authentication adopts the certificate authentication of CA (Certification Authority) under PKI (Public Key Infrastructure) system, but the authentication of CA is one-way authentication, and users cannot evaluate the trustworthiness of CA, and its centralized structure is prone to the single point of failure, which will bring great security risks. To address this problem, we propose an efficient and reliable two-way authentication scheme to achieve membership authentication of the federated chain through elliptic curves and bilinear pairs. Membership authentication is performed directly by the federated chain supervisor through smart contracts, and then key negotiation is conducted among members, and the shared key determined after key negotiation generates a hash digest through a hash function as the unique transaction address of the federated chain members. This scheme can effectively solve the problems of CA one-way authentication and the easy failure of centralized CA. Through experimental and theoretical analysis, the scheme is able to resist multiple attacks and performs better in terms of overhead compared with the same type of protocol. We also design a scheme using Lagrangian interpolation to cope with the necessary key recovery and key update.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Li Heng,Gao Fei,Xue Yanming,Feng Shuo

DOI: https://doi.org/10.1007/978-3-642-14350-2_22

2014-01-01

Abstract: The introduction of authentication protocols for RFID system provides the security to it, authentication protocol based on hash function is one of the most commonly used authentication protocol, which the hash function they used is a unilateral function, with a relatively high security, and it is easy to implement in the tag of RFID, so it has a wider application in RFID system. As the hash function, the characteristics of its own will have hash table conflicts, and thus would have resulted in security vulnerabilities, aim at the hash table conflict, this paper proposes a specific solution, and simulate the improved authentication protocol.

Song, Lijun

DOI: https://doi.org/10.1007/s10586-024-04371-0

2024-03-31

Cluster Computing

Abstract:Identity authentication is the key technology to confirm and authorize the legal identity of users, and it plays an important role in the field of information security. However, the current user authentication attributes are usually pre-specified by the server, which has the problem of lack of flexibility. Therefore, a multi-factor authentication scheme based on custom attributes is proposed in this paper. The user creates the authentication policy tree according to the personal identity attribute factor, and constructs the authentication policy set. In order to authenticate quickly, a multi-level cryptographic accumulator is designed. The Level-One cryptographic accumulator is used to accumulate the unique identity of the user, and the Level-Two cryptographic accumulator is used to accumulate the authentication policy set of the user. Based on the untamperable property of the blockchain and combined with the Schnorr digital signature protocol, register the accumulated value and evidence of the multi-level cryptographic accumulator to the blockchain. The user's identity is authenticated by verifying the accumulated value and evidence on the blockchain. In order to verify the performance of the scheme, the throughput and average time delay of registration and authentication methods are tested and analyzed in detail. The results show that by integrating authentication policy tree, multi-level cryptographic accumulator and blockchain network, this scheme can not only achieve multi-factor authentication with custom attributes, but also maintain good performance. It has made a useful contribution to the field of multi-factor identity authentication based on custom attributes.

computer science, information systems, theory & methods

Ping Wang,Zijian Zhang,Ding Wang

DOI: https://doi.org/10.1007/978-3-030-01950-1_50

2018-01-01

Abstract:Revealing the security flaws of existing cryptographic protocols is the key to understanding how to achieve better security. At ICICS’17, Xu et al. proposed an efficient two-factor authentication scheme for multi-server environment to cope with the vulnerabilities in Amin et al.’s scheme. However, in this paper, we reveal that Xu’s new scheme actually is as vulnerable as Amin et al.’s scheme: anyone can impersonate any legitimate user. At FC’17, Wu et al. also developed an improvement over Irshad et al.’s scheme and this improved scheme is alleged to be practical and have a number of appealing merits. Yet, Wu et al.’s scheme still fails to achieve truly two-factor security (which is the most important goal of a two-factor scheme), and the leakage of a session-specific parameter will lead to the leakage of the user’s long-term secret key.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1109/tdsc.2016.2605087

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory—either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating “honeywords”, traditionally the purview of system security, with a “fuzzy-verifier”, our scheme hits “two birds”: it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.

Huifang Chen,Linlin Ge,Lei Xie

DOI: https://doi.org/10.3390/s150717057

IF: 3.9

2015-01-01

Sensors

Abstract:The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

Zhen Qin,Chen Yuan,Yilei Wang,Hu Xiong

DOI: https://doi.org/10.1016/j.ipl.2016.02.003

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:ID-based signature enables users to verify signatures using only public identifier. Very recently, Rossi and Schmid (2015) [9] proposed two identity-based signature schemes along with the application to group communications. Unfortunately, by proposing concrete attack, we demonstrate that the former scheme is insecure against forgery attack, while the latter scheme has been totally broken in the sense that the signing key can be recovered from the valid signature easily.